dannyman.toldme.com


Technical

WordPress Comment Spam

If you have a blog, you will get comment spam. Comment spam is like fax spam or e-mail spam except its people trying to sell stuff by posting advertising in comments to your blog.

There’s all sorts of crazy solutions you can try. A version or so back I put in one nice little plugin that simply required the web browser to do some math in JavaScript, and comments would only be posted if the math was done right.

A lot of the more complicated solutions sound a little half-baked, annoying, too much work, or just plain insane. I absolutely hate some of the “type in the word that appears in this image” because half the time I can barely make it out with my feeble HUMAN eyes … argh!

Well, I just read an even simpler solution, and since I was working on my comments.php I thought I’d give it a shot. It basically boils down to:

  1. Edit your wp-content/themes/default/comments.php (or whatever theme you are using) and change the line that references the “email” form field to something else. I’ve changed to “dtcemail”:
      <p><input type="text" name="dtcemail" id="dtcemail"
         value="<?php echo $comment_author_email; ?>" size="22" tabindex="2" />
      <label for="dtcemail" ><small>Mail (will not be published) <?php if ($req) _e('(required)');
        ?></small></label></p>
  2. Edit you wp-comments-post.php and change the $comment_author_email assignment to whatever you changed your e-mail to, above:
      $comment_author_email = trim($_POST['dtcemail']);

The premise, like the plugin I ran on an earlier version that did the JavaScript mathematics, is that spammers run scripts that mostly work. So, posting name and email works on 90% or more of blogs, so most spammers will just use that. Eventually maybe enough people will be evading spam in similar ways, and the spammers will shoulder the burden of parsing FORM submit instructions and spamming us the right way. But since there are probably plenty of vulnerable blogs out there, this is not worth the effort.

Cheers,
-danny

Read More

Next:
Previous:
Categories: Technical
Possibly-Related Posts


dannyman.toldme.com tip: Skip the Tech!
all under control
Strange World
Farewell, Madeline
Project Incubator
WordPress Upgraded
Shell HOWTO: Remove Duplicate Elements from a Variable

Responses

July 25th, 2005

dbt

yeah dude gravatars rule!

I’ll do a writeup on my comment setup…

July 25th, 2005

dannyman

Eyah, for some reason I’m getting moderation requests for comments that have no e-mail address . . . I’ll have to debug this solution . . .

Comment

Leave a comment . . .

Tiny Print:

  1. For private messages, e-mail me: dannyman@toldme.com.
  2. You must provide an e-mail address.
  3. You can use a bogus e-mail address, but I like to know who you are.
  4. I will not spam you. I will not publish or share your e-mail address.
  5. First-time commenters will be held for review.
  6. You can use these HTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Danny Howard is 100% responsible for the content on this site, except some of it is stolen. (Sorry about that.)

Intellectual property on this web site is reserved for re-use under the terms of the Creative Commons license. Derivative works may be created for non-commercial purposes, with proper attribution.

You can contact me via e-mail: dannyman@toldme.com

Most of //dannyman.toldme.com/ is powered by WordPress.

If you're hip to RSS and whatnot, you can subscribe to this site.

Mastodon