Two years of Mollom satisfaction

Gepost op door Matthias

Davy started a meme: show off how well Mollom has been performing on your site over the past weeks, months or even years. I picked it up at Wim‘s place. Here is the lowdown for my own blog.

2 years of Mollom satisfaction

To be more exact: Mollom was activated 703 days ago. Until now, 1,355 submissions were accepted and 23,999 rejected. Yesterday, Mollom blocked 12 spam attempts and accepted 0 ham messages. So far, Mollom blocked 13 spam attempts and 0 ham messages today.

Quite impressive.  The least I can say is that Mollom took away a big nag of mine. The gap in Q1 of 2009 was due to a critical bug which needed fixing in my code.  I ran Mollom in developer mode which means no real life statistics were recoreded during that particular timeframe. Apart from that, Mollom has been protecting my WordPress blog for the past 2 years and held on to it’s own.

Of course, you’re all probably eager to know whether I’m still maintaining the plugin. Yes, I am. Over the past few months, I’ve been working off and on to get a new version a the plugin ready. It will be a total rebuild with lots of improvements. I’m covering what’s to come and my own developer experience in depth in a future blog post.

So stay tuned!

Mollom 0.7.4 and more

Gepost op door Matthias

One of my ongoing efforts is trying to get WP Mollom translated. I’ve put the plugin up on the wp-polyglots mailinglist and I’ve received several translations. Which was enough a reason to tag a new release. So, now you can enjoy the power of Mollom in these languages:

  • Vietnamese (vi)
  • Bulgarian (bg_BG)
  • Bangla (bn_BD)

I’ve already written about revising the codebase and making room for improvement. I’ve made a small list of things that are on my wanted/todo list.

  • More OO
    At this point, all the functionality is contained in 28 functions. These functions implement everything from the different calls to the Mollom API, over handling comment form input to showing a pretty graph. Although most functionality is comprised to it’s own function, there’s still lack of a good architectural design. I’ve come to a point now where adding new features or optimizing code means ripping apart large pieces of the plugin. For instance, the function that let’s the configuration page work contains code to handle the form but also to build and show the form. Boxing functionality limits the ability to reuse code or adapt it efficiently. Identifying separate segments of functionality and assigning them to their own classes and functions will make the plugin more agile and able to cope with change.
  • Implementing AJAX
    Over the last iterations, WordPress has incorporated loads of AJAX. This technology makes it possible to, for instance, moderate a comment without the need to reload the entire page. And as a bonus, add a nice colored fade effect. It would be nice to leverage the AJAX API of WordPress and make WP Mollom more userfriendly. AJAX in Mollom would not only be applied in the administration panel, but also made available front-end to theme developers.
  • Usability
    The current interface has already gone through several iterations but there’s still room for improvement. I’m thinking of several things. Instead of a percentage with no label, it should be a more visual indication of the spaminess of a comment. Comments that had a CAPTCHA should stand out more in the list. Pagination needs more refinement. The configuration page needs some rethinking. The quality indicator in the moderation module should be more verbose. I would also like to make the plugin more informative: a better breakdown of statistics and performance monitoring of the plugin.
  • Hooks
    Wordpress allows plugin developers to define their own hooks. This enables plugins to ‘hook’ onto each other. A nice example is Ozh’ Admin Dropdown Menu that allows plugin developers to define a custom icon through a hook. I would like to keep an eye out for places in the plugin code where functionality added through third party plugins can generate added value. Mollom is designed not only to protect comment forms, but any form that’s presented to an end user. So it would be a plus to make Mollom protection available to other plugins through well placed hooks.
  • Widgets
    Wordpress 2.8 will ship with a new improved Widget API. This enables plugin developers to write easy to create widgets which can display all kinds of neat things on your blog. An easy to install Mollom widget that displays the effectiveness of Mollom would be a nice-to-have.
  • WordPress MU support
    This is something I’ve been talking a long time about: adding support for WordPress MU. The current codebase doesn’t allow this in an easy fashion. Incorporating WordPress MU support is one of the main reasons to rethink the way the plugin should be designed.

