Akismet plugin 2.5.1 for WordPress

Version 2.5.1 of the Akismet plugin for WordPress is now available. Check the Plugins tab of your wp-admin dashboard and follow the instructions to auto-update.

This version of the plugin requires WordPress 3.0 or higher. It fixes several minor issues in the 2.5.0 release, including:

  • Fixes a problem with the Auto-Delete Spam option that prevented spam from being deleted
  • The status badge is now displayed only when needed, and is less obtrusive
  • Fixes a rare bug that could cause the retry queue to get stuck
  • Several minor fixes to the deletion and retry cron jobs
  • i18n improvements

If you missed our announcement about the new features in Akismet 2.5, you can find it here.

If you don’t use the WordPress auto update feature, you can manually download the zip package from the Akismet plugin page on WordPress.org.

Akismet 2.5 for WordPress Released – Film at 11

Version 2.5.0 of the Akismet plugin for WordPress 3 is now available. Check the Plugins tab of your wp-admin dashboard for instructions on how to update automatically, or visit the plugin page for details.

This version requires WordPress 3.0 or higher.

This is the first Akismet release in a long time that includes visible new features (in addition to the usual behind-the-scenes magic of course). You can see them here in our short video:

Major changes since Akismet 2.4 include:

  • A comment status history, so you can easily see which comments were caught or cleared by Akismet, and which were spammed or unspammed by a moderator
  • Links are highlighted in the comment body, to reveal hidden or misleading links
  • If your web host is unable to reach Akismet’s servers, the plugin will automatically retry
  • Moderators can see the number of approved comments for each user
  • Spam and Unspam reports now include more information, to help improve accuracy

For those of you already using Akismet on your WordPress 3.0 blog, upgrading is quick and easy thanks to the plugin updater. If you haven’t yet tried Akismet, visit the Plugins tab to enable it, and get your API key here – it’s free for personal use.

If you’re still using WordPress 2.9 or earlier, please stick with Akismet 2.4, our legacy branch for old WordPress versions. Or upgrade to the soon-to-be-released WordPress 3.1, which has Akismet 2.5 built in.

20 Billion Served

Today Akismet caught its 20 billionth spam.

That’s an average of around 10 million per day over the 5 years since Akismet first launched. Currently we deal with 30 million spam comments on a typical day, or about 350 per second.

To put that in perspective: if Akismet users had to spend one second manually deleting each of those comments, it would have taken over 600 years to moderate them all. (And each new day’s flood of spam would add another year to the queue).

How much time has Akismet saved you? :)

Lose your Akismet API key?

The old way of recovering your Akismet API key was confusing.  So, we decided to redesign this feature and give it it’s own URL.

If you lose your Akismet API key, you can now go to: http://akismet.com/resend/

Our new designer

Hey there.  My name is Dave Martin.  I just joined the Akismet team at Automattic.  I thought it might be fun to introduce myself and talk about how I landed a job at Automattic.

I just moved back to the U.S. from Sydney, Australia.  I was there for 2 years while working as the UI designer for Campaign Monitor.  I learned a lot while at Campaign Monitor.  A couple of the biggest takeaways were:

  1. Data driven design can be super valuable.
  2. Obsessing over every detail will pay off in the end.
  3. The importance of providing great support.
  4. How rewarding it is to work for a company that cares about their products (more than just making money).

When I started looking at companies in the U.S.,  I was worried that I’d never find another company like Campaign Monitor.  Basically, I wanted to work for a cool company that was passionate about their work.  I wanted to work with smart people.  I also wanted to work from home if at all possible (I’m a sucker for 3:00PM naps).

After looking at a bunch of companies, I stumbled across a “designer” job listing at Automattic.  I knew that there would probably be hundreds of applicants, so I decided to keep my application short.  I wrote 3 lines introducing myself, gave 8 examples of my work, and sent it off.

Within a couple of days I had two interviews over Skype (which was great, because I was still in Sydney).  I was then given a test project to redesign the Akismet marketing site.  Since I was still working full-time, I was only able to work on the redesign for an hour or two each night.  The hiring process and test project lasted about a month and a half before they made me an offer.

