20 Great Tips and Tricks to Protect Your Blog and Bandwidth From Spam

As a webmaster and blogger I have a lot of worries and things to take care of as far as my blog is concerned. Anyway, as you may guess from the title of this guide, my biggest concerns have to do with spam and bandwidth. Why I put these two terms, which apparently have no connection with each other, so close? Because actually they have got a lot in common, more than you think. If you are not a seasoned webmaster, once you have your blog installed and fully working, you might think that you have finished your work and that nothing more has to be done except writing good posts. That’s partially true. What you don’t know is that, under the seeming layer of calmness that surrounds your blog, a harsh, tough war is fought almost everyday.

Every hour of the day, every week of the month and every year, a vast quantity of bad-bots, spy-bots, spam try to infect your blog with the sole intent to breach it and steal information or display unwanted content among its pages. As a consequence of all this activity, your blog might apparently start using a lot of server bandwidth and returning with slow queries or CPU Quota Exceeded messages. How is it possible? Simple. All the above mentioned pestware is nothing else than crawlers or spiders which continuously and without rest crawl your blog looking for any possible way to reach its database and PHP code. This produce a large quantity of “fake traffic” which, as a consequence, consumes a lot of your server resources, slowing it down and choking it in every possible way. Now, if you are on a dedicated or VPS server, this is not an issue, since you have got a lot of resource to play with (even though you will have to face this issue sooner or later as pestware tends to grow exponentially), but if you are on a shared server, this is something you have got to solve right away and without further delay.

The tips and tricks you are going to read are meant for webmasters using WordPress as CMS but, apart from those specific advice which are suitable for WordPress, the rest can be safely used on any platform. This guide is divided into two sections and deal with two problems namely bandwidth and spam. If you want you can read them separately or as a whole unit.  They contains solutions which can be distinctly applied to the first or second issue or to both of them.


The bandwidth is the maximum rate at which data can be transferred over a communications network (Computers). This means that when a visitor reads a post in your blog he will actually download it in his computer using in this way part of the bandwidth your web hosting provider puts at your disposal. A lot of hosting providers give a certain amount of bandwidth per month. And you pay for it, don’t forget. If you exceed that quota your blog will be disabled for the rest of the month, only to be re-enabled during the next month (in the worst case). Also, if your blog and your scripts are not well-optimized they will tend to create slow queries and exceeded CPU Quota errors. What does it mean? It means that they use too many resources, too much bandwidth and this hurts other blogs hosted on the same shared server. Useless to say, sooner or later you will get the dreaded “This Account Has Exceeded Its CPU Quota.” message in the place of your blog frontpage. After all this, you will understand only too well how important is to optimize your blog and make sure that it uses as less bandwidth as possible. Here is a list of tips and tricks which work on WordPress. Some of them work for all websites indeed, since they are general advice coming from “technical common sense”.