It’s pretty clear this means going back to the drawingboard. Development should progress pretty fast though, since most of the code which is now in the current stable version, can be reused. One lesson I’ve learned is that I should to code the plugin against the development version of WordPress (in this case: bleeding-edge 2.8) to cope with the changes and make use of newest features in WordPress.

In retrospect, the plugin has been a project which I’m working on little over a year now. The log of wp-mollom.php tells me that I started working on the plugin itself (after testing the Mollom API and very premature versions in february-march 2008)  on april, 2nd of last year. So, a bit late: but happy 1st birthday WP Mollom!

WP Mollom 0.7.3

Gepost op door Matthias

Another month, a new release. I just tagged WP Mollom 0.7.3. It’s got the shortest changelog up to date, but the translations that are included make up for that.

  • fixed: multiple moderation would incorrectly state ‘moderation failed’ due to incorrect set boolean.
  • added: german (de_DE) translation
  • added: italian (it_IT) translation

Many thanks go out to Alexander Langer and Gianni Diurno for sending me their translations. With only 88 strings, translating the plugin doesn’t take that much time. So, If you could spare the time and you know your way around POEdit (or you’re willing to learn), just go out there and make this plugin easier to use for non-english speaking users of WordPress!

Of course, if you don’t use the plugin already: you can get it right here!

WP Mollom 0.7.2

Gepost op door Matthias

I just released version 0.7.2 of WP Mollom. Here’s the changelist

  • fixed: closing a gap that allowed bypassing checkContent through spoofing $_POST['mollom_sessionid']
  • fixed: if mb_convert_encoding() is not available, the CAPTCHA would generate a PHP error. Now falls back to htmlentities().
  • improved: the check_trackback_content and check_comment_content are totally rewritten to make them more secure.
  • added: user roles capabilities. You can now exempt roles from a check by Mollom
  • added: simplified chinese translation

So, for the most part, this release is about security related under-the-hood changes. Another great adition is the use of user roles. With previous releases, you didn’t have to pass the Mollom check if you were logged in. Which was a bit of a security issue in it’s own. This release allows you to exempt certain user roles from Mollom scrutiny.

Finally, I owe a big thank you to Donald for the great work he did translating the interface into simplified chinese and his numerous suggestions. Thank you!! I would like to encourage others to translate the plugin! German, French and/or Spanish, if you know them, now is the time to put them to use!

So, go grab it from WordPress Extend or upgrade your installation through the famous one-step intaller in your Dashboard!

WP Mollom 0.7.1

Gepost op door Matthias

I just released WP Mollom 0.7.1. Here’s the changelog:

  • fixed: all plugin panels are now shown in the new WP 2.7 administration interface menu
  • fixed: non-western character sets are now handled properly in the captcha form
  • fixed: handles threaded comments properly
  • fixed: multiple records in the manage module not correctly processed
  • improved: extra – non standard – fields added to the comment form don’t get dropped
  • improved: revamped the administration panel
  • improved: various smaller code improvements
  • added: the plugin is now compatible with the new plugin uninstall features in WordPress 2.7
  • added: the ‘quality’ of ‘spaminess’ of a comment is now logged and shown as an extra indicator

Wishing all the best in 2009!

WP Mollom “O my god I can’t believe” 0.7.0

Gepost op door Matthias

I just tagged major version 0.7.0 of WP Mollom in the WordPress Plugin Repository. Why a major leap (0.6 > 0.7)? Over the past month or two, in between my traveling and all that, I got my plugin taking full advantage of the great translation support in WordPress. So, it’s possible now to translate (or localize) the plugin in your own language.

Translation is very important because not everybody on the planet speaks english. Localization helps make WordPress more accessible and enables more people to pick up blogging.