Now that I’m working with Akismet full-time, my focus will be to improve the user experience of the Akismet plugin and WordPress comments in general.  I’ll also be working hard to simplify the sign up process on the Akismet marketing site.

Please let me know if you have any suggestions/feedback about Akismet.  I’d love to hear your thoughts.

New Akismet.com site design

Akismet was the very first commercial service released by Automattic. 5 years later, Akismet.com was still running with exactly the same design it’s had since day 1.

That it still looked good was a testament to the strength of understated design. Still, we thought it was about time to freshen things up with a brand new design – and a new signup process to go with it.

We hope you like it.  As always, we’d love to hear your thoughts.

Defending your social network from spammers

If you’re planning to launch a social network or online publishing service, it’s important that you have a plan in place for dealing with spam. At some point the bad guys will find a way to take advantage of your hospitality, and you need to be ready to deal with them before they take over.

I’ve written about this before, but it bears repeating. If you’re launching a web site that allows users to publish content, you will very quickly be invaded by spammers. There are two basic types of spam that you need to be aware of:

1. Direct spam. Spammers will try to use your service to communicate directly with your users. They’ll send large volumes of comments, forum replies, direct messages, friend requests, contact forms, and generally abuse whatever messaging services are available.

This kind of spam is relatively easy to detect, because it involves making large volumes of form posts or api calls. You can catch it by monitoring for unusual patterns or volumes of submissions (and indeed Akismet can do this for you – ask us how). Contrast this with the second type, which is:

2. Parasite hosting. Spammers will use your service as an unwitting web host for their advertisements. They’ll create a handful of blog posts, forum threads, user profiles or wiki pages with images or links to their network of spam web sites. Spammers call these “buffer pages” or buffer sites. Importantly, they won’t spam your users with links to those buffer pages. They’ll be very careful not to do anything to draw your attention to them – often they’ll do their best to disguise them as harmless content. Instead, they’ll go elsewhere and send direct spam to the users of other services with links to the buffer pages on your site.

In other words, users on (say) Facebook and Twitter will be bombarded with spam messages containing links to pages on your web site. (Conversely, users on your site will be bombarded with spam containing links to buffer pages hosted elsewhere).

At Akismet we’re all too aware that few social sites are prepared for handling both types of spam. In fact some almost seem to go out of their way to make it difficult to report spam. Since Akismet monitors spam on millions of web sites, we’re able to detect both direct spam and parasite hosting. Sadly, even when we go out of our way to try to alert webmasters to spammers abusing their services as parasite hosts for porn and malware, many fail to respond.

Which brings me to the single best piece of advice I can give anyone who is planning on launching (or already runs) a social network or interactive web site:

Make sure you publish a working email address for abuse reports!

Don’t rely on a web contact form (when they break, failures often go un-noticed). Don’t rely on a flagging system that’s available only to your users (reports about parasite spam won’t come from your users). Don’t use a special form or button that only supports reporting a certain type of content or a single page at a time (spammers will hide in places you don’t expect them, and an important spam report might include hundreds or thousands of URLs). Use a good old-fashioned email address – abuse@yourdomain is best – and above all, make sure it’s monitored by people who are in a position to act quickly.

If you do run a social network, and you do have an email address for abuse reports (kudos!) then feel free to contact Akismet and tell us your address. If we do discover spammers hiding on your network we may be able to alert you, and of course we’re happy to provide advice for fighting the bad guys.

Akismet plugin 2.4 for WordPress

Version 2.4 of the Akismet plugin for WordPress is available now. This is a maintenance release that fixes some bugs, and includes some preparation for new features in a forthcoming version.

Major changes include:

* Akismet now uses the trash bin when deleting old comments (WP 2.9+ only)

* Legacy code needed for WordPress versions earlier than 2.7 has been moved to a separate file, legacy.php

* Several minor deprecation and compatibility issues in some versions of WordPress have been fixed

* Various bug fixes described in detail here.

This version retains backwards compatibility with old versions of WordPress, but it is the last major release that will do so. The next release of the Akismet plugin will require WordPress 3.0. We’ll continue to maintain the 2.4 branch of Akismet with security updates for users who are unable to upgrade from old WordPress versions.