Hiding from spammers

Written at lunch time in English • Tags: ,

For a long time now I’ve removed the generator meta tag from all WordPress installations I’ve setup. Mentioning WordPress is just honey for the bees. Since I removed the meta tags the amount of spam has decreased remarkably. Posts about WordPress are targeted much sooner and for much longer than other posts.

Starting with WordPress 2.4 the generator information is inserted by the core code, as opposed to the theme. This means that the meta tag will reappear even if you have removed it from your theme. However, this is actually a good change, because now you can disable the tag not only from the HTML pages generated by the theme, but also from all other formats WordPress outputs. The information is created by a couple of functions centrally instead of scattered instances through the code.

I’ve created a plugin to accomplish this: No Generator works with the trunk code from svn, and will work with 2.4 once it is released.

5 comments

  • 1

    I did this a while back but rather than remove it I just changed it completely, also changing things like “add a comment” to being images/ other phrases helps :D

    ceredigion — 10.12.07 @ 11:17

  • 2

    This all sounds very interesting, but what you’ve failed to do is explain exactly why I need a plugin the removes the Generator html? You say it’s a target for spam, but I don’t really understand that.

    If I stick “powered by wordpress” into Google, it claims to give me 12M hits. So it seems to me that a generator meta tag isn’t an issue with advertising that you run a wordpress blog. Nor is it an indication that comments are enabled, or that your blog is somehow “spammable”.

    Having said all that, I’m clearly missing something, as you would not have gone to the effort of writing a plugin that was meaningless. So if you would be kind enough to explain, I would be much obliged.

    Many thanks,

    Colin McNulty — 18.12.07 @ 23:22

  • 3

    It is my personal experience that not mentioning WordPress cuts down on the amount of incoming spam. That is the main reason for this plugin.

    Of course, if you have “Powered by WordPress” on each page, it probably makes no difference whether you have the generator meta tag or not. Having WordPress mentioned in the content is enough to attract more spam.

    Knowing that a blog runs WordPress gives you information about how to attempt spamming. You don’t need to download the page HTML and parse it to find the comment form: it is often located in a “standard” address. You can also use pingbacks and trackbacks without trying to find the URLs for these features (although e.g. pingbacks are advertised in a couple of easy-to-find ways, of course). It seems that many spammers have tools especially crafted to target WordPress. Naturally it makes sense, since WordPress is so popular.

    Also, since I had already removed the generator tag in the past, I just didn’t want it back all of a sudden. I try to avoid local modifications to the core WordPress code as much as possible, so all my mods become plugins instead. Writing a plugin is not difficult at all, and one of the best design practices of WordPress is its multitude of hooks for plugins to use.

    Kimmo Suominen — 26.12.07 @ 10:43

  • 4

    Thanks for this. I only just started up and I already had to delete loads of spam. I am looking at a few other measure to put in place but this should help to.

    Marc — 7.1.08 @ 14:50

  • 5

    I’ve heard from other sources too that removing references to WordPress may reduce spam. It’s just been such a nightmare removing those from all the WordPress installations I’m runnig.

    Jani — 8.2.08 @ 11:13

Sorry, commenting is not available for this post.