WordPress Anniversary: WordPress and Evil

As I look back on the ten years of WordPress, there is a dark side to blogging. While many blamed WordPress for the evil, like guns, WordPress doesn’t cause evil, people cause evil.

In fact, WordPress, Automattic, and the WordPress Community has fought longer and harder against the evil doers in the world than most realize. I thought I’d take a moment in my look back at the history of WordPress on this 10th anniversary year to share some of the dark side of the blogging force as related to WordPress.

This is a celebration of the courage, faith, and determination of the WordPress Community to not let the evil win.

The Battle Against Bitacle, Scrapers, and Sploggers

Many blamed WordPress for making it easy to scrape (copy) our site feeds and plagiarize and steal our content. WordPress didn’t make it easier, the improvement in feed technology made it easier, but many still blamed WordPress.

In January, Jonathan Bailey of Plagiarism Today took a look back at one of the blights on the web, Bitacle, a splog (spam blog) and scraper (using full-site feeds without permission and violating copyright), that plagued WordPress.com and WordPress sites. This brought back many years of memories as bloggers struggled to protect and defend their content.

In 2006 I covered the “Bitacle Battle of Blogs” and used this quote from Allan Jenkins to describe Bitacle’s efforts to take what was not theirs.

Bitacle has become Public Enemy #1 this weekend in some parts of the blogosphere. As I reported earlier, the Spain-based splogger scrapes your content (your Creative Commons deed be damned), monetizes it, keeps the cash — and refuses to answer email complaints. I called them “thieves” in my first post, and I am repeating the charge here. Bitacle’s boss, the magnificently misnamed Jesus Angelo “But call me Ladrón, honey” Glez, is a thief.

…Bitacle, while not replying to anyone’s mails, as far as I can see, seems to be aware they are under attack. They’ve been down much of the weekend, and they have (today) started including the URL to the content they steal. Nevertheless, they are still ripping off and re-purposing content, without permission, for their own financial gain. Worse, they still encourage comments to the stolen blog posts on their site in an attempt to dupe readers into believing they are seeing a “real” blog.

We weren’t talking about a single site copying your content because they didn’t know any better. We were fighting back against a site with thousands of sites’ feeds generating content and income for them from advertising on that content. Instead of finding your article on your site, search engine users would find your article on Bitacle looking like it was theirs, complete with open comments. I found several people commenting on my articles on Bitacle instead of on my site where the real conversation was happening.

With the many voices calling out for help, many led by the fantastic work of Jonathan Bailey who came up with a plan of action for us to follow, Bitacle changed their copyright notice to claim the article authors retained their copyrights, which didn’t work for any of us. Just because we own our copyright, which we do, no one can use our content without our permission in any way we say is not acceptable, which means they cannot just take our content, slap ads on it, and make money from it without our express permission.

WordPress.com stepped up and blocked WordPress.com feeds from being scraped by Bitacle, giving WordPress.com users a sigh of relief. They did not remove the previously collected content, however, so our articles sat on that site generating income until Jonathan Bailey filed a DMCA takedown with Google Adsense against Bitacle, which resulted in Bitacle losing its Google Adsense advertising income.

According to Jonathan, Bitacle gave up about 2010.

Autoblogging Scrapers and Splogs

Bitacle was built on the back of WordPress Plugins that permitted our content to be taken via feeds and used and abused. The battle against scrapers and sploggers, those using our content on their sites via our feeds, continues. Feed scraping is not specific to WordPress as any site with feeds is vulnerable.

In the early years of WordPress, a well intentioned web designer and developer, Elliott Back, created a powerful WordPress Plugin that was simple in concept but easily exploited. Called WP Autoblog, it was designed to aggregate multiple sites and display their most recent posts on the front page of a WordPress installation, bringing together the content to a single feed stream. Elliott Back did this for his family members so he could consolidate all their sites into a one stop viewing spot.

The evil doers of the web saw the potential of grabbing content from their many sites and generating new sites with the mixed content but didn’t stop there. They realized they could make money on other people’s content, relieving themselves of the burden of generating their own, and fill it with advertising, especially Google Adsense ads.

Elliott quickly became the target of angry bloggers as the Plugin displayed his credit line to the Plugin at the bottom of every post. They held him responsible for suffering with content thieves and scrapers. He tried to defend himself, sometimes successfully, sometimes defensively, and eventually he chose to close down WP Autoblog saying:

This software is PERMANENTLY ON HOLD. Go use Feedwordpress, you vile spammers, or the recently announced WP o’ Matic. I will not provide this plugin, or anything like it, because the potential for abuse is way too high.

