Support » Plugins » Bad Behavior spam protection outside your blog

  • Are you using the Bad Behavior plugin to help prevent spam on your wordpress blog? But what about your webpages that lie outside your blog… it would be nice to protect them as well!!

    Well I figured out how to do this… you can now protect your other webpages using the bad behavior files in the WordPress plugins directory, which is great because whenever you upgrade the plugin, your external webpages will automatically benefit from the upgrade!

    NOTE: They need to be php files, so if you want to protect html files you will need to change the extension from html to php. This may require you set up an html file with the old name that auto-refers to the new php file if you are worried about links no longer working.

    So assuming you already have the plugin installed and activated, do the following on any webpage you want to protect from spam that is outside your wordpress blog:

    STEP #1:
    Copy and paste the code below into a file called:

    //Settings for email and database access
    //Change these as appropriate
    define('BB2_EMERG_EMAIL',''); //Change this
    define('BB2_DB_TABLE', 'wp_bad_behavior_outside'); // Choose your table (don't forget wp prefix)
    define('BB2_DB_NAME', 'db-name'); // The name of the database
    define('BB2_DB_USER', 'db-username'); // Your DB username
    define('BB2_DB_PASSWORD', 'db-user-password'); // Your DB user password
    define('BB2_DB_HOST', 'localhost'); //Probably can leave this as localhost
    define('BB2_CWD', dirname(__FILE__)); //Do not change this
    // More settings you can adjust for Bad Behavior.
    // Most of these are unused in non-database mode.
    // More details below...
    $bb2_settings_defaults = array(
    	'log_table' => BB2_DB_TABLE,
    	'display_stats' => true,
    	'strict' => false,
    	'verbose' => false,
    	'logging' => true,
    	'httpbl_key' => '',
    	'httpbl_threat' => '25',
    	'httpbl_maxage' => '30',
    // Here is what the settings above mean...
    // - log_table
    //   Leave this as BB2_DB_TABLE (do NOT change it). Make your change up above
    //   in the line that says: define('BB2_DB_TABLE', 'bad_behavior_table_name')
    //   Change 'bad_behavior_table_name' to whatever table you want to use.
    //   This table will be created automatically if it does not already exist.
    // - display_stats
    //   TRUE=Display stats on page that has the bb2_insert_stats() function on it.
    //   FALSE=Do not display stats.
    //   Default is TRUE
    // - strict
    //   TRUE=Strict checking (blocks more spam but may block some people)
    //   FALSE=Recommended setting
    // - verbose
    //   TRUE=This will log EVERY access attempt to webpage, including valid
    //        permitted ones. Good for testing to see if logging is working,
    //        but can cause your DB table to become huge fairly quickly.
    //   FALSE=Log only denied access attempts or permitted ones that were
    //         questionable. This is the recommended default setting.
    // - logging
    //   TRUE=Log info to database table.
    //   FALSE=Do not log anything.
    // - httpbl_key
    //   To use Bad Behavior's http:BL features you must have an http:BL Access Key.
    //   Sign up for a free account to get a key here:
    // - httpbl_threat
    //   Minimum Threat Level (25 is recommended)
    // - httpbl_maxage
    //   Maximum Age of Data (30 is recommended)
    //Open and connect to DB
    $dblinkid = mysql_connect(BB2_DB_HOST, BB2_DB_USER, BB2_DB_PASSWORD); //Connect to DB
    define('BB2_DB_LINK_ID', $dblinkid); //Setup the Resource Link ID so it's available in other functions.
    if (!BB2_DB_LINK_ID) {
      die('Could not connect to DB: ' . mysql_error()); //Not pretty but at least you know there is a problem!
    $dbselect = mysql_select_db(BB2_DB_NAME, BB2_DB_LINK_ID); //Choose connection Table in DB
    if (!$dbselect) {
      die ('Can not use selected DB: ' . mysql_error()); //Not pretty but at least you know there is a problem!
    // Bad Behavior callback functions.
    // Return current time in the format preferred by your database.
    function bb2_db_date() {
    	return gmdate('Y-m-d H:i:s');	// Example is MySQL format
    // Escape a string for database usage
    // TO DO: Figure out what this should do and how to implement it
    function bb2_db_escape($string) {
    	return $string;	// No-op ... see TO DO
    // Return affected rows from most recent query.
    function bb2_db_affected_rows() {
      return mysql_affected_rows(BB2_DB_LINK_ID);
    // Return the number of rows in a particular query.
    function bb2_db_num_rows($link) {
      return mysql_num_rows($link);
    // Run a query and return the results, if any.
    // Will return FALSE if an error occurred.
    // Bad Behavior will use the return value here in other callbacks.
    // WRITE operations will return TRUE for successful and FALSE for nothing written
    // READ operations will return an associative array of the result set, or FALSE if no rows were returned
    //  It will return array[0] with first row, then array[1] with second row, etc.
    function bb2_db_query($query) {
      $link = mysql_query($query, BB2_DB_LINK_ID);
      if (!$link) { //If it's 0/FALSE then there was some kind of error
        //die('There was a problem with $query: '.mysql_error()); //Uncomment this line for debugging
        return false; //Return false if there is an error
      if ($link === TRUE) { //If it's exactly TRUE then it was a succesful WRITE operation
        $affected_rows = bb2_db_affected_rows(); //how many affected rows in a WRITE query?
        if ($affected_rows >= 1) {
          return true; //Something was succesfully written
        } else {
          return false; //Nothing was written
      } else { //If it's not 0/FALSE and it's not exactly TRUE then it was a READ operation
        $number_of_rows = bb2_db_num_rows($link); //number of rows read the READ query?
        if ($number_of_rows == '0') {
          return false; //No rows were found for query
      $result = bb2_db_rows($link); //Go get all the rows and put them an array
      return $result;
    // Return all rows in a particular READ query.
    // Will contain an array of all rows generated by calling mysql_fetch_assoc()
    // and appending the result of each call to an array. It will return array[0]
    // with first row, then array[1] with second row, etc.
    function bb2_db_rows($linkid) {
      $i = 0;
      while ($row = mysql_fetch_assoc($linkid)) { //Get each row from query
        $result[$i] = $row;
      if (empty($result)) {
        $result = $linkid; //If there were no rows, then just return the id
      return $result;
    // Return emergency contact email address.
    function bb2_email() {
    	return BB2_EMERG_EMAIL;
    // Retrieve settings
    // Currently they are hard coded in this file.
    // TO DO: Retrieve from DB... need to implement bb2_write_settings() first.
    function bb2_read_settings() {
    	global $bb2_settings_defaults;
    	return $bb2_settings_defaults;
    // Write settings to database
    // Currently not implemented. Settings are hard coded in this file.
    // TO DO: Add another table to DB to store these settings in?
    function bb2_write_settings($settings) {
    	return false;
    // Installation
    // Will automatically create the table if it does not exist yet.
    function bb2_install() {
      $settings = bb2_read_settings();
      if (!$settings['logging']) return;
    // Screener
    // See example at top of this file
    function bb2_insert_head() {
    	global $bb2_javascript;
    	echo $bb2_javascript;
    // Display stats (optional)
    // See example at top of this file
    function bb2_insert_stats($force = false) {
    	$settings = bb2_read_settings();
    	if ($force || $settings['display_stats']) {
    		$blocked = bb2_db_query("SELECT COUNT(*) FROM ".$settings['log_table']." WHERE <code>key</code> NOT LIKE '00000000'");
    		$totals = bb2_db_query("SELECT COUNT(*) FROM ".$settings['log_table']);
        if ($blocked !== FALSE) {
    			echo '<p><a href="">Bad Behavior</a> has blocked <strong>'.$blocked[0]['COUNT(*)'].'</strong> access attempts to date. ('.$totals[0]['COUNT(*)'].' db entries).</p>';
    // Return the top-level relative path of wherever we are (for cookies)
    // You should provide in $url the top-level URL for your site.
    // TO DO: What is this actually used for? Seems to work fine if you leave it as '/'
    function bb2_relative_path() {
      return '/';
    // Calls inward to Bad Behavor itself.
    require_once(BB2_CWD . "/bad-behavior/");
    require_once(BB2_CWD . "/bad-behavior/");
    bb2_install(); //Check if table exists and create it if it does not

