I’ve installed WordPress MU a few times since it was publicly available. In part, because I was keen to see if out the box, it would be able to meet my needs, and partly because there’s some projects that I was thinking of that would require something similar to WordPress MU. For those of you reading this wondering what the heck is WordPress MU – I presume you’ve heard of WordPress, right? That blogging platform that’s really easy to use, and freely available?

Well WordPress MU is it’s ‘big brother’. The idea behind WordPress MU is that if you want to set up a site where people can come and create their own blogs, then you can use WordPress MU to run your entire site. It’s a fully functional version of the main back end used at WordPress.com to host all the blogs on that site. It means that you can have users register, and create blogs, and start their own personal blog, on your site. Each user gets a blog, that is like having their own copy of WordPress installed for them, only it’s on your website.

Well the advantage of using WordPress MU becomes even more apparent, once you install BuddyPress, a plugin/set of modules that work with WordPress MU. BuddyPress effectively acts like a social network, allowing you to have ‘friends’, groups, and provides ‘activity streams’ kinda like status updates, but that can be the aggregate of all of your RSS activity across the web.

Now I’d recently set up a public installation of WordPress MU, and not having time to explore the multi-user side very much, I decided to just set up some basic content as a placeholder, and a few pages, so that if anyone came to the site they would be able to get some info, and leave it at that for now. (The site in question is http://londontechstartups.com)

Unfortunately, I hadn’t been paying too much attention to all of the spam blogs that were being created, until very recently. I presume they use some form of automation scripting to auto generate a bunch of email addresses, and then bulk signup to the site, which they then proceeded to post to every few minutes with more and more content, on all the spam blogs they had created. By the time I decided to do something about it, there was already over 3000 spam blog accounts on my site, and many many pages of content on each of those sites. Reading a few of the pieces of content, it soon became clear that not one of those blogs represented a real person taking the time to write real content. It was all ‘spam’ type text that meant that with a bunch of bogus text, there would be ‘links’ with different keywords pointing back to a site selling something or another related to the keyword.

It was most definitely a challenge to clear all of those spam blogs, off, as well as taking quite a few hours, and having to mindlessly click a check box for each of the blogs and spammers, before being able to finally rid my site of them.

Just in case anyone else gets caught out like I did, or is contemplating setting up a WordPress MU site, make sure you install some form of Anti Spam measures in advance, and save yourself countless hours performing maintenance and having to fix the problems like I did.

My initial thoughts were to jump into the backend and just delete the data directly from the MySQL database, which had I been able to access I would have. But unfortunately, I think the volume of Splogs (Spam Blogs) meant that my Web Based access to the MySQL Database using the PHP GUI ended up timing out.

Eventually, I had no choice but to manually delete the spam from the site admins control panel myself.

IF it weren’t for the WPMU Power Tools, I don’t think I would have ever finished! http://plugins.paidtoblog.com/wpmu-power-tools/

I also am indebted to the advice that was shared in the forums about manually editing the WPMU admin listings pages – http://mu.wordpress.org/forums/topic/10811 to show more users, I then went and did the same thing for number of blogs.

I also found a bit of useful advice at http://www.gabrielserafini.com/archives/category/spam/ – though to be fair I think there was way too many individual IP addresses being used for me to be able to address them purely by IP address.

If I had been able to access the PHP MYSQL GUI – I’d have gone and used the advice shared here – http://blog.vipul.net/2009/02/01/how-i-cleaned-up-8k-spam-comments-from-my-wordpress-blog-in-less-than-30-minutes/

And used the code here – http://www.darcynorman.net/2009/05/20/stopping-spamblog-registration-in-wordpress-multiuser/ – to hopefully stop spammers gaining access to ther server

I’ve also since followed the advice here – http://mu.wordpress.org/forums/topic/13982
and now have installed – http://ocaoimh.ie/cookies-for-comments/ and
http://wordpress-plugins.feifei.us/hashcash/

I’ve also installed MontySpam based on reading about it here http://mu.wordpress.org/forums/topic/10811

and ended up selecting about 100 users as spammers, at a time, through each page, then deleting the spam marked blogs and users using the power tools – that was after I tried to do a few hundred at a time, and the site wouldn’t refresh properly.

I also got some great advice from the form thread here – http://mu.wordpress.org/forums/topic/11187 about a few tools that let you moderate a blog before it can be used – manual I know, but cool nonethelss.

This also looks like a great plugin for spam reporting – http://mu.wordpress.org/forums/topic/13206