I am not [a spammer], and I encourage you to go after anyone abusing this with a DMCA notice…I’ve had my own sites ripped off by people abusing this plugin, and filed dozens of DMCA notices against spammers. In the web 2.0 world, information is money, and there are far too many people – often located outside of the US – who want to rip off your work, rather than writing for themselves.

He’s right, but it isn’t limited to those outside the United States. Evil doers are everywhere.

I feel bad for Elliott. He was right when he said repeatedly that someone would have eventually come up with such a WordPress Plugin, he just happened to be one of the first. He never dreamed his Plugin would be so abused, nor did any of us who thought this was a cool idea at first. Even today I use WordPress Widgets to bring in the feed stream from my various sites into this site’s sidebar. It is not misrepresented as content, but is based on the same theory, cross-marketing and promoting content across websites.

This technique of bringing in content from other sites to a single site continues today with other WordPress Plugins and third-party apps. The laws state that credit must be given to the source, and that excerpts meeting Copyright Law Fair Use may only be used, but this doesn’t stop the abuse.

We stop the abuse by educating everyone about copyright laws and being clear and specific about what our copyright policies are on our site. Just putting the copyright notice on your site isn’t enough. You need to be specific with what you will or will not allow. The web is a copycat space, so be clear about what you want copied or not.

The Fight Against Comment Spam

When asked what my favorite, can’t-live-without WordPress Plugin is, my answer is always Akismet. Of all the evil on the web, one of the most persistent and frustrating is comment spam.

Akismet is one of the best tools in the world to battle well against comment spam.

Produced by Automattic, the commercial side of the WordPress collecton of businesses, it isn’t restricted to WordPress-only sites. It is available for over a dozen publishing platforms, forums, wikis, and more. Released in 2005 on WordPress.com, it joined two other powerful comment spam fighters, Bad Behavior and Spam Karma 2, taking the best of the two and adding even more.

Akismet works through crowd-sourcing models. The user does not delete the comment spam, just marks it as spam and the comment spam information is added to a huge database which monitors and tracks comment spam from WordPress sites around the world. If enough people mark spam as spam, it is flagged and filtered out of your comment queue automatically.

In 2006, Akismet added an odometer to the WordPress Comments panel keeping score of the number of comment spam. Mine read 50,000 comment spam caught since October 2005. Once after two weeks of traveling, I came back to my site to find it had caught over 12,000 comment spams for me! That’s serious protection. My funniest Akismet moment is when the score read 12,341 caught, a screen capture moment for me!

Before Akismet, I used to spend an hour or more a day going through comment spam and deleting them. Even after Akismet was released, it didn’t have the strong false/positive record it has today, so time was still spent sifting through spam comments looking for the falsely accused. Overwhelmed with the time suck it created, my friend, Engtech, created the Akismet Auntie Spam Firefox-Greasemonkey Page Viewing Script which I used for years to make the process faster and streamlined, limiting my exposure to the crap found in comment spam to a minimum. I still wish Akismet would use that script to improve readability for those still wishing to scan through the spam.

Akismet is now so good, I haven’t looked at that page more than a few times a year now. It saves me hours a day or worry and wasted time, and continues to do the hard work in stopping my site from being flooded with comment spam. Sure, I take a few minutes every day to clean the spam out that gets through, usually new types of spam, and only so much can be done to battle the human spammers now representing a majority of comment spammers worldwide. When my site is slammed by thousands of comment spammers daily, I can’t live without Akismet.

The Fight Against Evil on WordPress

In 2008, a spoof site for WordPress was set up under the domain of Wordpresz.org. It was a duplicate of WordPress, the “dot org” site for WordPress, and was filled with malicious business. The community spotted it and the outcry warnings to the community went out immediately. We’ve long worked together to inform WordPress fans as there continues to be no single official website with all of the relevant information we need to know about WordPress, though the WordPress Official News Blog and the revamped WordPress.com news, Just Another WordPress Weblog covers the most important bits.

Over the years I’ve celebrated and honored so many of the WordPress Community who have stood up and fought against evil on the web. Today, some of these are employees of Automattic, while others continue to volunteer their time and expertise without compensation.

