Version 2.4.1 of the legacy Akismet plugin is now available. The 2.4 branch of Akismet is for old versions of WordPress only, WP 2.9 and earlier.
This is a security update. 2.4.1 fixes a XSS vulnerability.
Anyone still using an old version of WordPress should update to Akismet 2.4.1:
Users of WordPress 3.0 and higher can ignore this release. Akismet 2.5.6 is the current plugin version for WordPress 3.x.
We’d like to remind all users of old versions of WordPress that the latest stable version includes many security updates and improvements to WordPress itself.
This is the first in an irregular series of tips for developers interacting with the Akismet API. Akismet is very heavily dependent on the quality of the data included in API calls. Whether you’re developing a custom implementation, or maintaining an Akismet extension for a CMS or forum application, we’d like to help you get the best results possible. Our API docs outline the basics. This series will expand on that with some simple suggestions for developers.
Our first recommendation:
Use an appropriate comment_type value.
Akismet works with almost any kind of user-submitted web content: blog comments, forum posts, blog posts, contact forms and so on. The characteristics of spam tend to vary across those type – comment spam is quite different from forum spam. So it’s important to give us some context by telling us what type of messages you’re asking Akismet to check. That’s what the comment_type value is for.
The API will accept an arbitrary string. It’s best if you use a meaningful symbolic name. We recommend the following values for common types of web-based content, which are mostly self-explanatory:
- For blog comment forms.
- Pingbacks and trackbacks respectively.
- Forum posts and replies.
- Blog posts.
- Contact forms, inquiry forms and the like.
- Account signup, registration or activation.
- Twitter messages
That’s not an exhaustive list. If you need to check messages that don’t fit one of those categories, it’s best to use a different comment_type value. It’s especially important not to default to
comment for messages that are fundamentally different from blog comments – if you do that, you can expect to see mixed results. It’s better to be too specific than too ambiguous.
There’s no need to check with us first before using a different comment_type value – use your judgement and identify your messages as best you can. To help make sure we’re interpreting your types correctly, please drop us a line – we’d love to hear from you.
Akismet passed another milestone: we caught our 50 billionth piece of spam yesterday. TechCrunch has the details:
In April, Akismet blocked 1.8 billion spam messages, or 60 million pieces of spam per day, 2.5 million per hour, or 700 per second.
Whoa, that’s a lot of spam.
Akismet, those with long memories will recall, was the first product Automattic ever launched, arriving on October 25th, 2005 – a month before WordPress.com. WordPress sites now attract over 600 million unique visitors each month, according to Quantcast, and WordPress powers 1 in 2 blogs today (including yours truly). 50,000 to 100,000 new blogs launch on WordPress daily, giving spammers a seemingly never-ending network to target.
Of course Akismet runs on many more platforms than just WordPress, and is the standard anti-spam tool used by many of the most popular forum and CMS applications. Those 700 spams per second include not just comments, but forum and blog posts, pingbacks, trackbacks, tweets and more. (Ironically it doesn’t include the FaceBook comments you’ll see on that TechCrunch post; Facebook has its own proprietary anti-spam system).
About 92% of all the items checked by Akismet are spam. That varies considerably depending on the content type: less than half of the forum posts we check are spam, but more than 99.5% of all trackbacks are spam.
There were two separate problems affecting availability of the Akismet API today.
The first was a network configuration problem that caused some servers to be unresponsive. Some users may have noticed problems during a 15 minute window starting around 12.30pm PST.
The second was caused by some spurious code that was inadvertently deployed to our production servers. The majority of API calls resulted in an invalid response for a 30 minute period starting around 11.00pm PST.
We apologize for the inconvenience. We’re investigating both incidents closely and putting new measures in place to prevent similar incidents from happening again.
Every month, over nine million websites use Akismet to stop spam.
The vast majority of those nine million sites are personal sites that get to use Akismet for free. But for the rest, we ask companies and people that make significant income from their sites to pay for Akismet. Many of these company sites and blogs are built by third-party developers or designers.
We want to help developers to encourage their customers to reduce spam. So we’re launching a Partner Program that rewards developers when their clients sign up for an Akismet subscription.
The Partner Program is currently by application only: if you’re interested you’ll find more information and an application form at akismet.com/partners.
The biggest gathering of WordPress users and developers takes place each year at WordCamp San Francisco. At this year’s three-day event, I gave a short presentation on the history of spam. Here’s the video: