Tag Archives: wordpress plugin

Installed Google Friend Connect WordPress Plugin

Google just made the Google Friend Connect API available to developers. What made this interesting was that it would make it easier for site admins/developers to integrate Friend Connect into existing login systems. As a WordPress user, I was excited to see that there was a plugin for my blogging platform of choice. An added bonus was that I knew some of the people involved in the development of the plugin. :)

I wrote that first paragraph with the understanding that readers would know what Friend Connect was and what it was for. However, it is not that widely in use so I can’t expect people to know what it is.

Google Friend Connect provides a simple means of one-click user authentication using a pre-existing Google, Yahoo, AIM, or OpenID account. This means that a user doesn’t need to create a new account for every site that he comes across.

After installing the plugin to enable Friend Connect authentication on my blog, I tried out the Friend Connect sign-in process while I was logged out to see what it would look like to non-admin visitors. I had a few moments of panic after seeing that logging into the Friend Connect system also logged me into my blog. The scary part about that was that I saw a link that said Site Admin, which only I as admin should see. It turned out that I was only logged in as a Subscriber, and the Site Admin showed the dashboard, but only as much as subscribers can see. Basically, regular visitors were not getting admin access. It was a false alarm. I was able to confirm by checking the list of Users and saw my Friend Connect user identity was appropriately marked as Subscriber.

That’s the other cool thing about this plugin; it is able to add users to a website’s database. A couple of weeks ago, I was working on a Friend Connect login solution for Coppermine Photo Gallery but got stuck due to CPG needing database access to the application’s users. If I or any CPG developer can work with the GFC API, we could enable visitors to login with their Friend Connect credentials, and have those accounts create new users in the gallery’s user table in the database.

Feel free to try it out here by logging into Friend Connect to leave a comment. Of course, comments are still open to visitors who are not logged in, but when logged in, you won’t have to enter the usual blog comment form fields.

If you installed the plugin for your site and noticed that the blog looked different in places you did not want it to look different, it is due to some css definitions that the plugin has.  You will need to delete or comment out the unwanted css definitions in fc_plugin.php

Do Follow

I decided to join the Do Follow movement, which is… the opposite of the No Follow movement. The nofollow attribute was intended to discourage comment spammers by telling search engines not to trust links posted by visitors in blogs and forums. However, the spam problem has not gotten any better.

Despite the relentless efforts by spammers to pollute my blog, spam comments are not getting posted here. It is thanks to my triple threat spam fighting strategy. Since the bad links aren’t getting posted in my blog, and the good ones are, I might as well disable nofollow.

I do believe that Do Follow is not for everybody, though. I think it would be best to have nofollow implemented by default in applications that are vulnerable to comment spam. If people aren’t going to protect their sites from spam, they might not bother implementing nofollow manually and consequently not all of their user-contributed links should be trusted.

There are a lot of plugins to remove nofollow from links. I did some research for ones that would fit my needs. What I really wanted was to be able to have the option to add nofollow on a case by case basis for non-spam yet cr@ppy links. I found one that was even called that but it didn’t work… perhaps because it was tested through versions up to and including 2.2 and I’m using 2.3. I decided upon NoFollow Free because it almost does what I want. I can’t nofollow based on urls, but I can do it based on a couple of criteria.

I reserve the right to edit, delete or mark as spam any comments that are intended solely to get links from my blog, and basically abuse my trust, and consequently the trust of my visitors.

I don’t know if people request to be on those do follow sites lists, but I would appreciate not being on such lists since it could end up directing comment spammers to my blog. I won’t object to regular links, though. :)

Using Search Everywhere Plugin to Search Jerome Keyword Tags

I installed the Search Everywhere Plugin in the hopes of enabling WordPress search to find posts that have been tagged with Jerome Keywords Plugin. Alas, it didn’t have that capability built-in, nor could I find an available solution, so I tweaked the Search Everywhere code to search tags for results. I based the code modifications on the meta search function. There were four places where I edited the code. Since I’m currently too lazy to provide the instructions, I’ll provide the file as an attachment.

To test that my code works, here’s a search where the query does not appear anywhere else but the tag. It points to this post, but I didn’t want to apply it to an unrelated post since it could cause confusion. You can also confirm that the query does not show up anywhere in this post. Also, to really confirm that the query worked due to the tag and not because of it showing in the url of a post, I tested it on another post. I removed the tag on that other post to avoid confusion.

WordPress doesn’t allow uploading .php files so I had to append .txt to the filename. Just remove .txt, rename it so that it ends in .php, and install the plugin as usual.

Download file: Search Everywhere Plugin

Fighting Comment Spam with Bad Behavior, Akismet, Spam Karma

I’ve been using Akismet since I started using WordPress in early 2006. It does a tremendous job of detecting spam. However, it’s not perfect and a few messages gets past its filter each week. Since I enforced moderation on new posters, this kept the spam from showing up on the blog. However, that measure prevented legitimate posters’ comments from appearing without a delay.

I learned about Bad Behavior as a way to fend off bad bots so they can’t even access my blog, let alone create spam comments. From BB’s Benefits page:

Bad Behavior is designed to integrate into your PHP-based Web site, running as early as possible to throw out spam bots before they have the opportunity to vandalize your site with their junk, or even to scrape your pages for e-mail addresses and forms to fill out.