    STEP #2:
    Change the settings by entering your email, your wp db-name, your wp db-username and your wp db-user-password. You will also need to enter the table name you want to use. You can use the existing bad behavior table if you want to, or you can specify a different table and it will automatically be created for you. Don’t forget to specify your wp prefix in the table name as well.
    Now save this file in the /wordpress/wp-content/plugins/bad-behavior folder (/wordpress/wp-content/plugins/bad-behavior/bad-behavior-generic-outside-wp.php).

    STEP #3:
    For any php webpages you want to protect, add the following code at the VERY top of the page… it MUST be the first thing in your file, even before the HTML and HEAD and DOCTYPE tags. Don’t forget to change the path name so it points to the proper direcotry.

    //Bad Behavior - This include_once statement MUST be the very first item at the
    //top of your page, or it will generate an WARNING and the following functions
    //may not work: bb2_insert_head(), bb2_insert_stats()
    // NOTE: It MUST be the very first item on the page or you will get an error.
    //       It needs to be BEFORE all tags (before <html>, <head>, <!DOCTYPE>, etc).

    STEP #4:
    Now ad the following code to the same file, somwhere in the HEAD section of the file:

    //Bad Behavior - This code should appear in the <HEAD> section of your page
    // and will add the required JavaScript to your page.
    if (function_exists('bb2_insert_head')) {

    STEP #5:
    Now you can test it to see if it’s working. Go to a webpage that you added the code to, and View Source and see if there are some bb2 javascript functions added into the HEAD section.

    In the bad-behavior-generic-outside-wp.php file, you can change the ‘verbose’ setting to TRUE. This will log ALL activity to your webpage, including valid permitted access, so you can make sure the logging is working correctly… once it’s set to true visit the webpage a few times then go check the db to make sure there are some entries in it. You probably want to set ‘verbose’ back to FALSE when you are done.

    That’s it… hope this helpful to somebody!!

  • The topic ‘Bad Behavior spam protection outside your blog’ is closed to new replies.