Spring Sale! Save 30% on all books w/ code: PLANET24
Web Dev + WordPress + Security

First 30 Days without Bad Behavior

Approximately 30 days ago, I completely uninstalled the Bad Behavior plugin from Perishable Press. As you may recall, many Bad Behavior users were unexpectedly locked out of their own sites and forced to either uninstall or upgrade in order to fix the problem. Of course, in my perpetual battle to optimize and streamline everything, I decided to drop Bad Behavior from the otherwise obligatory WordPress anti-spam trinity.

30 days later..

I am happy to report that Perishable Press has not seen a noticeable increase in comment spam since the removal of the Bad Behavior plugin. Of course, during the past month, two or three trackback spam turds managed to slide through, however, even Bad Behavior failed to stop everything. This is great news because I prefer to avoid unnecessary plugins whenever possible — especially those of the resource-intensive variety.

My current lineup..

With Bad Behavior out of the picture, here is my current anti-spam strategy:

  • Akismet — although I consider Akismet my primary defense against comment spam, I have noticed a serious drop in the overall number of spam comments reported in its admin options panel. We’re talking like maybe 1 or 2 stopped comments per day at the most. This is strange, because, as previously mentioned, my site has been relatively spam-free for quite some time. Hmmm..
  • WordPress’ built-in comment-spam blacklist — this is perhaps the most underrated anti-spam tool available for WordPress today: it’s easy, it’s free, it’s fast, and it’s very effective. Best of all, instead of getting deleted, blocked comments are moved to the “Moderation” queue for closer inspection, thereby preventing the loss of any false positives.
  • Blocking of all no-referrer requests — this is another effective anti-spam trick that stops many automated spammers dead at the door. See the linked article for more details on this effective strategy.
  • The Ultimate htaccess Blacklist — Last but certainly not least, I enjoy the automated blacklisting of unwanted cyberscum — not just for spammers anymore! — provided by the ultimate htaccess blacklist. See the linked article for more details on this powerful tool.

Bye bye Bad Behavior..

Moral of the story? Along with a few htaccess tricks in place and a strong WordPress blacklist, Akismet may be all you need for complete protection against comment spam. Best of all, with Bad Behavior out of the picture, Perishable Press enjoys faster pages, cleaner code, and a leaner, meaner database than ever before — definitely sweet, if you ask me.

About the Author
Jeff Starr = Designer. Developer. Producer. Writer. Editor. Etc.
SAC Pro: Unlimited chats.

9 responses to “First 30 Days without Bad Behavior”

  1. I too was really shocked and nervous when Bad Behaviour blocked me from my own site…but I upgraded and everything is back to normal again.

    Hmm..I think I’ll try de-activating Bad Behaviour for a week and see whether my cpu usage increases or decreases.

  2. Perishable 2008/01/21 8:58 am

    Ah yes, good point, Lisa — CPU usage is one thing I overlooked when preparing this post.. hosting my site on a shared server, I tend to ignore usage of server resources, except where timing and consistency are concerned. In any case, if you do disable Bad Behavior for a week, I would be most interested in hearing about the effect on CPU..

  3. Well, it’s been more than 1 week now and here’s what happened:
    – CPU Usage increased from an average of 0.7% to 0.9%
    – More scraper sites managed to get through and steal site contents
    – Increased number of Comment Spam (luckily, Akimset caught all of ’em)

    I think the main reason my site load increased is because of those scraper sites. When I block another IP, another IP is used *which is why asked for your help in denying a whole IP Range a few days ago.

    Although my CPU Usage limit per day is 4.5%, but the scraper sites are stealing my contents and also increasing the server load.

    In a nutshell, I’m gonna have to enable Bad Behaviour again.

  4. Perishable 2008/01/29 4:16 pm

    Hi Lisa, thank you for following up with your findings. The CPU usage is especially useful information as I do not have access to that data on my shared server. I assume that the increase there is significant, based on your overall CPU limit (still well below 4.5%, but an increase nonetheless). And, it does seem to make sense that content scrapers are responsible for the sudden increase in usage. I am curious, however, as to how you determined that it was in fact scrapers that had caused the increase? Were you able to verify any scraped content? If so, this may “inspire” me to re-install Bad Behavior — scraped content sucks!

  5. I don’t have any definitive proof the scrapers caused the increased server load. I simply assumed they caused it because right after I disabled Bad Behavior, a few new ‘Incoming Links’ appeared on my WP Admin Dashboard.

    I went to the sites and confirmed that the site scraped a couple of my posts. This has been happening everyday since I disabled Bad Behavior.

    I also referred to my Webalizer Usage Statistics to crosscheck the ip/hostname of the site and I found that the site is using up more traffic (even more that Google Crawlers!) to crawl my site. Some of the sites are hosted on a Dreamhost Server (wilshire.dreamhost.com).

    I am not saying that every site should implement Bad Behavior but if people has been scraping contents from your site, it’s best to use Bad Behavior or any other plugin that can block scrapers.

  6. Perishable 2008/02/03 2:44 pm

    Excellent, Lisa! That is very insightful information and some great advice as well. Thank you for taking the time to explain your findings regarding the scrapers, as well as the process used to analyze the increase in server load and subsequently diagnose the issue. Given your results, I agree that removing Bad Behavior may benefit specific environments, however, as you say, probably remains useful in many situations, especially where scrapers and other leeches are prevalent. Again, many thanks :)

    Kind regards,
    Jeff_

  7. Palma | Buddha Trance 2009/11/10 10:12 am

    Hi Jeff – I do have Bad Behavior installed and luckily I never got locked out from my own site. One thing that BB does, besides spam, is also preventing malicious injection attacks. I have found quite a few attempts that were blocked by this plugin. For this reason, I feel safer having it on, because there are some issues that are not just spam related. I am sure that there are other methods to prevent this as well. I will look into it.

    For the time being, I will simply delete the BB records from the database, to streamline it a bit. The plugin doesn’t seem to have a feature to delete old records, so it has to be done manually…

    I do agree with you that it’s good to cut down on the number of plugins whenever possible, though! :-)

  8. Palma | Buddha Trance 2009/11/10 10:21 am

    I spoke too soon… BB cleans up automatically records that are older than a week.

  9. Sweet! Thanks for the information :)

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
Digging Into WordPress: Take your WordPress skills to the next level.
Thoughts
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Note to self: encrypting 500 GB of data on my iMac takes around 8 hours.
Getting back into things after a bit of a break. Currently 7° F outside. Chillz.
2024 is going to make 2020 look like a vacation. Prepare accordingly.
First snow of the year :)
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.