WordPress, and the plugin, use GNU Gettext support for transparant and easy translation. Through userfriendly tools like POEdit, it’s very easy to translate all the strings which are contained in the interface of the plugin. All translations are bundled in a single .mo file which you need to upload with the plugin file. The code will pick up your translation depending on your WordPress settings. Of course, you can distribute the .mo file yourself or, even better, send it to me so I can bundle it with the plugin. Of course, where credit is due…

How can you help? If you are proficient in your own particular native tongue, you could pick up a tool and start translating. If you want to know more, you can read up on this tutorial. I’ve made a – provisional – example tranlation for Dutch which is stored in the wp-mollom-nl_NL.mo file that accompanies this version of the plugin.

Translation support: help needed

Gepost op door Matthias

Translating WordPress has always been very easy through gettext and tools like poedit. The availability of a whole range of languages and dialects that can be used to replace the standard English messages in WordPress is one of the factors that has contributed to the success of the CMS.

Of course, this support for translation is also available for plugins and themes. Since language shouldn’t be a barrier, I’ve been building support for translations into WP Mollom over the past weeks. The idea is that one can download a translation libary (a .mo file with all the translated strings in his language) and install it without a hussle.

So, today I tested the whole translation support fairly thoroughly and, well, there’s this rub. If I install the plugin using the local MAMP installation on my iBook G4, all is fine. The plugin gets translated in Dutch nicely. But if I try to enable the translation on line, on this blog and the testblog running on this domain, it doesn’t budge. Everything in the on line WordPress setups get translated fine… except for the plugin. I’ve tried switching off all the plugins, veryfing and re-veryfing paths, code, translation files,… and I still don’t see what’s really causing this.

So, I would like some help and see if other people are experiencing the same problem. If you are in for a challenge and you use translation support, dowload the development version of the plugin and give it a go. Just drop the wp-mollom/ folder in the plugins/ folder and make sure you have translation support on your WordPress installation activated.

Drop me a line if you have suggestion! Thanks!

Mollom 0.6.2, the Urgent One

Gepost op door Matthias

Since a couple of weeks people using WP Mollom got hit by some spam. On friday, Bert took the problem to Twitter, which caught my attention. Of course, we want to get rid of all the spam and so I notified Dries.

Over the weekend, Dries did some research in the logfiles and noticed some disturbing patterns concerning feedback sent from WordPress blogs using the plugin. Most moderated messages got reported as ‘profanity’ rather then ‘spam’. That led, with the much appreciated help of Pascal, to the discovery of a nasty bug in the feedback functions of the plugin.

It seems that spam was reported as ‘profanity’ and ‘unwanted’ as ‘spam’. The feedback qualifiers got totally messed up in a conditional block… and accustomed with the code as I got, I probably read over it a thousand times without really noticing the error. Through sending the wrong qualifiers, the Mollom servers can not interpret correctly what is spam or not for your blog. This has, of couse, a serious impact on the performance of Mollom.

Given the nature and the severity of the error, I corrected it and put version 0.6.2 with *only* this bugfix up for release on WordPress Extend. So, if you’re running version 0.6.1 or lower, you should download the fixed version as soon as possible.

WP Mollom “Back to school” 0.6.0

Gepost op door Matthias

On the 1st of september, kids go back to school here in Belgium. And so, with a week to go, I was able to get a new release out. I intended it to be a bugfix release with version number 0.5.3, but I got a bit carried away and some feature creep happened. So I decided to give it version number 0.6.0.

