February 16, 2006

WordPress Spam Blocking

The problem with blogs is that some folks, who should know better, continue to post spam comments even with comment moderation turned on, as it is here. I've tried a few solutions, including renaming files, but they get the new URLs soon enough (often the next day). And so the mindless parade of idiotic spam comments continues.

If this is your problem, this solution from the WordPress Forums is very promising. I've just tested it and it actually stops the posting of comments containing spam words in both the URLs and comment text — when the comment is submitted, they get a page that says "Denied" … no comment posted, no entry in your server logs. Nothing. <Silence is golden>

Here's the code. I've expanded upon what was posted in the WordPress forums, but had to remove the actual spam words to post it here because they're now blocked, but you'll get the idea. The code can be copied and pasted into your wp-comments-post.php file.

In wp-comments-post.php, add the following code (after the author, email, URL, comment stuff), and replace the "word1", "word2" with your list of spam words:

$url = trim(strip_tags($_POST['url']));
if (strpos($url,"word1") !== false) { die("Denied");}
if (strpos($url,"word2") !== false) { die("Denied");}

$comment = trim($_POST['comment']);
if (strpos($comment,"word1") !== false) { die("Denied");}
if (strpos($comment,"word2") !== false) { die("Denied");}

It's not perfect, but it's workable. Of course, you'll have to be careful with this — make sure what you want to block doesn't block everything else.

At any rate, here's hoping this helps someone else out there! Now all I have to do is copy that list of spam words from my server procmail file (email spam blocker).


<Update> The above code is case sensitive, which requires at least three versions of every word. I've posted a better version of the above that handles the case sensitivity at WordPress Spam Blocker.

9 Comments to "WordPress Spam Blocking"

  1. DianeV says:

    A whole day, and zero spam comments. And here I was waiting to get more spamword text. <grin>

  2. DianeV says:

    Two whole days; no spam comments.

  3. Telian Adlam says:

    You know, Diane. I went the longest time spam free b/c of WP's native spam filtering, then I upgraded to a spam plugin, and now the spam has started again.

    Seemingly innocuous messages, sometimes for saccharine and complimentary – but still spam.

    Now, I think I will try the method you've detailed to at least trap the stoopid spam messages.

    ~Teli

  4. DianeV says:

    Okay … but it doesn't trap them — it prevents them from being posted at all.

    That's the only problem; if a legitimate comment contains one of the blocked words, it doesn't get posted.

  5. Telian Adlam says:

    ..it doesn't trap them — it prevents them from being posted at all.

    That was simply bad wording on my part, I know it will delete the comment before even getting to the DB, and that's what I need.

    Although I have comment moderation enabled, dealing with hundreds of these comments at a time is just plain annoying.

    If I choose my words carefully (and there are some obvious ones), then it shouldn't be a problem for the legitimate commenters.

    ~ Teli

  6. DianeV says:

    Okay; just wanted to make sure I was being clear.

  7. Diane Vigil says:

    NOTE: The above code only blocks the precise wording used; for example, if you target the word "spam", then Spam, SPAM, etc. will still get through.

    I've had Darin rewrite the script it in order to ensure that one doesn't have to write multiple entries to a case-sensitive script. It works, and I'd post it except that there's something coming up that's even better. That is, I have several blogs and clients with blogs, which would still mean editing/uploading for each blog each time we needed to add to the spamwords list.

    So <grin> I realized that my best case scenario would be to modify the wp-comments-post.php file to access an external list of spamwords — so that I'd only have to modify the external list and upload it … which means I could upload the same list to a bunch of blogs in minutes.

    Darin has come up with some coding. The code is different. As soon as we've tested it a bit, I'll point you all over to Darin's site.

  8. Diane Vigil says:

    <update> The above code is case sensitive, which requires at least three versions of every word. I've posted a better version of the above that handles the case sensitivity at WordPress Spam Blocker.

  9. Dsw says:

    Everyone is using unique methods to keep spammers away from blogs.
    Like I saw on a blog of which I don't remember the URL. You have to select all the monkies photos from different animal photos to submit your comment.

    I will try your suggested code and see the results.

Have your say ...

First-time comments will be held for moderation (but comments are appreciated). Otherwise, just be courteous. If your name is a bunch of keywords, your comment will be deleted. Don't post links unless highly pertinent. Posters must be 16 or older.

Manage your subscriptions

Archives
© 2004-2017 DianeV Web Design Studio. All Rights Reserved.
34 queries. 0.234 seconds.