  1. Cache your blog using world-famous plugins or PHP applications. If you have WordPress as CMS blog-platform, install WP-SuperCache. If instead you don’t want to use any plugin because they tamper your blog’s database or might create a conflict with other plugins, install XCache in your server. Read my guide on how to install this superb PHP cache application.
  2. Talking again about caching, there are other techniques other than the ones described above which are able to cache objects of your blog. Have a look at this article of mine and learn how to optimize your blog without installing anything, except a small code in your .htaccess file.
  3. In order to make your blog bandwidth-wise you should keep it as simple as possible. Do not install tons of plugins or widget on its pages, do not use too much ads and avoid those plugins which fetch RSS feeds from other blogs. Also, if you don’t use a certain plugin anymore, uninstall it and remove its footprints from the database.
  4. Don’t show a lot of posts and objects on your blog’s frontpage. This will decrease the time your visitors need to download it. This also means that less resources will be employed to load and execute it, also saving a lot of bandwidth.
  5. Resize the images you display in your posts. This will dramatically save a lof of bandwidth.
  6. Optimize your database at least once a week. If instead your blog doesn’t have a lot of visitors (let’s say under 1000 visitors per day), optimize it once a month. To do it, go to your CpanelPHPMyAdmin – Select/click your database (usually is located on the left of the main page) – a list of tables should appear, at the end of the list click Check All – from the drop down menu: With Selected: repair – again, from the drop down menu, With selected: optimize. Now, if you are smarty enough you can use a nice Cron Job command to automate the task. Here is the code to put in the Cron Job section: mysqlcheck -ao -auto-repair -u ‘database_user’ -p’your_password’ database Please, copy this code and don’t change anything. Only change the proper sections with the name and the password you assigned to your database .
  7. Switch to Fast CGI. To do it go to your CpanelPHP ConfigPHP5 (FastCGI).
  8. Compress your blog’s page by enabling zlib option in your php.ini. Do do that, go to your php.ini located in your server, open it by using Notepad or your FTP client software, locate zlib.output_compression and set it ON. Locate zlib.output_compression_level. This option lets you set the compression level. -1 is disabled, 9 is the max compression. In order not to overload your server, it is HIGHLY advices to set it to 1 or 2 at most.
  9. If you run WordPress, try to tweak the Auto Save feature while writing a post. As a matter of fact, by default WordPress auto-saves your the post you are writing once every 60 seconds. Hey! This a real resource-eater feature! Read this article of mine on how to tweak the auto-save feature in WordPress.
  10. Beginning from WordPress 2,5 every time you modify a post, a post revision is saved in your database. This is especially helpful if your blog has got a lot of authors since it will let you know what was changed in a post, by whom and when, and revert it to a previous state, if necessary. The down-side is that post revision creates a lot of data in your database, ending up with eating a lot of resources. Read this article of mine on how to turn Post revision off and how to clean your database. This hack helped me greatly to optimize my database by making it lighter and deleting more than 12.000 rows!
  11. Disable Update Services in WordPress. Every time you post a blog, WordPress will try to notify (or ping) some site . This is resource consuming, also slowing down the posting procedure. Plus, if the website WordPress tries to ping is experiencing issues, the posting procedure will consume even more resources returning , in some cases, slow queries. To Disable the Update Service, go to your WordPress Admin panel – Settings Writing – delete all the Web addresses located under Update Services and press Save Changes.
  12. It is always a good idea to keep an eye on how many queries your website is producing every time somebody opens a page. A general, good rule of thumb is having between 10 and 30 queries per page. Remember, the more queries your website produces, the more it consumes server resources. To find out the number of queries your website has got, insert this piece of code within your theme: <?php echo $wpdb->num_queries; ?> <?php _e(‘queries’); ?>. <?php timer_stop(1); ?> <?php _e(‘sec.’); ?> . This code will display the number of queries the page is producing and the time to process them.
  13. Don’t use (or at least try to limit) plugins displaying related posts or latest posts links in your pages. Usually, these plugins create a query for each link they display and as you know, having a lot of queries is the latest thing we want. If you use WordPress and want to show the latest post at all costs, use a WordPress tag instead. Here is the tag showing you the latest post. This tag just creates a couple of queries, regardless the number of links it displays: <ul> <?php wp_get_archives(‘type=postbypost&limit=8’); ?> </ul> . Of course, the number 8 refers to the number of latest posts displayed in your blog. Other useful tags can be found here.
  14. Keep an eye on your slow queries. As a matter of fact, they contain useful information about where they comes from and what is producing them. Even if you are not an expert you will be able to get important hints. Remember, most of the times a slow query is caused by a not well optimized plugin. To gain access to your slow queries, open your website by using a FTP client software, go to the TMP folder, and open the mysql_slow_queries folder. In the TMP folder you will also find the cpu_exceeded_logs folder containing detailed information describing when your blog hit and overcome its CPU quota. If you use a lot of CPU quota your web hosting provider will disable your blog sooner or later, asking you to optimize it. Do you understand now how useful is this trick?
  15. Get a better web hosting provider offering Dedicated or VPS (Virtual private Server) servers. A lot, if not the majority of hosting providers have shared servers to host blogs. This means that a lot of blogs will have to share the same resources on the same machines. Since majority of hosting providers tend to oversell their services, you understand only too well how a regular blog has to struggle in order to get its due resources. To complicate life there is also the fact that if a blog hosted on the same machine as yours is not well optimized or has got a resource-eater plugin, your blog, and your “neighbors” will experience slow performance (your blog’s pages and plugins won’t download very fast) also resulting in a lot of slow queries. In this case, your slow queries will come from anywhere and they will just be the result of a sluggish server fighting to equally share its remaining resources among hundreds of thirsty blogs!