Here’s the changelog:

  • fixed: html is preserved in a comment when the visitor is confronted with the captcha
  • fixed: handling of session id’s in show_captcha() en check_captcha() follows the API flow better.
  • fixed: broken bulk moderation of comments is now fixed
  • fixed: the IP adress was incorrectly passed to the ‘mollom.checkCaptcha’ call
  • fixed: the session_id is now passed correctly to _save_session() after the captcha is checked.
  • improved: more verbose status messages report when using the Mollom Manage module
  • improved: cleaned up some deprecated functions
  • improved: handling of Mollom feedback in _mollom_send_feedback() function
  • added: approve and unapprove options in the Mollom Manage module
  • added: link to the originating post in the Mollom Manage module
  • added: if a comment had to pass a CAPTCHA, it will be indicated in the Mollom Manage module
  • added: plugin has it’s own HTTP USER AGENT string which will be send with XML RPC calls to the API
  • added: detailed statistics. You can find these under Plugins > Mollom

My personal favourite are the new statistics. I like shiny bar graphs. Dries and Benjamin let me use the flash object to generate statistics based on the data of their Mollom services. But I decided to keep some statistics on the ‘client’ i.e. your site’s side.

WP Mollom Statistics

How to install this shiny new version?

  1. If you have Akismet running: shut it down in the plugins panel.
  2. Upload wp-mollom.php in your plugins/ folder and activate the plugin.
  3. Get a public/private key by registering your site on mollom.com.
  4. Go to ‘settings’ in the WordPress Administration and configure the plugin.
  5. That’s it… your blog is protected by the forces of Mollom.

The idea is that Mollom takes away most of your moderation needs. But from time to time, you might get confronted with a false positive. In the ‘comments’ section of your WordPress Administration panel, you find the Mollom Moderation Module which gives you lots of control.

What are you waiting for? Just give it a go!

Donncha O Caoimh geeft een aantal handige tips om met mod_rewrite heel wat spam tegen te houden. (0)

WP Mollom 0.5.2

Gepost op door Matthias

So, I wrapped up version 0.5.2 of WP Mollom today. This release is all about fixing several bugs.

  • fixed: passing $comment instead of the direct input from $_POST to the show_captcha() and check_captcha() functions.
  • improved: implemented wpdb->prepare() in vunerable queries
  • improved: mollom_activate() function now more robust
  • changed: mollom_author_ip() reflects changes in the API documentation. This is to catch up on the abuse of proxies by spammers. If your host uses a reverse proxy and you know the ip(‘s), just enter them in the dashboard. The plugin takes care of the rest.

I tried to make the plugin compatible with the WP OpenID plugin over the past weeks. But no dice. Stable version 2.1.9 of WP OpenID doesn’t deal with extra fields added to the HTTP POST by other plugins when a request is send to wp-comments-post.php. This causes WP Mollom’s CAPTCHA form and subsequent checks to malfunction.

The good news is that Will Norris of WP OpenID is aware of the problem. The development version does contain a fix for this problem and is actually compatible with WP Mollom. You can check out a copy from the DiSo Project’s Google Code repository if you really want OpenID and Mollom support on your site.

As always: refer to the documentation regarding all the in’s and out’s.

Mollom vs Netsensei

Gepost op door Matthias

Over the past days, there were some hiccups with WP Mollom on my blog. Comments that were kept back and the likes. I had an little bit outdated version of the plugin running. Of course, over the past weeks since 0.5.1, I received quite some feedback. And over the weekend, there was a small adjustement in the Mollom API.

So I took action and during my daily commute from and to Leuven, I took the time to fix things up. I’m now running a test version of 0.5.2 on my blog. I improved the SQL yet again (thanks, Ben!) and a bug in the CAPTCHA form.

So drop a me line in the comments and if things don’t work out, don’t hesitate to contact me!

If you’re really willing, you can always give the development version a go. It contains all the latest changes and updates, but might not be so stable.

WP Mollom featured on Mollom.com

Gepost op door Matthias

The plugin got featured over the weekend on mollom.com. It has now it’s own place in their downloadsection. How neat is that!

Mollom Featured

During my four days of relaxing at Rock Werchter, I received some much needed feedback from you. Over the weekend, I realized there are still an issue or two which needs taking care of. There was also a minor change in the API documentation which needs implementing.

WP Mollom “Holiday Edition” 0.5.1

Gepost op door Matthias

I just released a minor update of WP Mollom with some bugfixes. This is the changelog:

  • Fixed: minor issues with the Captcha not being rendered correctly
  • Added: mollom_manage_wp_queue() function which adds Mollom support to the default comment administration panel
  • Improved: updating from a previous version is now more robust

More info and download on WordPress Extend

Mollom 0.5.0 out now!

Gepost op door Matthias

It took me the better part of June to prepare a new version of Mollom. But today I released version 0.5.0. You can download the package here.

So, a lot has changed since version 0.4.0…

  • I rewrote the SQL after this suggestion on Pressed Words. Mollom now uses it’s own table to store all it’s data instead of fumbling with the WordPress data model.
  • I fixed the incompatibility issues with WordPress OpenID plugin.
  • Improved the error handling.
  • Status messages are now a lot more verbose
  • Added the mollom_moderate_comment($comment_id) tag for use in templates and themes. This allows direct moderation of a comment without first having to go to the dashboard.
  • … a lot more!

So download, go forth and protect your blog against those vile spammers through Mollom!

It’s out!

Gepost op door Matthias

Well, nothing more to say for now: it’s out. You can download and play with it. It’s a first beta version so beasts can roar it’s head if you have a heavily customized wordpress installation with loads of plugins. Please, drop me a line with all your feedback, code, concerns, requests!

A big thank you to Dries, Benjamin, the testers and all those people that supported me!

Release of WP Mollom

Gepost op door Matthias

So. I scheduled a first public beta release of my Mollom plugin somewhere tonight (CET/UTC+1). The plugin runs quite stable on my own weblog and spam is happily being blocked. I didn’t receive major complaints from testers or users on my own blog in the past week. Yesterday, I cleared the code with Dries who took a glance at the major functionality.

Of course, it wouldn’t be a first beta release if there aren’t still some irks lurking around in the code. This morning, Leo Arias mailed me that the plugin won’t work together with the WP OpenId plugin. Having toyed with my own OpenID implementation for WordPress, I’m not a great proponent of this technology. The way you have to design a plugin implies using several shortcuts. I’m not going to push my release back now, though. I will try to fix this issue in the next release.

My code will also be thoroughly reviewed by the Mollom people.

Thanks to all the testers and those who just listed to become a tester!

Mollom workflow

Gepost op door Matthias

Dries made me a nice diagram on the process flow of Mollom. It shows the order in which your Mollom programmable should excute the different API calls.

Note: You should never try to save data to the database before all the Mollom checks including the CAPTCHA have been cleared. The idea is that through the challenge-response flow, the contributor has to validated him/herself as a human instead of forcing the administrator to make an educated guess.

As for the plugin itself: I noticed several small booboo’s myself over the weekend and sorted them out. A public release should be very soon-ish.

Statistics for Mollom

Gepost op door Matthias

Because numbers and graphics can express so much more then words: a visualisation of how Mollom is protecting my blog against spam. I’ve been testing my plugin on and off for the past 2 weeks on my own blog.

Mollom for WordPress

The new beta release is almost ready by the way. Just need to pack and ship it to the testers tonight. So here’s what’s new:

  • Decoupled moderation from the CAPTCHA test. Moderation is now optional. If you fail to complete the CAPTCHA, your comment is not saved to the database.
  • Major improvement of the error handling. I dove into WordPress’ error handling. I think people should make more use of the WP_Error class in combination with wp_die(). Maybe I’ll do a small item on that one.
  • I added trackback support. Of course, displaying CAPTCHA’s for trackbacks isn’t going to work. So after discussing it with Dries, instead of trying to solve the CAPTCHA problem, those trackbacks are blocked as well.

As things get finalized, I’m thinking about doing a very first public beta release sometime next week. I had very few feedback from testers so far in fact. If people are still interested in joining me for a last spin: drop me a line!