There are those who stand up and say don’t risk your site with an unofficial WordPress Theme as many were stuffed with hidden or blatant advertising links, spam links, and security vulnerabilities. Automattic cleaned up the WordPress Theme Directory (formerly the WordPress Theme Viewer) to remove all “sponsored” and risky Themes. The debate over sponsored, premium, and freemium WordPress Themes continues even today as people try to make money from every angle in WordPress. It took strong people to stand up to the greedy and say this wasn’t right.

There are those who report malware in WordPress Themes, digging deep into the code to reveal the mechanics of such nasties. They help us to understand how these things work, and how to prevent them from working in the future, as well as blocking all access. It’s a full-time job some days.

The volunteers and employees of WordPress.com fight to protect our millions of blogs constantly, 24/7, against hackers and malicious attacks. WordPress.com is tested and updated daily to protect it from such attacks, yet few stop and say thank you and show our appreciation for the effort while we blog freely on every subject under the sun. I thank you all in my heart daily, as should we all.

Then there are faceless heroes of WordPress, the ones rarely celebrated or honored who work hard to make WordPress better, uncovering and fixing security vulnerabilities and improving the code with every update and release. In 2007, Ozh developed a WordPress Bug Fixers Heat Map, a tag cloud effect honoring the names of contributors to WordPress development, the larger the name, the more they are listed in the WordPress Trac, the code management system of WordPress.

The WordPress Community has developed WordPress Plugins to track and prevent content theft and copyright infringements, comment spam, registration spam, hacks, malware, viruses, personal attacks, malicious SEO, and other abuses.

From the very beginning of WordPress, community members have stepped up to create WordPress Plugins and Themes that help to defend the blogger’s rights from evil. There are so many, I feel guilty that I will miss a few so deserving of credit and recognition. I will include highlights of some of the articles I’ve published over the years about the fight to protect bloggers and WordPress from evil, and forgive me if I missed anyone. You all deserve our heartfelt thanks and appreciation for all that you have done for the millions of WordPress users.

• Splogging or Clogging: The Worst of the Worst of Blogging
• Website Hammered by Hotlinking, Spammers, and Free Loaders?
• A Day in the Life of a Paranoid Website Administrator
• My Daily Tasks With WordPress
• WordPress.com Users Hit By Direct Attack – Stopped in its Tracks
• Sex, Drugs and Rock and Roll Replaced by Sex, Drugs, and Mortgage Rates
• Americans Spend 40% of Their Time Online Deleting Spam
• Blogs That Look Like Blogs But Ain’t – Splogs
• Spam: Stupid Pointless Annoying Messages in Emails, Comments, and Everywhere
• Imprisonment for Annoying People Online
• Traffic Trolls – Creating Controversy to Increase Blog Traffic
• What Do You Do When Someone Steals Your Content
• Finding Stolen Content and Copyright Infringements
• The Growing Trends in Content Theft
• Comment Spam: Vengeance is Theirs and Mine
• Check Your WordPress.com Comments for Comment Spam
• Akismet Smacked By Comment Spam: The Stats
• Looks Like Your Page Was Heavily Hit By Spam – Yeah, Right, Spammer
• Illegal Internet Gambling and Gambling Comment Spam
• Calling All Stupid Comment Spammers
• One Year Anniversary Review: Comments on Comment Spam
• Splogs – The Dark Side of Blogging
• Digital Fingerprints Help Track Blog Content Theft
• AntiLeech Splog Stopper: Fighting Back Against Content Thieves
• Do You Care Enough To Keep Your Blog Comment Spam Free?
• Wrong Thinking: Accusing Blogroll Links Not Sploggers
• Winning the Battle Over Comment Spam: Akismet and Search Engines?
• WordPress Plugins Battling Evil
• Akismet: All Our Comment Spam Fighting Eggs in One Basket
• Can We Work Together To Stop Comment Spam?
• Google Gives Tips to Eastern European Bloggers
• Are You Risking Your Blog With an Unofficial or Vulnerable WordPress Theme?
• Protecting Your WordPress Blog
• Spinning Spammers Steal Our Blog Content
• 10 Really Rad Righteous Blogging Tips
• WordPress Security Prevention, Reactions, and Scares « Lorelle on …
• WordPress Blogs and More Hacked by Google Redirects
• Warning: Fake WordPress Malicious Site
• Old WordPress Versions Under Attack
• Malware Found in WordPress Theme – Protect Yourself Now
• Is Your WordPress Blog at Risk from the Epsilon Email Theft?
• Downadup Worm Infection: Cyber Attacks on the Rise in 2009

---

Subscribe Via Feedburner Subscribe by Email

Copyright Lorelle VanFossen.