So, your blog looks good, it’s hosted on a VPS server, it’s optimized, it doesn’t have a lot of plugins, it has been cached, tweaked, hacked in every possible way. Anyway, when you open the dreaded mysql_slow_queries folder in your FTP client application you see tons of slow queries! How is it possible? When you have done everything possible in order to avoid any issue in your blog and your server, what is left is the only possible, obvious answer which in this case has to be searched outside,  on  the Internet. The thing which makes your blog sluggish and thus creates a lot of issues, slow queries, exceeded CPU quota errors etc. is something which visits your blog repetitively, incessantly, inexorability looking for a “hole”, a flaw a small defect to inject its venom among your pages and posts. This things is called spam!

  1. Use Akismet. If you use WordPress such a nice plugin comes embedded with it. Akismet is the most powerful, easy, obvious solution to avoid spammers trying to post their comments in your blog.
  2. The bad thing about Akismet is that it lets spam comments reach your blog pages before being blocked. As a matter of fact, technically speaking a spam comment has to be posted before being detected by Aksimet. Only then the plugin will identify the comment as spam and will put it in its quarantine safe. Why this is bad? Because when spam bots try to post one of their comments in your blog they will wear out your server resources. In fact, they will frantically try to post their crap one, twice, one hundred times. This procedure, apart from slowing your blog down, will create a lot of slow queries and, in the worst cases,  will cause your hosting provider to suspend your blog for exceeding the CPU quota. One of the best ways to stop spam right in front of your blog’s threshold, so to speak, is the solution offered by The Honey Pot Project (Read my exclusive intervew to the Honey POt project here!). The script available in the website lets you insert, invisible links among your blog’s posts and pages. These links, which are particularly attractive to bad bots, lead to ad-hoc pages where a bot is identified, listed and caught!
  3. If you want to fight spam by yourself and keep track of all the nasty bad bots hitting your blog, a nice free solution is to place bot traps in your blog. A bot trap is a special page which must not be spidered or followed by spiders and bots. This result is achieved by placing a command in the robots.txt file in your server. The command I am talking about is this: Disallow: /bot-trap/ and prevents the trap page from being crawled. You have to know that good bots (like Google bots) usually follow the commands you put in the robots.txt file, while bad bots will  ignore them since they are constantly looking for some way to post their rubbish. After a bot trap is installed, next time a spam bot will spot your blog, it will jump the robots.txt file right away starting to crawl your posts and pages. Once it detects a link leading to the bot trap it will follow it of course, and at that point it will get caught. In fact, once the bot enters the trap page, its IP is recorded while a special command is placed in your .htaccess. The command (Deny from forbids the bot from visiting your blog once for all. Web Talk uses the excellent bot trap available at Danielwebb.us.
  4. Sometimes, spam comes directly from an infected website which keeps crawling your blog and posting comments about wonderful medical treatments (ab0ve all about miraculous blue pills). The easy solution is to place in your .htacess file a command which blocks visitors by using their domain:# block visitors by domains
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} kimsufi.com\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} ovh\.net [NC,OR]
    RewriteCond %{HTTP_REFERER} musicxclusive\.net [NC,OR]
    RewriteCond %{HTTP_REFERER} windows-vista.shuublog\.info [NC,OR]
    RewriteCond %{HTTP_REFERER} 2009iweb1\.info [NC,OR]
    RewriteCond %{HTTP_REFERER} free500host\.com [NC]
    RewriteRule .* – [F]
  5. OK, that’s the last point which, despite is placed at the end of this article, should be adopted as a first spam countermeasure. To prevent spam and spy bots from crawling certain files of your blog containing sensitive information, just place these commands in your .htaccess file:

    # protect php.ini
    <files php.ini>
    Order allow,deny
    Deny from all

    # protect .htaccess
    <files .htaccess>
    order allow,deny
    deny from all

    # protect 403.shtml
    <files 403.shtml>
    order allow,deny
    allow from all

    # protect wp-config.php
    <files wp-config.php>
    Order deny,allow
    deny from all

    # protect by disabling directory browsing
    Options All -Indexes

  6. Bonus 1: Hide your WordPress version from your theme. This won’t allow hackers and bad-bots know what WordPress version you have. This is particularly useful if you are running an old, buggy WordPress version. To hide the version tag, add the following code to your theme’s function.php file. :
    <?php remove_action(‘wp_head’, ‘wp_generator’); ?>

Copyright © 2007-2017 Sitemap | Privacy | Back To Top
Best screen resolution 1280x800 or higher.
Web Talk is best viewed in Firefox.