Two years of Mollom satisfaction

Gepost op door Matthias

Davy started a meme: show off how well Mollom has been performing on your site over the past weeks, months or even years. I picked it up at Wim‘s place. Here is the lowdown for my own blog.

2 years of Mollom satisfaction

To be more exact: Mollom was activated 703 days ago. Until now, 1,355 submissions were accepted and 23,999 rejected. Yesterday, Mollom blocked 12 spam attempts and accepted 0 ham messages. So far, Mollom blocked 13 spam attempts and 0 ham messages today.

Quite impressive.  The least I can say is that Mollom took away a big nag of mine. The gap in Q1 of 2009 was due to a critical bug which needed fixing in my code.  I ran Mollom in developer mode which means no real life statistics were recoreded during that particular timeframe. Apart from that, Mollom has been protecting my WordPress blog for the past 2 years and held on to it’s own.

Of course, you’re all probably eager to know whether I’m still maintaining the plugin. Yes, I am. Over the past few months, I’ve been working off and on to get a new version a the plugin ready. It will be a total rebuild with lots of improvements. I’m covering what’s to come and my own developer experience in depth in a future blog post.

So stay tuned!

Mollom goes onwards!

Gepost op door Matthias

It’s been a few months since I’ve let anything out about the development of WP Mollom. Due to my freelancing activities, the project didn’t got the attention it really deserved. But now I’m shifting focus again, and I’ll be able to spend more time on this plugin in the near future.

First up: the development version contains a few fixes against several  bugs and typo’s.

The biggest issue I’ve fixed is a problem with non alphanumeric characters and foreign character sets which are not being rendered correctly. It’s quite an important fix actually so it needs some testing before I can release it with the next stable version. You can support me to achieve this in one of three ways:

If you’re just passing by:

I’m a firm believer in the old adage ‘eat your own dog food’ so I’ve installed the development version on my own blog. Just leave a comment and use the most weirdest characters you can find on your keyboard. Combinations of quotes, double quotes, slashes,… anything gives! If you’re native tongue uses a foreign character set: give it a try!

If you’re a blogger:

Download the latest development snapshot of the plugin, intall it on a your (test) blog, make a blogpost and use all kinds of exotic character sets (chinese, cyrillic, greek, arabic, vietnamese, etc.). Try to use the most weirdest characters and check for comments with missing or garbled content.

If you’re a developer:

Download the snapshot and review my code! The code which sanitizes the comment strings can be found around line 1377.

If everything works great, I hope to do a long overdue bug fix release later on this week.

Mollom 0.7.4 and more

Gepost op door Matthias

One of my ongoing efforts is trying to get WP Mollom translated. I’ve put the plugin up on the wp-polyglots mailinglist and I’ve received several translations. Which was enough a reason to tag a new release. So, now you can enjoy the power of Mollom in these languages:

  • Vietnamese (vi)
  • Bulgarian (bg_BG)
  • Bangla (bn_BD)

I’ve already written about revising the codebase and making room for improvement. I’ve made a small list of things that are on my wanted/todo list.

  • More OO
    At this point, all the functionality is contained in 28 functions. These functions implement everything from the different calls to the Mollom API, over handling comment form input to showing a pretty graph. Although most functionality is comprised to it’s own function, there’s still lack of a good architectural design. I’ve come to a point now where adding new features or optimizing code means ripping apart large pieces of the plugin. For instance, the function that let’s the configuration page work contains code to handle the form but also to build and show the form. Boxing functionality limits the ability to reuse code or adapt it efficiently. Identifying separate segments of functionality and assigning them to their own classes and functions will make the plugin more agile and able to cope with change.
  • Implementing AJAX
    Over the last iterations, WordPress has incorporated loads of AJAX. This technology makes it possible to, for instance, moderate a comment without the need to reload the entire page. And as a bonus, add a nice colored fade effect. It would be nice to leverage the AJAX API of WordPress and make WP Mollom more userfriendly. AJAX in Mollom would not only be applied in the administration panel, but also made available front-end to theme developers.
  • Usability
    The current interface has already gone through several iterations but there’s still room for improvement. I’m thinking of several things. Instead of a percentage with no label, it should be a more visual indication of the spaminess of a comment. Comments that had a CAPTCHA should stand out more in the list. Pagination needs more refinement. The configuration page needs some rethinking. The quality indicator in the moderation module should be more verbose. I would also like to make the plugin more informative: a better breakdown of statistics and performance monitoring of the plugin.
  • Hooks
    Wordpress allows plugin developers to define their own hooks. This enables plugins to ‘hook’ onto each other. A nice example is Ozh’ Admin Dropdown Menu that allows plugin developers to define a custom icon through a hook. I would like to keep an eye out for places in the plugin code where functionality added through third party plugins can generate added value. Mollom is designed not only to protect comment forms, but any form that’s presented to an end user. So it would be a plus to make Mollom protection available to other plugins through well placed hooks.
  • Widgets
    Wordpress 2.8 will ship with a new improved Widget API. This enables plugin developers to write easy to create widgets which can display all kinds of neat things on your blog. An easy to install Mollom widget that displays the effectiveness of Mollom would be a nice-to-have.
  • WordPress MU support
    This is something I’ve been talking a long time about: adding support for WordPress MU. The current codebase doesn’t allow this in an easy fashion. Incorporating WordPress MU support is one of the main reasons to rethink the way the plugin should be designed.

