« The Maze of Finding a Live Person on the Phone
How to Win at Internet Checkers »


Eliminate URL Comment Spam from WordPress

Wordpress logo

The default installation of WordPress is vulnerable to comment spam.

There are a few ways around it:
1. Activate Akismet, a spam catcher - the problem is it can sometimes generate ‘false positives’
2. Add a captcha - can be tricky to install and is an extra hurdle commenters have to get right- may prevent some postings.
3. Remove the URL field altogether!

I will show you the simple, manual way to remove the URL field:

1. Open your comments.php file in your HTML editor. From the root folder of your blog, go to wp-content\themes\default if you’re using the default template. If you are using a theme, select the appropriate folder of your theme, then open its comments.php file. Note: if you do not have an HTML editor, such as Dreamweaver, then open the .php file as text in Notepad. If you don’t know how to find your Notepad, just go to the start menu > Run… > and then type in ‘notepad’ and click OK- it will open and edit your .php file as text.

2. Search for this code:

<p><input type="text" name="url" id="url" value="<?php echo $comment_author_url; ?>" size="22" tabindex="3" />
<label for="url"><small>Website</small></label></p>

<?php endif; ?>

<p><small><strong>XHTML:</strong> You can use these tags: <?php echo allowed_tags(); ?></small></p>

3. Either delete this whole text, or ‘comment it out’ (recommended). Add the tags in bold to turn the code into comments (thus, ignored):

<!– <p><input type="text" name="url" id="url" value="<?php echo $comment_author_url; ?>" size="22" tabindex="3" />
<label for="url"><small>Website</small></label></p> –>

<?php endif; ?>

<!–<p><small><strong>XHTML:</strong> You can use these tags: <?php echo allowed_tags(); ?></small></p>–>

4. Save. That removes the URL field entirely, but we’re not finished. Because spammers have automated scripts that insert their URL variable right in the form without the need for a field. So, what we will do is change the code to stop the submission if a URL variable is set. With the URL field gone, it is not possible for a valid user submission to contain the URL variable, so by eliminating all URL variables, we don’t have to worry about false positives. It would be 100% spam, and we can prevent it…

5. Next, open up wp-comments-post.php - back to the root of your blog folder. Scroll down to where you see the following code:

if ( ” == $comment_content )
wp_die( __(’Error: please type a comment.’) );

6. Now, underneath that code, copy and paste the following code:

if (!empty ($comment_author_url))
wp_die( __(’Error: you are an idiot spammer.’) );

So, it should look like this:

…code before…

if ( ” == $comment_content )
wp_die( __(’Error: please type a comment.’) );

if (!empty ($comment_author_url))
wp_die( __(’Error: you are an idiot spammer.’) );

…code before…

7. Save. And FTP upload your 2 modified files to your server. You should not have any problem with automated spam URL fields anymore!

This entry was posted on Saturday, April 5th, 2008 at 12:14 pm and is filed under WordPress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply