Stopping Spam Sign-Ups and Splogs

If you choose to have open sign-ups in which any member of the public can register and create a new site on your network, at some point, automated bots run by malicious users and spammers will visit your network sign-up page and attempt to create one, or multiple, sites in your network. They do so by automated means, hoping to create links to their sites or fill their site on your network with spam posts. This kind of spam blog or site is a splog.

Spam bloggers don't hack your system to take advantage of this; they call aspects of the sign-up page directly. You can do a few simple things to slow them down considerably or stop them altogether.

In the earlier “Registration settings” section, we go over a few options, including areas in which you can specify e-mail addresses to allow or block. The Add New Users check box (refer to Figure 3-4) stops many spammers when unchecked. When spammers access the system to set up a spam site, they often use the Add New Users feature to create many other blogs via programs built in to the bots.

Spammers often find your site via Google Search for the link to the sign-up page. You can stop Google and other search engines from crawling your sign-up page by adding rel=nofollow,noindex on the sign-up page link. Wherever you add a link to your sign-up page, inviting new users to sign up, the HTML code you use to add the nofollow,noindex looks like this:

<a href="http://yoursite.com/wp-signup.php" rel="nofollow,noindex ...

Get WordPress® All-in-One For Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.