Not only does Bad Behavior block actual vandalism to your site, it also blocks many e-mail address harvesters, resulting in less e-mail spam, and many automated Web site cracking tools, helping to improve your Web site’s security.

I also added Spam Karma to supplement Akismet. With its default settings, it seems to be more lenient than Akismet. I had Spam Karma process the spam that Akismet had already filtered. SK approved some of the spam, which resulted in the comments showing up in the blog, and added some of them to the moderation queue. Note that Akismet had already treated the comments as spam. So I had to train SK to recognize those messages as spam.

SK also instructed to use its moderation interface to moderate comments, instead of the default. This meant that I would be unable to train Akismet. The solution was the Akismet plugin for Spam Karma. This way, if I mark a comment as spam, it trains both SK and Akismet. An unadvertised benefit of using this plugin is that it makes SK factor in Akismet’s judgment on a comment in computing the karma. Thus, spam comments that got low spam scores before will get higher spam scores because Akismet had already detected them as such. This counteracts the leniency that I observed. It also reduces the number of obvious (according to Akismet) spam comments that I would have to moderate.

Another thing I like about Spam Karma is that it gives the user a second chance to submit the comment if it is unsure whether it is spam or ham. This immediate feedback is more helpful to real users than having their comment going to a moderation queue.

It hasn’t been a long time that I have implemented all three comment-spam fighting measures. I hope it makes it easier on real users to add comments, while preventing spam from showing up in my blog.

Things I learned:

  • Don’t reprocess processed comments. It will duplicate the karma scoring if it received a particular comment previously.
  • Don’t reprocess previously approved comments (from pre-SK usage). I cannot prove for sure, but it seems that in reprocessing already approved comments, some of the really old ones got marked as spam. That’s because one of the indicators of spam is replying to old posts.

Implemented Pretty Permalinks

After much internal debate, I finally decided to change my WordPress blog to use pretty permalinks. It was a difficult decision to make with lots of pros and cons to consider. I placed an asterisk next to cons that turned out to be irrelevant.

Cons to using or switching to pretty urls

  • I like the flexibility and quickness of accessing posts by their id numbers. I didn’t want to have to type out the whole url of a post when using pretty yet longer urls.*
  • Because of the above, I have been using ?p=num since the beginning. I feared breaking links to my blog entries.*
  • Changing the url structure so drastically could hurt rankings, and thus my blogging efforts will be for naught. ~*
  • My site stats won’t be as accurate because each post will have two different urls associated with it. I will lose historical data.
  • I tend to change my mind with the post titles so I didn’t want to commit to using urls that are dependent on the title.
  • (this wasn’t part of decision-making but realized after the fact) My custom search engine for my blog relied upon the parameters like ?p and ?m to differentiate the different types of results. I can’t do that anymore. I could add /post/ to the url pattern but that would make the urls even longer, resulting in higher likelihood of truncation. Bummer.

Pros to switching to pretty urls

  • My biggest pet peeve when looking at site stats is not knowing what entry is being referenced. All I see is /blog/?p=1. Using pretty permalinks will help me see which post I am seeing stats for.
  • Outside of stats, it helps me, visitors, search engines to see descriptive urls.
  • It turned out I can still access posts with their id numbers.
  • Because I can still access posts with id numbers, existing backlinks will still work.
  • I found and installed a permalink redirect plugin that will do a 301 redirect from the old urls to the new urls. This should help the search engines recognize the change in urls, thus reducing the likelihood of duplicate content issues.

I decided upon the pattern that uses /year/month/date/post_id/ instead of other recommended patterns such as /post_name/post_id/ or /category/post_name/. Since my posts tend to have multiple categories, I didn’t want to deal with the complications of using a url that involved the category. For me, the advantage of using the time-based url pattern is that navigating up the “directory” structure still showed posts for the day, month, or year. Another bonus, which I appreciate from sites that use this structure, is being able to see at a glance the age of a post. For certain topics, timeliness is a important to consider.

I will be keeping my eye on the results of implementing this change. I am going to watch for:

  • effects on traffic
  • effects on ranking
  • how long it takes for the new urls to replace the old ones in the index

Update: Less than an hour after implementation, google blogsearch of my blog already updated a bunch of the urls.

Update 6/04/2007: Two days** after implementation, a site search showed Google has indexed the new urls. I went through the pages of results to see if all urls had been re-indexed but the change stopped at around 50 results. The weird thing is that none of the posts were indexed with the new urls. The results showing the new urls were navigational links like months, categories, and feeds. Yahoo and Microsoft have not indexed the new urls.

Update 6/05/2007: Site search for takethu.com/blog/ still doesn’t show individual posts being indexed with the new url. However, if I do a sitesearch for takethu.com/blog/2007, for example, I can see the new urls for some posts.

My concern about losing traffic has been alleviated. My traffic has increased, and not only is at a record high for the month, but is at the second highest point ever since I started this site over 1.5 years ago.** The highest point was when people were searching about the tax due date this year and found my blog post, so that is an outlier that I would remove. Discounting that anomalous spike, this is the highest traffic level this domain has ever had in one day. Well, it’s only been three days since I switched to permalinks, but the results are promising.

Update 6/13/2007: After a week and a half, about 200 of the results in a site search show the updated urls.
** This was what I observed in my particular experience for my site. Your mileage may vary.