Room 34 presents On This Day: a WordPress plugin

For a while now, I’ve had a sidebar widget on my site that displayed posts published on the same date in previous years. It’s a fun way to look back on your own blogging history and to revisit topics from the past.

I didn’t really have it set up as a proper widget though; it was just code stuck directly into my sidebar template. Today I decided to rebuild it as a proper plugin, which you can now download and use yourself!

It’s really simple to use. Just extract the zip file and place the contents in your wp-content/plugins directory. Then go to the WordPress dashboard. Activate the plugin (under Plugins), then edit your widgets (under Appearance) and drag the “On This Day” widget where you want it to appear.

You can customize the title and the “no posts” message (which gets displayed on days when there are no historical posts).

Room 34 presents On This Day is now available for download in the WordPress Plugin Directory.

RegisTrap seems to be losing its effectiveness

I suspected this might happen once I released RegisTrap to the public. I had four new spam user registrations on my site when I checked it today (having last checked it maybe two or three days ago). Previously I’d only see about one a week with RegisTrap running.

It was bound to happen. The rules RegisTrap employs are fairly simple, and the “bots” are constantly being modified. I have no idea how many registrations RegisTrap has blocked in the time it’s been running — perhaps my next step in developing it is to add a logging feature. If there were only four (or even maybe a dozen or so) spam attempts on my site during this time period, then RegisTrap seems pretty ineffectual. But if it actually blocked a ton (metaphorically speaking) of spam registrations, then four sneaking through doesn’t seem so bad.

If anyone out there is using RegisTrap and cares to comment on ways I could improve it, let me know! Meanwhile, as time allows I am going to pursue the logging functionality, if only for my own edification. As valuable as the logging feature would be, it goes against the spirit of simplicity inherent in the plugin. I really don’t want to write anything to the database or filesystem.

New WordPress plugin: RegisTrap

<em>Regis</em> Trap? Not quite.

Regis Trap? Not quite.

As I have trumpeted from the hilltops on many an occasion, I have happily been using WordPress to power this site going on two years now.

Mostly happily, anyway. There are a few things that don’t sit right with me, most prominently the persistence of spambot registrations, with little (good) help so far from the plugin development community.

What are spambot registrations, you ask? Well, blogs tend to have two doors that are open to spambots: comment forms and registration forms. Comment forms are certainly more common (since just about every blog accepts comments but most probably do not accept new user registrations), and much has been done to deal with the problem of comment spam. Most notably there is WordPress founder Matt Mullenweg’s own excellent comment spam blocking plugin, Akismet. But no comparable plugin exists for the WordPress registration form, and despite many requests from the community, Akismet has not yet been adapted for this purpose. Probably since registration spam is so far only a nuisance (albeit a potentially large one for the site administrator), it has not gotten the same kind of attention.

I did manage to find a few plugins to block registration spam, but most were half-baked, and the one I did end up using for a while, which clearly has been given a lot of attention by its developer, just seemed to be overkill to me. And while it did work to prevent spam registrations for the month or so that I used it, it also prevented my legitimate, registered users from logging in!

So a few days ago I turned it off, and within hours I was receiving spam registrations again. That’s when I decided to build my own spambot registration blocking plugin for WordPress: RegisTrap. The focus is on absolute simplicity: there are no visible changes to the registration form for users, and there’s no configuration for the site admin… just upload it, activate it, and you’re done.

I’ll admit mine is probably half-baked as well, but it’s only at version 0.3 so far. I may eventually need to add an administrative tool to allow the site owner to make changes if bots start to adapt to the default settings — I don’t really know how smart bots are. But I do know that I’ve had RegisTrap running on my own site for a couple of days now, definitely long enough to be able to determine whether or not it’s working, and since I installed it there has not been a single spambot registration on my site.

If you run a WordPress site, give RegisTrap a try!