If you have a self-hosted WordPress blog which is quite popular, the most annoying thing is fighting WordPress comment spam on a regular basis. Every time you login to WordPress dashboard, you see a whole lot of spam comments waiting to be deleted. Either you have to delete them manually or let them die in the spam queue. There is no “one size fits all” method that will protect your comments; spammers use many tactics. Consider using multiple defenses. Remember spammers change the way they attack so you must keep your choices updated.
Combating WordPress Comment Spam
If you are getting lots of spam comments in your WordPress blog, here are some techniques which can help:
1. Removing Fields From the Comment for Using Hooks
The WordPress comments form can be customized also using hooks and filters. Customizing using hooks/filters is very useful especially when you are customizing through a plugin and cannot modify the theme files. The filter to add or remove fields from the comments form is ‘comment_form_default_fields‘
Now let’s remove the URL field using this filter. The code to do this you can either put it in your plugin file if you are customizing through the plugin or in the functions.php file of your theme.
The code is as follows:
function remove_comment_fields($fields) {
unset($fields['url']);
return $fields;
}
add_filter('comment_form_default_fields','remove_comment_fields');
Source: tutsplus.com
2. Spam Comments with Very Long URL’s
Super long URL’s are a sure fire sign the comment is spammy. This will mark comments with URL’s (as the author URL, not just in the text) longer than 50 characters as spam, otherwise leave their state the way it is.
<?php
function rkv_url_spamcheck( $approved , $commentdata ) {
return ( strlen( $commentdata['comment_author_url'] ) > 50 ) ? 'spam' : $approved;
}
add_filter( 'pre_comment_approved', 'rkv_url_spamcheck', 99, 2 );
?>
Source: css-tricks.com
3. Embrace “Nofollow” for External Links in Post Content
One of the quirks about linking to external websites within WordPress’ own post content is that it actually serves to build up the linked-to site’s search engine rankings while doing nothing to assist the website that actually places the link in its content. Google recognized this quirk some time ago and, in conjunction with the W3C, created a new link element that will cause Google to ignore links to external websites.
Adding this element to every link individually can be a bit taxing, and it’s something that most WordPress administrators won’t bother to do. Luckily, a code snippet placed into the theme-specific functions.php file can automatically append a nofollow instruction to every link bound for an external website. Simply open the functions file and place the following lines of code at the top of the document:
add_filter('the_content', 'auto_nofollow');
function auto_nofollow($content) {
//return stripslashes(wp_rel_nofollow($content));
return preg_replace_callback('/<a>]+/', 'auto_nofollow_callback', $content);
}
function auto_nofollow_callback($matches) {
$link = $matches[0];
$site_link = get_bloginfo('url');
if (strpos($link, 'rel') === false) {
$link = preg_replace("%(href=S(?!$site_link))%i", 'rel="nofollow" $1', $link);
} elseif (preg_match("%href=S(?!$site_link)%i", $link)) {
$link = preg_replace('/rel=S(?!nofollow)S*/i', 'rel="nofollow"', $link);
}
return $link;
}
Source: onextrapixel.com
4. Block Spam by Denying Access to No-Referrer Requests
by blocking all requests for the comments-processing script (wp-comments-post.php) that are not sent directly from your domain (comments.php), you immediately eliminate a large portion of blog spam.
Sound good? Here is the script to add to your site’s .htaccess file:
# block comment spam by denying access to no-referrer requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*perishablepress.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ ^http://the-site-where-you-want-to-send-spammers.com/$ [R=301,L]
Source: perishablepress.com
5. Remove autolinks in comments
By default, WordPress automatically turns urls left in the comment form into links. This can be useful, but as there’s lots of spammers on the internet, you might want to remove this feature.
To remove automatic linking of urls in comments, simply open your functions.php file and paste the following:
remove_filter('comment_text', 'make_clickable', 9);
Source: wprecipes.com