Hacking WordPress: Tired of Fighting Comment Spam?
Douglas KarrThanks for stopping by my personal blog on Marketing Technology! Over 50,000 visitors a month find my content worth returning for, so don't forget to subscribe to the Marketing Technology Blog RSS feed or to the Marketing Technology Email to have new content sent directly to your inbox. You may also find my other business blog helpful, Social Media Domination.
Me too! I am sooooo tired of Comment Spam and absolutely recognize that it can be stopped, or at least slowed. In viewing my comments tonight, one of the things I noticed was that the all of the comment spam is directed at old posts.
Some people have installed plugins to close commenting on old posts. Personally, I don’t like this method because a comment can revive the post, the conversation, and ultimately get the post re-indexed with the Search Engines. Why give up the value of an old post by letting it die?
Tonight, I came up with an idea that I’m currently testing. I modified the comment form so that it passes the time that the page was opened. If more than 1 hour passes between the time the page opens and the time that the comment is posted, I simply post an error that too much time had passed and to please submit the comment again.
It’s a hidden field that passes a Unix Timestamp (You can view the source of the page with the comment form on it and see it directly under the form tag). If no value is passed, it also produces the same error.
If it succeeds, it should significantly reduce the volume of comment spam that I’m getting and need to review. I will release a plugin as soon as I see what happens. I will also add some encryption to the value of the hidden field and then decrypt it once posted. As well, I’ll allow you to name the variable any way you would like. If we all name the variable (curtime) differently, we can keep these Spammers guessing.
Please also let me know if you run into problems commenting on my blog! I’ll let you know how this works out.
If you’d like to test this method out as well, here’s how I did it. In wp-comments-post.php at line 32, you can insert the following the code:
$comment_time = $_POST['curtime'];
$time_limit = 3600; // 1 hour = 60 seconds times 60 minutes = 3600 seconds
$howlong = "1 hour";
if (is_numeric($comment_time)) {
$time_between = time() - $comment_time;
} else {
$time_between = $time_limit + 1;
}
//Check for the correct time
if ($time_between > $time_limit || $time_between <=0 ) {
wp_die( __(’Sorry, you have to post a comment within ‘.$howlong.’ of reading my post. Refresh the page and try again!’) );
}
On your comments page directly under your <form tag, you can simply insert the following:
<input type="hidden" name="curtime" value="<? echo time(); ?>">
Can you provide some additional info on how this would stop regular visitors? I’m not sure how since it would only block the comment if they sat on the page for over an hour.
Thanks!