wordpress评论插件_使用Postmatic改善WordPress评论-CSDN博客

wordpress评论插件

We've set out to create a fantastic commenting plugin for WordPress. It's called Postmatic and what it does is a first for any blogging system: to allow synchronous 100% email and web-based commenting. The web folks can engage via the web. The email folks can stick to email. And everyone can remain focused, engaged, and most important: at their own pace.

我们已经着手为WordPress创建一个出色的评论插件。它被称为Postmatic，它是所有博客系统中的第一个：允许同步100％电子邮件和基于Web的评论。网络人员可以通过网络参与。电子邮件人们可以坚持使用电子邮件。每个人都可以保持专注，参与和最重要： 按照自己的节奏。

But WordPress has a spam problem. Which means that sooner or later, if we aren't paying attention, we're going to have one as well. Or even worse we could dramatically compound the existing ugliness. We've put a lot of time into thinking about this, proactively dealing with it, and planning for the future. Parts of our strategy build on the ideas brought forth in David's post about preventing comment spam. Others are our own. By bundling together some proven strategies and trying a few ideas of our own we're having pretty good success.

但是WordPress有一个垃圾邮件问题。这意味着迟早要是如果我们不注意的话，我们也会有一个。甚至更糟的是，我们可能会大大加剧现有的丑陋程度。我们已经花了很多时间思考，主动应对和规划未来。我们策略的部分内容建立在David的帖子中提出的关于防止垃圾评论的想法。其他人是我们自己的。通过捆绑一些行之有效的策略并尝试一些我们自己的想法，我们取得了不错的成功。

我们面临的垃圾邮件挑战 (The spam challenge we face)

People are funny about their email. Perhaps it is because email is so deeply a part of many peoples identities and daily life. For many, an email address or domain service is an online marker used to convey an impression, a sense of belonging, professionalism or even just a peek into a special and private part of their online world. It can even show a hierarchy in the movers and shakers of the cultural world, especially if you have an address like @well.com, also known as the "Park Place of email addresses." Email connects us to each other, but unlike social media it does so in a quiet and personal way.

人们对他们的电子邮件很感兴趣。也许是因为电子邮件在许多人的身份和日常生活中是如此重要。对于许多人来说，电子邮件地址或域名服务是一种在线标记，用于传达印象，归属感，专业精神，甚至只是窥视他们在线世界中特殊而私密的部分。它甚至可以显示文化世界的推动者和体系中的阶层，特别是如果您拥有@ well.com之类的地址，也称为“电子邮件地址的存放地”。电子邮件将我们彼此联系起来，但与社交媒体不同，它以安静和个人的方式进行联系。

As email lovers we are keenly aware of all this. I've been using email for.. ahem... 23 years. Chances are if you are a geek in your mid 30s you have as well. Email has become kind of sacred to people like me, and the space is filled with innovation to help keep it that way. Common complaints about too-full inboxes and too much noise are quickly becoming a thing of the past as once again the very people that depend on email work harder to keep this open, un-owned platform performing as the dependable workhorse it always has been.

作为电子邮件爱好者，我们敏锐地意识到了这一切。我使用电子邮件已有23年了。如果您是30年代中期的极客，那么您也有可能。电子邮件对于像我这样的人已经变得神圣起来，而这个空间充满了创新，可以帮助保持这种方式。约太满收件箱和噪音太大常见的投诉是Swift 成为一个事物的的过去作为再一次依赖于电子邮件的工作很难保持这种非常人开放的，无主平台上执行的可靠主力它一直是。

If there is one thing email users hate more than clutter it is spam. But spam in email is also pretty well under control if you take the right steps. My current email setup is that a collection of 10 or so addresses I have acquired in the last 23 years (jobs, schools, businesses) which all funnel into the same gmail box. That's 10 different addresses that spammers could target. Out of that, I have to deal with 2 or 3 spam messages per week. Not a big deal.

如果有一件事，电子邮件用户最讨厌的是垃圾邮件。但是，如果采取正确的措施，电子邮件中的垃圾邮件也将得到很好的控制。我当前的电子邮件设置是，在过去23年中，我收集了10个左右的地址(工作，学校，企业)，这些地址都集中在同一个gmail框中。这是垃圾邮件发送者可以定位的10个不同地址。除此之外，我每周必须处理2或3封垃圾邮件。没什么大不了的。

但是现在让我们谈谈垃圾邮件和WordPress (But now lets talk about spam and WordPress)

This is a whole different thing. While spam in email has largely been conquered, WordPress suffers terribly.

这是完全不同的事情。尽管电子邮件中的垃圾邮件已被广泛征服，但WordPress却遭受了极大的打击。

You're probably aware of the problems with native WordPress commenting when it comes to spam.

当涉及到垃圾邮件时，您可能已经意识到本机WordPress注释的问题。

塞子能做什么 (What spambots do)

There is a whole ecosystem of spambots out there hoping to publish their spewage on your website. We'll probably never know all flavors and colors they come in, but we can make some gross generalizations. They want to hit your WordPress site with a submission that looks just a like a new comment submission from a real human commenter, but with a payload of rotten spammy content. They crawl the web looking for things that look like WordPress comment forms, and pump out submissions whenever they find one. They have some techniques for defeating well known defenses. Maybe they can only get past a very old version of Akismet, for example, but they'll try no matter what, and it will work often enough to be worth it. Here's a tiny sample of real submissions from spambots. Most WordPress sites get bombarded with these all day long.

这里有一个庞大的生态系统，它们希望将其发布的信息发布到您的网站上。我们可能永远不会知道所有的风味和颜色，但是我们可以进行一些概括。他们希望通过看起来像真实的人工评论者的新评论提交一样的内容访问您的WordPress网站，但其中包含大量垃圾内容。他们在网上爬网以查找类似于WordPress注释形式的内容，并在找到任何形式的内容时将其抽出。他们有一些击败著名防御的技巧。例如，也许他们只能通过非常老版本的Akismet，但无论如何他们都将尝试，并且这样做通常很值得。这是水龙头实际提交的一小部分样本。大多数WordPress网站整天都受到轰炸。

And here we are, rolling out a nice highway for all of that WordPress comment spam to find its way into inboxes.

在这里，我们为所有WordPress评论垃圾邮件开辟了一条不错的路，找到了进入收件箱的方式。

但是还没到那儿。 (But it's not getting there.)

Just imagine this scenario. You run a WordPress blog with 3,000 subscribers. Postmatic emails your post to 3,000 inboxes, and in the footer of each email is an invitation to leave a comment just by hitting reply (thereby subscribing to future comments as well) or at least subscribe to comments by replying ‘subscribe'. And let's say this is a particularly interesting post. Five hundred people subscribe to the comments from either web or email. Ninety-nine people send a reply. And then one spambot sends in a reply and blasts a viagra ad to them all. Directly into their inbox. And you can't take it back. Email is forever. Ouch. This makes you look bad. It makes us look bad. It makes WordPress look bad. And it makes your subscribers run for the hills.

试想一下这种情况。您运行的WordPress博客拥有3,000个订阅者。 Postmatic通过电子邮件将您的帖子发送到3,000个收件箱，并且在每一封电子邮件的页脚中都邀请您仅单击回复即可发表评论(从而也可以订阅将来的评论)，或者至少通过回复“订阅”来订阅评论。假设这是一个特别有趣的帖子。五百人通过网络或电子邮件订阅评论。九十九个人发送回复。然后，一个垃圾邮件机器人发送回信，并向所有人发送伟哥广告。直接进入他们的收件箱。而且你不能收回它。电子邮件是永远的。哎哟。这会让你看起来不好。这使我们看起来不好。它使WordPress看起来很糟糕。它使您的订户竞相竞逐。

让我们确保永远不会发生 (Let's make sure that never happens)

The way we see it there are three things we have to keep a close eye on to make sure something like the above never happens. And here is a little bit about what we are doing to address each. Maybe it'll give you some additional spam fighting ideas of your own.

我们必须密切注意三件事，以确保不会发生上述情况。这是关于我们为解决每个问题而做的事情。也许它将为您提供一些自己的反垃圾邮件想法。

1.保护订阅小部件 (1. Protect the subscribe widget)

At the core of gaining news subscribers in Postmatic is a widget that sits in your sidebar and invites people to subscribe to the blog, the author, or maybe just comments on a single post. It's a simple form that is just ripe for bots to hammer on. We've addressed this by using some of the concepts in David's post on fighting spammers with javascript. We use a similar technique coupled with some honeypots as a first line of defense. There are a number of free plugins that David's technique in a few different ways which we also recommend to all installations. In particular we like WordPress Zero Spam.

在Postmatic中吸引新闻订阅者的核心是一个小部件，它位于您的侧边栏中，并邀请人们订阅博客，作者或仅发表评论。这是一种简单的形式，机器人已经成熟。我们通过使用David的文章中有关使用javascript打击垃圾邮件发送者的一些概念来解决此问题。我们使用类似的技术加上一些蜜罐作为第一道防线。 David的技术以许多不同的方式提供了许多免费的插件，我们也建议所有安装使用。特别是，我们喜欢WordPress零垃圾邮件。

But even if a bot did defeat the widget the next line of defense is...

但是，即使机器人确实击败了小部件，下一道防线还是...

2.使用棘手的双重选择确认电子邮件，使机器人难以加入 (2. Make joining difficult for bots with a tricky double opt-in confirmation email)

If a bot manages to trick the js in the widget or comment form, the next step is to confirm the subscription via email. We made a decision here which was unorthodox and has raised complaints from some users—but ultimately it's the right thing to do. And it's proving itself quite nicely.

如果机器人设法欺骗小部件或注释表单中的js，则下一步是通过电子邮件确认订阅。我们在这里做出的决定是不合常规的，并引起了一些用户的抱怨-但这最终是正确的选择。事实证明它很好。

Instead of sending an email with a link that says to confirm your subscription click here (lame and easily tricked imho), we force the user to actually reply to the email with the word agree. This is a lot harder for a bot to do and by training users to the behavior at present we can do something even cooler (and absolutely bulletproof) in the future: let the site admin define a question which the subscriber has to supply the correct answer to. For example the subscription confirmation email on a Vermont-based blog might say in order to confirm your subscription please answer the following question: what is Vermont's sweetest export? The answer, of course, would be maple or maple syrup.

我们不会发送一封带有确认您的订阅的链接的电子邮件， 请单击此处 (lam亵和容易被欺骗的恕我直言)，而是强迫用户实际回覆带有“ 同意 ”一词的电子邮件。对于机器人来说，这要困难得多，并且通过培训用户当前的行为，我们将来可以做得更酷(而且绝对是防弹)的事情： 让站点管理员定义一个问题，订户必须提供正确的答案到 。例如，位于佛蒙特州的博客上的订阅确认电子邮件可能会说，要确认您的订阅，请回答以下问题：佛蒙特州最甜蜜的出口是什么？ 答案当然是枫树或枫糖浆 。

These first two options put us in a good place to keep bots from ever becoming email-based subscribers to our customers' sites. The remaining and biggest risks in our system are how to keep web-based spam comments from being sent to inboxes.

这前两个选项使我们处于一个很好的位置，可以防止僵尸程序成为我们客户网站的基于电子邮件的订阅者。我们系统中剩下的最大风险是如何防止基于Web的垃圾邮件评论发送到收件箱。

3.帮助我们的用户保护自己 (3. Helping our users protect themselves)

This part is going to be a little bit touchy. But I'm going to say it: WordPress sites which are proactive about stopping spam don't have a spam problem. There are dozens if not hundreds of plugins, techniques, and tricks to keep spammers out. We have a how-to guide on our support site which lets our users know how to stop spam immediately and permanently. We run dozens of WordPress sites with these very techniques in place and spam is completely obliterated.

这部分将有点棘手。但是我要说的是： 主动阻止垃圾邮件的WordPress网站没有垃圾邮件问题 。有数十种(即使不是数百种)插件，技术和技巧可以阻止垃圾邮件发送者。我们在支持站点上有一个操作指南，使我们的用户知道如何立即永久地阻止垃圾邮件。我们使用这些技巧来运行数十个WordPress网站，垃圾邮件已完全消除。

We go out of our way to educate our users as to the current best practices and plugins for fighting WordPress spam. We do this through our support site, the WordPress dashboard, and in our installation guides.

我们竭尽全力地教育用户有关打击WordPress垃圾邮件的当前最佳实践和插件。我们通过支持站点，WordPress仪表板以及安装指南来执行此操作。

看到成功 (Seeing Success)

This week Postmatic leaves beta and bring 100% email-based commenting to all WordPress sites. Throughout our testing period we've served hundreds of thousands of emails (still waiting for the millionth!) on behalf of WordPress sites both high and low profile. And so far? Not a single spam message. We think that says a lot about the ingenuity and generosity of people like David and the larger WordPress community. Check us out at gopostmatic.com.

本周，Postmatic离开了测试版，并为所有WordPress网站带来了100％基于电子邮件的评论。在整个测试期间，我们已经为WordPress网站提供了数十万封电子邮件(仍在等待百万分之一！)。到目前为止呢？没有一条垃圾邮件。我们认为这足以说明像David和更大的WordPress社区这样的人的才智和慷慨。在gopostmatic.com上查看我们。