Category: Case Study

Gather round the camp fire kids, I have a scary tale to tell.  It’s a story from a sci-fi nightmare of crazed bots running amok in the blogosphere.  I call the story “When Comment Spam Bots Kill” .. da-da dahhhhh!

I was working with a client recently who’s WordPress blog was killed by comment spam.  I thought I would write it up and give you some tips to stop this happening to other blogs.

The Problem

My clients database was stuffed full of comments, when I looked at the issue there were more than 140K comments in the moderation queue.  This was exacerbated by a plugin called BAStats which was creating log entries for all activity, this table had over 1 million entries.

The blog was running on a standard hosting installation the database was just too big and cumbersome.  As as result whenever anyone tried to access the front end, they were timed out, a database connection could not be made, and if anyone tried to access the backend dashboard the same happened, the blog was unreadable from the fron end and unmanageable from the back end, a pretty pickle to be in.

A review of the comments from the backend database showed them to be comment spam, someone was running a comment spam bot to inject huge numbers of spammy links into the system.

phpMyAdmin

I am going to talk about phpMyAdmin and modifying backend database a lot in this post, so I thought a quick note on phpMyAdmin was in order.

phpMyAdmin is a MYSQL admin tool which allows you to perform functions on your database.  You will probably find this on your hosting control panel.

This is a GUI tool which allows you to tweak your database, it is not for the faint hearted, you can do real damage if you don’t know what you are doing, you have been warned!

The Solution

I disabled the BAstats plugin by renaming all of the php files , I could not do this from the back end because I could not log in.  Using my ftp client I navigated to the plugin directory and manually renamed the php files so they were not called.   This stopped the stats package from working and reduced load on the database a little giving me some breathing space.

The next step is a little radical, but it was all I could do, and that was to delete all comments in the moderation queue.  First I made a backup of the table wp_{prefix}_comments, then ran the following SQL command from within phpMyAdmin.

delete from wp_{prefix}_comments where comment_approved=0

This is a radical approach which will delete all comments held in the moderation queue regardless of whether they are spam or ham (good comments).  My client felt is best to start a-fresh with no comments held for moderation.  The query removed all of the comments held for moderation.

As a final step I also disabled comments on the blog temporarily to prevent further comment injection.

Preventative Measures

That fixed the problem, the front and back end were now accessible, but I felt preventative measures were in order to stop the issue re-occuring.  I delved into the backend.

The route cause of the problem was that spam capture was disabled.  Akismet was not automatically deleting and spamming comments.  I re-enabled this and ran the “check for spam” routine, another couple of hundred approved comments were spammed.

Do you remember I said that I disabled commenting, spam comments were still coming in!  My client was running an old version of WP and I suspected that a spam bot script was pushing comments into a WordPress vulnerability or plugin loophole, my recommendation to my client was to upgrade to the latest stable version of WordPress and to download and reapply the plugins they used only from legitimate sources, in the hope of sealing teh vulnerability.  This is in progress.

Your Reputation Is In Danger

There is a long term danger if you do not moderate your comments well, and that is loss of reputation through your page rank.  Your site will be demoted and traffic may dry up.

A real life analogy is if you start hanging with the dangerous kids at school smoking, taking drugs and bullying kids, you will be marked as one of these type pf people.  The same goes if you give out a link to a dodgy site, you are seen as giving them an endorsement and your site is marked down.

Wrapping Up

Moderate brutally, keep your comment spam plugins in place, tighten up your moderation policy and give my posts on comment spam a read: What is Comment Spam and How To Control Your WordPress Comment Spam

A client of mine wanted to add a forum to her blog so that her readers could create a community they could interact inside of, but away from the comment section of her site.

She wanted the discussion to be moved away from her comments so she had no moderation overhead and people could discuss to their hearts content without it mixing and being confused with her blog content.

What Are the Options

To my mind there are three options, you can have a completely separate forum from the blog, one which plugs into the same users database and closely integrates into WordPress or lastly you can get a forum plugin which works inside of your blog so administration is in one place.

In this post I want to discuss the pros and cons of the three types of forum solution for integration with WordPress.

The Distinct and Un-Integrated Forum

There are a large number of free open source forum solutions, forgive me (or leave a comment) if I miss your favourite off the list, but here are a few I have used.

• Vbulletin
• phpBB
• Phorum

Pros

These are well used and supported forum solutions with a wide range of plugins and themes  to extend your solution to give you exactly what you want. They will have powerful management functions, monetisation and membership plugins.

Cons

Not integrated (easily) with WordPress so you will need to keep two separate databases on-line and your users will not have a single sign-on solution.  In other words you will need to manage two distinct websites, your blog and your forum.

The Closely Integrated Forum

When I talk of a closely integrated forum solution, I am,of course talking about one solution BBPress, the forum developed by the same team which brought us WordPress.

It can work as a stand alone solution or it can use the same user DB and login cookies that WordPress uses.  To ungeek this, that means you use one set of user tables and if they login to WordPress they are logged into BBPress.  A very neat solution/

Pros

A single singon tightly integrated forum which makes for simpler user management.  Here is a screencast on integrating WordPress and BBPress

Cons

A smaller user base than the other big forum solutions so there is not as many plugins out there, but I suspect this will grow in time as it is embraced by the wider WordPress community.  I also suspect that integration will be made much easer in later editions of BBPress.

The Forum Plugin

I don’t know how many times I have said it, but where there is a WordPress problem, there is a plugin, forums are not overlooked by our stout community of plugin developers.

