WordPress: The #1 Plugin every site MUST have


bad.pngToday my site got demolished!!! I’m not sure which set of spambots got a hold of me, but they have been killing my website all day. These are comment spam-bots that try over and over again to submit comment Spam. WordPress has no protection against this type of attack. And Akismet only helps AFTER the submission of the comment spam.

I needed something that would basically deny the post and that’s exactly what the Bad Behavior plugin does.

Here’s the breakdown of what it does:

Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however. Bad Behavior is available for several PHP-based software packages, and also can be integrated in seconds into any PHP script.

The Plugin installation was harmless and my site is back up. Incidentally, Bad Behavior has already blocked over 50 submissions since I installed it about 10 minutes ago. My site is already performing much better since the database activity is down so much. As well, my Akismet queue won’t be filling up quite as fast now.

I went through each of my client sites tonight and installed the Bad Behavior plugin. I don’t want them to have the kind of day that I had! I’m also going to keep them in mind with other technologies, Bad Behavior has developed their technology for many different platforms.

Please don’t forget to throw a couple bucks at those folks as well. I can tell you that today’s outage to the 4 sites that I have up cost me 90% of my normal daily revenue… (so I couldn’t afford my Starbucks today!)

UPDATE: 1/8/2007 – One of my clients had an issue where he was being refused a connection via the login page. Reviewing a couple other sites, I found out that Bad Behavior also has a built in Whitelist function. You have to actually edit a file, whitelist.inc.php, and add the IP address that is being blocked to an array of IP addresses.

If you’re not sure of the IP address being blocked, I was able to query the database using this query:

SELECT * FROM `wp_bad_behavior` where `request_uri` like '%login%'


  1. 1

    Hi Doug

    And a happy new year. Congrats to making the top 100.000!

    And thanks for reminding me about the Bad Behaviour. I thought I had it installed and was getting a bit overwhelmed by the amount of spam comments that I have gotten the last few days. Also, looking at my (much humbler than yours) statistics, I noticed that a great deal of my blog traffic came from non-confoment browser; Spam bots in other words.
    Askimet has been blocking about 70 comment attempts per day over the last few days.
    Anyway, after reading your article, I double checked by blog settings, and – typical late night error – saw that I had forgotten to activate the plug-in as well. Now it is running and I am curious as to how the statistics will go.

  2. 2
  3. 3
  4. 4

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.