My blog runs on WordPress software, which is probably the most popular Blog software package in use.n That’s good, because bugs get found and fixed very quickly. That’s bad, because the comment spammers and hackers know all the ins and outs of the most popular blog software out there.
I currently allow people to sign up for an account on my blog, but access to commenting and posting is never granted until I manually approve your account request. That’s because the hackers and comment spammers have automated the process of requesting WordPress accounts, and I get a dozen or more new account requests each day, with a large number of them from people using email addresses ending in “.ru” (Russia). I check the list regularly, and delete the accounts from random people, and only approve the ones from people I know, or who have contacted me out-of-band.
What I’d REALLY like to see, is the Sign up function check a list I setup of email domains to block. I don’t know anyone in Russia, China, or Taiwan, and I really doubt I’ll ever want to grant access to anyone from those countries. If I only ever had to deal with American and European comment spammers, that’d be half the battle right there.
I’d love to be able to see some kind of an Akismet anti-spam question, or Captcha challenge, as part of the signup process, to eliminate the weakest automated account requests.
The automated part could also be reduced if WordPress had a built-in method of confirming the requesters email address, and optionally, cell phone number, in an automated fashion. If you don’t copy the code my site emails you or text you, and enter into into the prompt, and your new account request gets silently deleted after a day. Less hassle for me.
Also, new subscribers shouldn’t be able to post more than one comment total, until their membership is confirmed.
More anti-spam controls, that’s what WordPress needs. Maybe I need to learn more about PHP, and start contributing my own idea to the WordPress project.