Tag Archives: blog

Remove url / website from wordpress comments

Posted on by
9

Holy spam bots Batman!

I finally got fed up with comment spam on my wordpress blog.  To help solve my problem, I decided to remove all the the url / website values for comments in my blog.  It seems like the most popular use of the author url value in a comment is for spam.  In fact, I would say over 90% of all my comments containing an author url is some form of ad spam. For these cases, the author url usually links to some random site with no relevant content. On the other hand, almost all my readers who post legitimate comments do not bother putting in a comment author url.

So I decided the author url is useless and decided take aggresive action against it:

  1. remove the url field from the comment form
  2. prevent comment posts with author url in it
  3. remove urls for existing comments
  4. remove comments which contained random author urls which has a slight hint of being spam.

Customize the comment form

To remove the url or website field from the comment form, you can customize the wordpress comment form by adding a filter and using the “comment_form_default_fields” hook. Go into your theme and find all usages of the function comment_form().  Before each usage, add the following filter:

    <?php
      function remove_url_field($fields) {
        unset($fields['url']);
        return $fields;
      }
      add_filter('comment_form_default_fields', 'remove_url_field')
    ?>

    <?php comment_form(); ?>

I’m using the default twenty-eleven theme and the above appears in comments.php.

Validate server comment post

Customizing the comment form is great for your users but it will not make a bit of difference for spam bots.  Spam bots can post comments directly to your wordpress and bypass the form directly.  Because of this, you need to add validation to the php file that accepts comments.  Inside wp-comments-post.php, find the following lines of code (should be somewhere near the middle of the file):

$comment_author       = ( isset($_POST['author']) )  ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = ( isset($_POST['email']) )   ? trim($_POST['email']) : null;
$comment_author_url   = ( isset($_POST['url']) )     ? trim($_POST['url']) : null;
$comment_content      = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null;

Put the following if statement right after:

if ($comment_author_url) {
   wp_redirect('/');
   exit;
}

This will redirect anyone who submits a comment author url back to the main page.  This should only affect bots which bypassed your form since it will not realize you do not have a url input anymore.

Remove existing author url

Finally, remove the existing urls from the mysql database.  The urls are stored in wp_comments in the comment_author_url field.

mysql> update wp_comments set comment_author_url = '';

Notes

The above changes were performed on wordpress 3.2.1.

Moving to wordpress 2.8

Posted on by
2

I’ve finally moved chiaocheng.com to wordpress.  I have been looking for ways to add content more easily than writing up html pages.  To achieve that, I focused on two types of software, blogs and wiki’s.  Initially, I had hoped to keep my site on java for integration purposes.  My photo album is running off tomcat and so keeping things in java would have allowed me to include my photo album without redirecting to a new site.  I looked at several java solutions such as jspwiki and jamwiki but unfortunately, I didn’t find anything suitable.  I finally decided to ditch the java requirement.  After that, the choice got a lot easier since wordpress is very popular, thus having a lot of community built support around it.

Another important factor for me was the ability to customize the software.  Not only the legal ability but also the ease to understand and change the underlying software.  Not being a php guy, I’ve been pleasantly surprised how easy and straight forward to understand and modify the code base.  The bad part is that it looks very much like procedural spagehiti code resembling much of what you would see if a java web app was written completely in jsp.

Just a few weeks ago, wordpress 2.8 came out.  So I installed the new version and it seems like a lot of the buggy admin functions are now fixed.  Using wordpress 2.7, I felt a lot of the backend pages had bugs.  Luckily for me, 2.8 came out at the perfect time.

You can find my old website here: old.chiaocheng.com. It going to take me some time to move everything over.

And guess what, you just read my first ever blog post!

Happy blogging.