There are tons of articles on the subject of spamming with trackbacks, and a few helpful plugins to help improve Wordpress trackbacks. But I couldn't find a nice proof-of-concept spam exploit of the trackback protocol so here we go!
By 'complete' I mean: required SSL on the login and register pages as well as the entire admin section, and optional SSL for the entire blog for private reading. And when there is SSL, everything is transfered over SSL.
The first step is to enable SSL for administration. This is well documented within Wordpress, just add the following statement to your wp-config.php:
A few weeks ago I stumbled on the PHPIDS project. (Most likely from PenTestIT) It seemed like a pretty cool idea, I mean who doesn't love more logs? And I've been experiencing quite a bit of spam messages despite my attempts to add spam catching plugins and CAPTCHAs; though I've tried to maintain usability by not requiring registration. So perhaps PHPIDS can me understand my baddies a bit better.