The Akismet plugin version 2.6.0 for WordPress is now available.
It includes some incremental bugfixes since 2.5.9, plus some security and anti-spam improvements to how pingbacks work. Key changes since the last release:
- Fix bug in link to spam comments from right now dashboard widget.
- Fix bug with deleting old comments to avoid timeouts dealing with large volumes of comments.
- Include X-Pingback-Forwarded-For header in outbound WordPress pingback verifications.
- Add a pre-check for pingbacks, to stop spam before an outbound verification request is made.
There was a news cycle a few days ago about “WordPress pingbacks being used to DDOS sites” which had a lot of misinformation and hyperbole, but there were two valid issues which the last two bullet points address: anti-spam checks were done after a pingback was verified, and WP didn’t pass on who made the request that caused it to verify a pingback (effectively cloaking the true source). This update to Akismet addresses both, and we think a similar approach may be appropriate for core in a future release.
To update, just visit the Updates tab of your WordPress dashboard.