It’s pretty clear this means going back to the drawingboard. Development should progress pretty fast though, since most of the code which is now in the current stable version, can be reused. One lesson I’ve learned is that I should to code the plugin against the development version of WordPress (in this case: bleeding-edge 2.8) to cope with the changes and make use of newest features in WordPress.

In retrospect, the plugin has been a project which I’m working on little over a year now. The log of wp-mollom.php tells me that I started working on the plugin itself (after testing the Mollom API and very premature versions in february-march 2008)  on april, 2nd of last year. So, a bit late: but happy 1st birthday WP Mollom!

Mollom blocks fifty million spam attempts

Gepost op door Matthias

Mollom blocked over fifty million spam attempts since its inception. Just over two months ago, that was little over twenty-five million. Just in the past 24 hours, Mollom caught 480,000 attempts. This shows how important it is to get the best protection that can guarantee a clear user experience. It also shows that Mollom is getting more and more traction with over 7,000 sites protected.

As for the WordPress plugin, the development has been on the slow side in the past weeks and months. The plugin can  use more fine tuning. It still doesn’t support WordPress MU (well, there’s a hack). I’m planning to revisit the code to give that some more attention.

Anyway, I would love to hear how the plugin is performing on your site and what I can do to make it even better!

WP Mollom 0.7.3

Gepost op door Matthias

Another month, a new release. I just tagged WP Mollom 0.7.3. It’s got the shortest changelog up to date, but the translations that are included make up for that.

  • fixed: multiple moderation would incorrectly state ‘moderation failed’ due to incorrect set boolean.
  • added: german (de_DE) translation
  • added: italian (it_IT) translation

Many thanks go out to Alexander Langer and Gianni Diurno for sending me their translations. With only 88 strings, translating the plugin doesn’t take that much time. So, If you could spare the time and you know your way around POEdit (or you’re willing to learn), just go out there and make this plugin easier to use for non-english speaking users of WordPress!

Of course, if you don’t use the plugin already: you can get it right here!

WP Mollom 0.7.2

Gepost op door Matthias

I just released version 0.7.2 of WP Mollom. Here’s the changelist

  • fixed: closing a gap that allowed bypassing checkContent through spoofing $_POST['mollom_sessionid']
  • fixed: if mb_convert_encoding() is not available, the CAPTCHA would generate a PHP error. Now falls back to htmlentities().
  • improved: the check_trackback_content and check_comment_content are totally rewritten to make them more secure.
  • added: user roles capabilities. You can now exempt roles from a check by Mollom
  • added: simplified chinese translation

So, for the most part, this release is about security related under-the-hood changes. Another great adition is the use of user roles. With previous releases, you didn’t have to pass the Mollom check if you were logged in. Which was a bit of a security issue in it’s own. This release allows you to exempt certain user roles from Mollom scrutiny.

Finally, I owe a big thank you to Donald for the great work he did translating the interface into simplified chinese and his numerous suggestions. Thank you!! I would like to encourage others to translate the plugin! German, French and/or Spanish, if you know them, now is the time to put them to use!

So, go grab it from WordPress Extend or upgrade your installation through the famous one-step intaller in your Dashboard!