I have used the following forum plugin, let me know of others in the comments section below.

http://wordpress.org/extend/plugins/wpforum>>

Pros

The forum becomes another function of your blog, and is administered from a user interface you are already very familiar with.

Cons

Limited extension, you only get the functionality of the plugin, no 3rd party plugins or themes  I’m afraid.

The Final Solution

In the end, my client went with BBPress, this was because she wanted a distinct forum rather than a page of her blog with a forum inside of it.

So if you are looking to create a more interactive community on your blog over and above the comment section why not check out one of these three options.

Just a quick posts to talk about a number of issues I have seen with slow wordpress performance after a 2.7 upgrade.

What I Have Seen?

When you access the front end of the blog, things run especially slowly.  On a number of blogs I have seen the theme load but no posts.

When you attept to connect to the backend i.e. wp-admin the problem is not re-created.

Theme Schmemes

The problems I am seeing are with themes which have not benn upgraded to make use of the new 2.7 functionality.

I assume that they are trying ot run a previous version function, and when this does not work, the system retries for a period before failing.

Testing For A Dodgy Theme

There is a very quick test to see if your theme is causing your issues. Simply change your theme to the wordpress default theme, and test your blog again. If performance improves the theme is the culprit.

If you are running a cache program disable is to ensure nothing is cached and the latest file are being served up.

What to Do?

Go back to the web designer who developed your theme and check to see if this is a know issue. It is quite probable that a 2.7 version of the theme has been released.

Download this latest version and upload it to your blog, fingers crossed the problem will be solved.

I was working with a client who wantedto redirect their blog from one domain to another, they has some issues with the process they used.

The Problem

At attempt to redirect the blog has been done byamending the site URL and the home page in the blog options within wordpress.

This redirected as expected, but it also prevented login to the site.  When they tried to login to blog/wp-admin, they were redirected to newblog/wp-admin.  This made the admin section of the blog unaccessible.

The Solution

It was down and dirty database edit time.  I gained access to the hosting account and using phpmysqladmin I was able to edit the tables and revert back to the original blog URL and home page.  I also noted that the .htaccess file had a redirect to the wrong directory, so I amended this also.

I installed the appropriate 301 redirection plugin and gave my client instructions on the best way to migrate domains.

If you want to redirect your blog I recommend leaving your old blog intact and using a 301 redirection plugin.  I detail this in my case study post  Migrating From One Domain to Another

I was approached by a client who was having problem with the wordpress password reset.

The Poblem

My cient was attempting to change his password from the normal password change screen under wp-admin.  When he attempted to reset his admin user password, a new password was sent, but the new password did not work.

As a side note, his ISP had reported that certain scripts on his blog were open for vulnerabilities.

My Solution

I suspected that the blog had been hacked and the password reset was sending to some nefarious web troll.

What I did was to white-hat hack the database, and using techniques I don’t want to document here, I was able to get a new MD5 encrypted password.  I then updated the database with that password so I was able to login with an admin level password.

The next stage of the fix was to restore the wordpress code base, I took a copy of wp-config.php, backed up all of the existing files before deletingthe blog root, wp-admin and wp-includes, next I refreshed the blogs code base with a mint copy 0f wordpress 2.7 and re-installed wp-config.php.

The Outcome

The blog was back online and in full working order.  My client was happy and I am now on his blogroll.

A client approached me asking to help him install a theme.

The Problem

The theme was failing with the following error when he attempted to upload the zip file.

Folder already exists.: Please Read This First – Double Here To Read ME.txt

I think my client was attempting the upload using the new theme upload function in wordpress 2.7.

My Solution

I have not used the upload theme function in wordpress 2.7, I am sooo 2.6 when is comes to themes so I planned to unpack the theme and FTP it to the wp-content directory and then activate the theme. This is where I found the problem.

The theme was packaged with several colour variations and three plugins to make it work.  In other words instead of a single theme, there were 6 or more themes plus several plugins all packaged together.

I assumed therefore that the theme upload function cannot handle multiple themes and plugins.  I uploaded the files manually using my ftp client, activcated the plugins and set one of hte themes as teh active one.

The client went away happy that his newly created blog was ready to tell the world and his friends about me.

I f you need some website design help, check out Willdfire marketing,

A client of mine wanted to migrate their blog from one domain fraudlent-clicks.com to ClickQualityConsultant.com.  They had received some negative feedback on the use of fraudulent in their domain name, and this legitimate click fraud blog wanted a better image.  They were fighting the click fraud problem not promoting it.

What Are the Issues?

The fraudulent-clicks domain was already well established had a page rank and a sizeable number of pages included in the search engine index. This organic traffic was to be retained and forwarded to the new doimain.

The Solution

The second blog was built, and I used the migration tool to take all of the old posts into the new blog.  I gave particular attention to the permalink structure in the new blog to ensure it was the same as the previous one.

Next I installed a redirection plugin to the old blog.  This allowed me to take pages form the old blog and using the 301 redirection method permanently redirect these pages to a new URL on the correct domain.

Using 301 redirects tells the search engine that a page has been moved permanently and to update their index during the next crawl of your page, in the mean time any traffic landing at your old site will be redirected to the new site.

Follow Up

A month later I gained access to my clients Google webmaster tools to check how the old domain was fairing.  There were a couple of 404 issues, but these were quickly amended.  My client reported no real drop in organic traffic after this job.