Tag Archives: spam

Remove url / website from wordpress comments

Posted on by
10

Holy spam bots Batman!

I finally got fed up with comment spam on my wordpress blog.  To help solve my problem, I decided to remove all the the url / website values for comments in my blog.  It seems like the most popular use of the author url value in a comment is for spam.  In fact, I would say over 90% of all my comments containing an author url is some form of ad spam. For these cases, the author url usually links to some random site with no relevant content. On the other hand, almost all my readers who post legitimate comments do not bother putting in a comment author url.

So I decided the author url is useless and decided take aggresive action against it:

  1. remove the url field from the comment form
  2. prevent comment posts with author url in it
  3. remove urls for existing comments
  4. remove comments which contained random author urls which has a slight hint of being spam.

Customize the comment form

To remove the url or website field from the comment form, you can customize the wordpress comment form by adding a filter and using the “comment_form_default_fields” hook. Go into your theme and find all usages of the function comment_form().  Before each usage, add the following filter:

    <?php
      function remove_url_field($fields) {
        unset($fields['url']);
        return $fields;
      }
      add_filter('comment_form_default_fields', 'remove_url_field')
    ?>

    <?php comment_form(); ?>

I’m using the default twenty-eleven theme and the above appears in comments.php.

Validate server comment post

Customizing the comment form is great for your users but it will not make a bit of difference for spam bots.  Spam bots can post comments directly to your wordpress and bypass the form directly.  Because of this, you need to add validation to the php file that accepts comments.  Inside wp-comments-post.php, find the following lines of code (should be somewhere near the middle of the file):

$comment_author       = ( isset($_POST['author']) )  ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = ( isset($_POST['email']) )   ? trim($_POST['email']) : null;
$comment_author_url   = ( isset($_POST['url']) )     ? trim($_POST['url']) : null;
$comment_content      = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null;

Put the following if statement right after:

if ($comment_author_url) {
   wp_redirect('/');
   exit;
}

This will redirect anyone who submits a comment author url back to the main page.  This should only affect bots which bypassed your form since it will not realize you do not have a url input anymore.

Remove existing author url

Finally, remove the existing urls from the mysql database.  The urls are stored in wp_comments in the comment_author_url field.

mysql> update wp_comments set comment_author_url = '';

Notes

The above changes were performed on wordpress 3.2.1.