WP Mollom 0.7.1

Gepost op door Matthias

I just released WP Mollom 0.7.1. Here’s the changelog:

  • fixed: all plugin panels are now shown in the new WP 2.7 administration interface menu
  • fixed: non-western character sets are now handled properly in the captcha form
  • fixed: handles threaded comments properly
  • fixed: multiple records in the manage module not correctly processed
  • improved: extra – non standard – fields added to the comment form don’t get dropped
  • improved: revamped the administration panel
  • improved: various smaller code improvements
  • added: the plugin is now compatible with the new plugin uninstall features in WordPress 2.7
  • added: the ‘quality’ of ‘spaminess’ of a comment is now logged and shown as an extra indicator

Wishing all the best in 2009!

WordPress 2.7

Gepost op door Matthias

Yes. WordPress 2.7 is out. Your favorite blogging tool has gotten a serious overhaul: a totally new administration panel, loads of bugfixes and lots of new features.

The plugin API has been extended: you should now use a seperate file to store all uninstallation logic instead of relying on the deactivate callback, options should be registered with WP (mandatory in near future versions) and the submenu structure onto which you can hook your own settings is revamped.

If you haven’t already noticed, WP Mollom 0.7.0 has some minor issues with 2.7. Most notably, The management panel disappears. Between boxing my stuff, frantic phonecalls and spending countless hours commuting through Flanders, I’m trying to get the plugin up to speed.

WP Mollom “O my god I can’t believe” 0.7.0

Gepost op door Matthias

I just tagged major version 0.7.0 of WP Mollom in the WordPress Plugin Repository. Why a major leap (0.6 > 0.7)? Over the past month or two, in between my traveling and all that, I got my plugin taking full advantage of the great translation support in WordPress. So, it’s possible now to translate (or localize) the plugin in your own language.

Translation is very important because not everybody on the planet speaks english. Localization helps make WordPress more accessible and enables more people to pick up blogging.

WordPress, and the plugin, use GNU Gettext support for transparant and easy translation. Through userfriendly tools like POEdit, it’s very easy to translate all the strings which are contained in the interface of the plugin. All translations are bundled in a single .mo file which you need to upload with the plugin file. The code will pick up your translation depending on your WordPress settings. Of course, you can distribute the .mo file yourself or, even better, send it to me so I can bundle it with the plugin. Of course, where credit is due…

How can you help? If you are proficient in your own particular native tongue, you could pick up a tool and start translating. If you want to know more, you can read up on this tutorial. I’ve made a – provisional – example tranlation for Dutch which is stored in the wp-mollom-nl_NL.mo file that accompanies this version of the plugin.

BarcampGent 2

Gepost op door Matthias

Zaterdag trek ook ik naar BarcampGent 2. De vorige editie in maart heeft me, via Bunker, mijn huidige job opgeleverd en mag dus terecht een succes worden genoemd. Alleen vond ik mijn eigen presentatie toen zelf wat tegen vallen. Gebrek aan een goed onderwerp en voorbereiding eigenlijk.

Voor deze editie liggen de kaarten anders. Deze keer hoop ik een timeslot te vullen met, hoe kan het ook anders, een korte toelichting over Mollom en WordPress.

Rendez-vous zaterdag in het IBBT!

Translation support: help needed

Gepost op door Matthias

Translating WordPress has always been very easy through gettext and tools like poedit. The availability of a whole range of languages and dialects that can be used to replace the standard English messages in WordPress is one of the factors that has contributed to the success of the CMS.

Of course, this support for translation is also available for plugins and themes. Since language shouldn’t be a barrier, I’ve been building support for translations into WP Mollom over the past weeks. The idea is that one can download a translation libary (a .mo file with all the translated strings in his language) and install it without a hussle.

So, today I tested the whole translation support fairly thoroughly and, well, there’s this rub. If I install the plugin using the local MAMP installation on my iBook G4, all is fine. The plugin gets translated in Dutch nicely. But if I try to enable the translation on line, on this blog and the testblog running on this domain, it doesn’t budge. Everything in the on line WordPress setups get translated fine… except for the plugin. I’ve tried switching off all the plugins, veryfing and re-veryfing paths, code, translation files,… and I still don’t see what’s really causing this.

So, I would like some help and see if other people are experiencing the same problem. If you are in for a challenge and you use translation support, dowload the development version of the plugin and give it a go. Just drop the wp-mollom/ folder in the plugins/ folder and make sure you have translation support on your WordPress installation activated.

Drop me a line if you have suggestion! Thanks!

