Legacy plugin 2.4.1 is now available

Version 2.4.1 of the legacy Akismet plugin is now available. The 2.4 branch of Akismet is for old versions of WordPress only, WP 2.9 and earlier.

This is a security update. 2.4.1 fixes a XSS vulnerability.

Anyone still using an old version of WordPress should update to Akismet 2.4.1:

akismet-2.4.1.zip (svn)

Users of WordPress 3.0 and higher can ignore this release. Akismet 2.5.6 is the current plugin version for WordPress 3.x.

We’d like to remind all users of old versions of WordPress that the latest stable version includes many security updates and improvements to WordPress itself.

Pro Tip: tell us your comment_type

This is the first in an irregular series of tips for developers interacting with the Akismet API. Akismet is very heavily dependent on the quality of the data included in API calls. Whether you’re developing a custom implementation, or maintaining an Akismet extension for a CMS or forum application, we’d like to help you get the best results possible. Our API docs outline the basics. This series will expand on that with some simple suggestions for developers.

Our first recommendation:

Use an appropriate comment_type value.

Akismet works with almost any kind of user-submitted web content: blog comments, forum posts, blog posts, contact forms and so on. The characteristics of spam tend to vary across those type – comment spam is quite different from forum spam. So it’s important to give us some context by telling us what type of messages you’re asking Akismet to check. That’s what the comment_type value is for.

The API will accept an arbitrary string. It’s best if you use a meaningful symbolic name. We recommend the following values for common types of web-based content, which are mostly self-explanatory:

For blog comment forms.
Pingbacks and trackbacks respectively.
Forum posts and replies.
Blog posts.
Contact forms, inquiry forms and the like.
Account signup, registration or activation.
Twitter messages

That’s not an exhaustive list. If you need to check messages that don’t fit one of those categories, it’s best to use a different comment_type value. It’s especially important not to default to comment for messages that are fundamentally different from blog comments – if you do that, you can expect to see mixed results. It’s better to be too specific than too ambiguous.

There’s no need to check with us first before using a different comment_type value – use your judgement and identify your messages as best you can. To help make sure we’re interpreting your types correctly, please drop us a line – we’d love to hear from you.

50 Billion Little Pieces

Akismet passed another milestone: we caught our 50 billionth piece of spam yesterday. TechCrunch has the details:

In April, Akismet blocked 1.8 billion spam messages, or 60 million pieces of spam per day, 2.5 million per hour, or 700 per second.

Whoa, that’s a lot of spam.

Akismet, those with long memories will recall, was the first product Automattic ever launched, arriving on October 25th, 2005 – a month before WordPress.com. WordPress sites now attract over 600 million unique visitors each month, according to Quantcast, and WordPress powers 1 in 2 blogs today (including yours truly). 50,000 to 100,000 new blogs launch on WordPress daily, giving spammers a seemingly never-ending network to target.

Of course Akismet runs on many more platforms than just WordPress, and is the standard anti-spam tool used by many of the most popular forum and CMS applications. Those 700 spams per second include not just comments, but forum and blog posts, pingbacks, trackbacks, tweets and more. (Ironically it doesn’t include the FaceBook comments you’ll see on that TechCrunch post; Facebook has its own proprietary anti-spam system).

About 92% of all the items checked by Akismet are spam. That varies considerably depending on the content type: less than half of the forum posts we check are spam, but more than 99.5% of all trackbacks are spam.

Akismet WordPress plugin 2.5.6

Version 2.5.6 of the Akismet plugin for WordPress is now available. This is a maintenance release that includes several bugfixes and improvements to performance and robustness:

  • Prevent retry scheduling problems on sites where wp_cron is misbehaving
  • Preload mshot previews
  • Modernize the widget code
  • Fix a bug where comments were not held for moderation during an error condition
  • Improve the UX and display when comments are temporarily held due to an error
  • Make the Check For Spam button force a retry when comments are held due to an error
  • Handle errors caused by an invalid key
  • Don’t retry comments that are too old
  • Improve error messages when verifying an API key

To upgrade, visit the Plugins tab of your wp-admin dashboard and follow the instructions. This version of the Akismet plugin requires WordPress 3.0 or higher. If you haven’t already upgraded an old copy of WordPress, now is a good time: the new plugin release will provide significantly more accurate results than the legacy plugin available for WordPress 2.x.

If you haven’t yet activated Akismet, you can sign up for an API key here. Personal blogs and sites can choose how much to pay, starting at $0.

Akismet WordPress plugin 2.5.4

Version 2.5.4 of the Akismet plugin for WordPress has been released. This is a maintenance release with minor fixes and improvements:

* Less Javascript and CSS is loaded in wp-admin
* Added link previews and a link removal button to comment moderation pages
* The Akismet configuration and stats pages are now under the Jetpack menu when Jetpack is installed.
* Old Akismet comment metadata is removed to save space

Read the changelog for full details.

Like all 2.5+ releases, this plugin requires WordPress 3.0 or higher. To upgrade, visit the Plugins tab of your wp-admin dashboard and follow the instructions.

Partial API outages

There were two separate problems affecting availability of the Akismet API today.

The first was a network configuration problem that caused some servers to be unresponsive. Some users may have noticed problems during a 15 minute window starting around 12.30pm PST.

The second was caused by some spurious code that was inadvertently deployed to our production servers. The majority of API calls resulted in an invalid response for a 30 minute period starting around 11.00pm PST.

We apologize for the inconvenience. We’re investigating both incidents closely and putting new measures in place to prevent similar incidents from happening again.

Akismet Partner Program: Help Reduce Spam and Get Rewarded

Every month, over nine million websites use Akismet to stop spam.

The vast majority of those nine million sites are personal sites that get to use Akismet for free. But for the rest, we ask companies and people that make significant income from their sites to pay for Akismet. Many of these company sites and blogs are built by third-party developers or designers.

We want to help developers to encourage their customers to reduce spam. So we’re launching a Partner Program that rewards developers when their clients sign up for an Akismet subscription.

The Partner Program is currently by application only:  if you’re interested you’ll find more information and an application form at akismet.com/partners.

Vikings, Viagra, and Versace: A Brief History of Spam

The biggest gathering of WordPress users and developers takes place each year at WordCamp San Francisco. At this year’s three-day event, I gave a short presentation on the history of spam. Here’s the video: