The Akismet plugin version 2.6.0 for WordPress is now available.
It includes some incremental bugfixes since 2.5.9, plus some security and anti‑spam improvements to how pingbacks work. Key changes since the last release:
- Fix bug in link to spam comments from right now dashboard widget.
- Fix bug with deleting old comments to avoid timeouts dealing with large volumes of comments.
- Include X‑Pingback‑Forwarded‑For header in outbound WordPress pingback verifications.
- Add a pre‑check for pingbacks, to stop spam before an outbound verification request is made.
There was a news cycle a few days ago about “WordPress pingbacks being used to DDOS sites” which had a lot of misinformation and hyperbole, but there were two valid issues which the last two bullet points address: anti‑spam checks were done after a pingback was verified, and WP didn’t pass on who made the request that caused it to verify a pingback (effectively cloaking the true source). This update to Akismet addresses both, and we think a similar approach may be appropriate for core in a future release.
To update, just visit the Updates tab of your WordPress dashboard.