Mollom 0.6.2, the Urgent One

Gepost op door Matthias

Since a couple of weeks people using WP Mollom got hit by some spam. On friday, Bert took the problem to Twitter, which caught my attention. Of course, we want to get rid of all the spam and so I notified Dries.

Over the weekend, Dries did some research in the logfiles and noticed some disturbing patterns concerning feedback sent from WordPress blogs using the plugin. Most moderated messages got reported as ‘profanity’ rather then ‘spam’. That led, with the much appreciated help of Pascal, to the discovery of a nasty bug in the feedback functions of the plugin.

It seems that spam was reported as ‘profanity’ and ‘unwanted’ as ‘spam’. The feedback qualifiers got totally messed up in a conditional block… and accustomed with the code as I got, I probably read over it a thousand times without really noticing the error. Through sending the wrong qualifiers, the Mollom servers can not interpret correctly what is spam or not for your blog. This has, of couse, a serious impact on the performance of Mollom.

Given the nature and the severity of the error, I corrected it and put version 0.6.2 with *only* this bugfix up for release on WordPress Extend. So, if you’re running version 0.6.1 or lower, you should download the fixed version as soon as possible.

Mollom 0.6.1

Gepost op door Matthias

I just tagged version 0.6.1 of WP Mollom in the WordPress Extend repository. Which means in a few moments, you’ll be able to download the latest installment of my plugin.

So, what has changed? Well, this is a bugfix release which means no new features. Here’s the changelog:

  • Fixed: division by 0 error on line 317
  • Fixed: if ‘unsure’ but captcha was filled in correctly, HTML attributes in comment content would sometimes be eaten by kses
  • Improved: the mollom function got an overhaul to reflect the september 15 version of the Mollom API documentation
  • Changed: mollom statistics are now hooked in edit-comments.php instead of plugins.php
  • Added: _mollom_retrieve_server_list() function now handles all getServerList calls

Although almost all basic functions are up and running now, there’s still a long road ahead. Today, I’m happy with what I’ve accomplished technically so far, but such things as usability, performance, flexibility,… still need more work. For instance, there’s still no WordPress MU version, i8n support is still missing, the backend needs more simplifying and much more.

But then again, if spam annoys you as much as the mosquitos in my room did me last night, then this is the plugin for you. Download the package, drop wp-mollom.php in your plugins folder, register with mollom.com to get your keys, just configure them in the plugin and you’re all packed with some serious spam stoppage power.

Happy blogging!

Mollom out of beta

Gepost op door Matthias

Congratulations are in order as the Mollom guys went out of beta over the weekend. Great! They did several upgrades to their service over the past weeks including improving their spam deterrents and the visual CAPTCHA.

When you settle with a free account, Mollom allows 100 legit comments to be posted on your blog a day. More then enough for most blogs. Powerusers should sign up for their Mollom Plus Service which allows 10,000 legit comments a day. Ideal for enterprise sites, businesses and community services.

You can find more information on their blog.

Over the past weeks, I turned my attention to several other priorities. But then again, I fixed several bugs in the plugin. A new version of the API documentation was released on the 15th of september. Maintainers of third party clients should turn their attention to section 9 of the API. Mollom now features an elaborate load balancing/fail over act.

Short of a few bugs, I’m trying to work out a better way of handling errors in the plugin. So a new version of the plugin is in the works and a release should be right around the corner.

WP Mollom “Back to school” 0.6.0

Gepost op door Matthias

On the 1st of september, kids go back to school here in Belgium. And so, with a week to go, I was able to get a new release out. I intended it to be a bugfix release with version number 0.5.3, but I got a bit carried away and some feature creep happened. So I decided to give it version number 0.6.0.

Here’s the changelog:

  • fixed: html is preserved in a comment when the visitor is confronted with the captcha
  • fixed: handling of session id’s in show_captcha() en check_captcha() follows the API flow better.
  • fixed: broken bulk moderation of comments is now fixed
  • fixed: the IP adress was incorrectly passed to the ‘mollom.checkCaptcha’ call
  • fixed: the session_id is now passed correctly to _save_session() after the captcha is checked.
  • improved: more verbose status messages report when using the Mollom Manage module
  • improved: cleaned up some deprecated functions
  • improved: handling of Mollom feedback in _mollom_send_feedback() function
  • added: approve and unapprove options in the Mollom Manage module
  • added: link to the originating post in the Mollom Manage module
  • added: if a comment had to pass a CAPTCHA, it will be indicated in the Mollom Manage module
  • added: plugin has it’s own HTTP USER AGENT string which will be send with XML RPC calls to the API
  • added: detailed statistics. You can find these under Plugins > Mollom

My personal favourite are the new statistics. I like shiny bar graphs. Dries and Benjamin let me use the flash object to generate statistics based on the data of their Mollom services. But I decided to keep some statistics on the ‘client’ i.e. your site’s side.

