Simple Trackback Validation Plugin for WordPress 2.x performs simple but very effective tests on all incoming trackbacks in order to stop trackback spam.
When a trackback is received, this plugin
- checks if the IP address of the trackback sender is equal to the IP address of the webserver the trackback URL is referring to.
This reveals almost every spam trackback (more than 99%) since spammers do usually use bots which are not running on the machine of their customers.
- retrieves the web page located at the URL included in the trackback. If the page doesn’t a link to your blog, the trackback is considered to be spam. Since most trackback spammers do not set up custom web pages linking to the blogs they attack, this simple test will quickly reveal illegitimate trackbacks. Also, bloggers can be stopped abusing trackback by sending trackbacks with their blog software or webservices without having a link to the post.
There are several options available and you also can enable logging to get all actions, which are performed by the plugin, logged. Also, you can select how to treat spam trackbacks (do not save in the database or mark as spam or place into moderation) and several other stuff.
Installation and Usage
This plugin can be installed in 4 easy steps:
- Download the plugin (see “Downloads” above).
- Decompress the .zip archive and put the files into your plugins directory (/wp-content/plugins/) or into a sub directory of the plugins directory.
- Enable the plugin in the WordPress Plugins admin page.
- Go to «WordPress Administration > Options > Simple TB Validation», adjust the options and save.
Rice University’s Trackback Validator Plugin
I got the idea for this plugin from the Trackback Validator Plugin of the Rice University. However, I dislike several things of their plugin:
- They use an outdated version of the php class Snoopy. For example on 24th October 2005 a bug fix and security release of Snoopy was released and Rice University released a bugfix on 21st May 2006, but they have not updated the Snoopy class in their download package. So Rice University is definitively not inspiring confidence. Also it seems that they do not even have noticed that WordPress does already include the Snoopy class, available at wp-includes/class-snoopy.php. I am using the WordPress snoopy class in my plugin.
- Trackbacks that appear to be spam are flagged as spam, however when using the standard WordPress installation there is no way to moderate these trackbacks, an additional plugin is necessary for moderation, e.g. Akismet. When using my Simple Trackback Validation Plugin, trackbacks that haven’t passed the validation are placed into the comment moderation queue and can be approved or deleted easily.
- By default, the option “Submit data to the Computer Security Lab at Rice University for research” is activated, but they inform the user neither in the options nor on their website that this causes that every trackback is being stored in a separate MySQL table which blows up the database and has negative effects regarding performance.
Also, they don’t validate the IP addresses which reveals more than 99% of all spam trackbacks.
Other Plugins for Spam Protection
I recommend to use the following 3 plugins for protecting your weblog from spam:
- Math Comment Spam Protection: Asks the visitor making the comment to answer a simple math question. This is intended to prove that the visitor is a human being and not a spam robot. This stops many, many spam attacks by spam bots and has positive effects regarding your blog performance since no read or write access to MySQL is necessary like it is when using some other anti-spam plugins.
- Simple Trackback Validation Plugin (this plugin)
- Akismet: additional protection in case of attacks by human spammers or trackback spammers that use the permalink on the web page located at the trackback’s URL.
Version History and Changelog
- 2.1 [2007-08-03]:
Bug fix: Replaced “<?” with “<?php” in line 361
- 2.0 [2007-06-16]:
New feature: It is checked if the IP address of the trackback sender is equal to the IP address of the webserver the trackback URL is referring to.
New feature: Trackback log (each trackback can be logged under the plugin’s options)
New feature: Improvement of handling Snoopy errors incl. new option for this.
New feature: Improved plugin options.
New feature: Improved performance: plugin is now applied prior to any other processing, when saving a new comment in the database.
Bug fix: E-mails are no longer being sent if a trackback is considered to be spam.
- 1.2 [2006-11-26]:
New feature: A third option regarding how to deal with trackback spam is available: you can let trackback spams delete immediately.
Bug fix: Now a WP function is being used for changing trackback status, this solve a comment count issue.
- 1.1 [2006-11-05]:
New feature: Now you can select in the options how to deal with spam trackbacks: place into comment moderation queue or mark as spam.
- 1.0 [2006-11-04]:
Do you like my work? Any donation would be highly appreciated.
How to Report a Bug: Before you report a bug, please make sure you have double-checked that you have followed the above installation instructions correctly.
Please send me your bug report by e-mail.
Bug reports are highly appreciated and will help for the continuous improvement of this plugin, however I can’t promise to get back to you in time regarding your reported bug.