WP Mollom Statistics

How to install this shiny new version?

  1. If you have Akismet running: shut it down in the plugins panel.
  2. Upload wp-mollom.php in your plugins/ folder and activate the plugin.
  3. Get a public/private key by registering your site on mollom.com.
  4. Go to ‘settings’ in the WordPress Administration and configure the plugin.
  5. That’s it… your blog is protected by the forces of Mollom.

The idea is that Mollom takes away most of your moderation needs. But from time to time, you might get confronted with a false positive. In the ‘comments’ section of your WordPress Administration panel, you find the Mollom Moderation Module which gives you lots of control.

What are you waiting for? Just give it a go!

Mollom galore

Gepost op door Matthias

So, Dries and Benjamin put out t-shirts to all those who contributed in a way to Mollom. If all went well, and Belgian postal services did their job, a package with a tee would be waiting for me at home right now. A big thank you!

Over the past days, there were some hiccups with the plugin not working that well. First, crack groups of rogues still get the better of the plugin. I also got spam in the moderation queue on a daily basis. The service is still under development and strategies are being devised to counter these attacks as we speak. Second, during debugging rounds in the past days, I encountered some anomalies against the API which will be fixed in the next version.

Yesterday, Dries, Benjamin discussed, amongst other things, Mollom over dinner in Antwerp. How s/w/could the service evolve in the future? I came home with a lot of ideas and todo’s. Bottomline is that the current version of the plugin is only the start.

I know, Mollom news isn’t what most of my regular readers interests. I got several remarks from people who rather like the lifelogs, the photos, the videos or the links. So I’m working on a plan to move all the techy stuff, not just Mollom, to it’s own seperate personal techblog in due time.

WP Mollom 0.5.2

Gepost op door Matthias

So, I wrapped up version 0.5.2 of WP Mollom today. This release is all about fixing several bugs.

  • fixed: passing $comment instead of the direct input from $_POST to the show_captcha() and check_captcha() functions.
  • improved: implemented wpdb->prepare() in vunerable queries
  • improved: mollom_activate() function now more robust
  • changed: mollom_author_ip() reflects changes in the API documentation. This is to catch up on the abuse of proxies by spammers. If your host uses a reverse proxy and you know the ip(‘s), just enter them in the dashboard. The plugin takes care of the rest.

I tried to make the plugin compatible with the WP OpenID plugin over the past weeks. But no dice. Stable version 2.1.9 of WP OpenID doesn’t deal with extra fields added to the HTTP POST by other plugins when a request is send to wp-comments-post.php. This causes WP Mollom’s CAPTCHA form and subsequent checks to malfunction.

The good news is that Will Norris of WP OpenID is aware of the problem. The development version does contain a fix for this problem and is actually compatible with WP Mollom. You can check out a copy from the DiSo Project’s Google Code repository if you really want OpenID and Mollom support on your site.

As always: refer to the documentation regarding all the in’s and out’s.

Mollom vs Netsensei

Gepost op door Matthias

Over the past days, there were some hiccups with WP Mollom on my blog. Comments that were kept back and the likes. I had an little bit outdated version of the plugin running. Of course, over the past weeks since 0.5.1, I received quite some feedback. And over the weekend, there was a small adjustement in the Mollom API.

So I took action and during my daily commute from and to Leuven, I took the time to fix things up. I’m now running a test version of 0.5.2 on my blog. I improved the SQL yet again (thanks, Ben!) and a bug in the CAPTCHA form.

So drop a me line in the comments and if things don’t work out, don’t hesitate to contact me!

If you’re really willing, you can always give the development version a go. It contains all the latest changes and updates, but might not be so stable.

WP Mollom featured on Mollom.com

Gepost op door Matthias

The plugin got featured over the weekend on mollom.com. It has now it’s own place in their downloadsection. How neat is that!

Mollom Featured

During my four days of relaxing at Rock Werchter, I received some much needed feedback from you. Over the weekend, I realized there are still an issue or two which needs taking care of. There was also a minor change in the API documentation which needs implementing.