Admin Area: works | Storefront: partially works - [Squelch Unspam] Review

thebodyshape
(@thebodyshape)

10 years, 11 months ago

Tested on latest WP 3.5.1. and WordPress › WP Ajax Edit Comments « WordPress Plugins

The admin end works well, but on the front
http://imageshack.us/photo/my-images/708/commentskd.jpg/
the comments box loses its spellchecker and extendable comment box option.

Please update plugin and I will change the review.

Viewing 1 replies (of 1 total)

Plugin Author Matt Lowe
(@squelch)

10 years, 9 months ago
Thanks for your feedback. However you’ll find that Unspam works correctly and does what it sets out to do, the issue is that the other plugin is not aware of Unspam and what it is doing. This is not something I can fix, the other plugin would need to be updated to find the new field name from Squelch Unspam if they are to be used together.

The point of Unspam is it renames the fields on the page to prevent spambots finding those fields, and the way that WP Ajax Edit Comments works is by adding some JavaScript enhancements to the standard comment fields. When those field names change the JavaScript can no longer know which field to attach to. In essence WP Ajax Edit Comments and the spambots have a similar goal: Programatically find the comments field on the page.

The new names of the fields can be retrieved in the other plugin with something like:
```
$fieldsMap = get_option( 'lstunspam_fieldsMap', array() );

if (isset( $fieldsMap )) {
    $newFieldName = $fieldsMap['comment'];
    // Do something with the new name
}
```
But the problem is that this data would have to be made available to the JavaScript somehow, which means encoding the new field name into the page as some form of a lookup that the JavaScript can use. The issue with that is that encoding the name of the field into the page for machines to look up completely works against what Unspam sets out to do: Prevent machines from knowing the names of the fields.

The other plugin could then perhaps add those buttons to the page statically rather than through client-side DOM modification, but that would still provide a clue to spambots as to the whereabouts of the comment field which would also weaken the spam prevention of this plugin.

I am currently giving some thought to creating some sort of AJAX lookup that tries to overcome some of these issues through the use of some sort of hash so that each plugin that integrates with Unspam can store its data in an obfuscated manner. That way other plugin authors can easily integrate their plugins with Unspam and still retain a certain degree of obscurity to make life hard for the spambots, but ultimately any AJAX solution based on Unspam is going to weaken the spam prevention of the overall system.

If you need convincing of the efficacy of this plugin, the Squelch website used to receive an average of 14.3 spam comments a day – and that was WITH another spam filter plugin in place (naming no names). After installing Unspam, the site has received a total of 2 spam comments over the course of nearly 6 months and log analysis reveals that both spam comments were submitted by humans, not computers.

Viewing 1 replies (of 1 total)

The topic ‘Admin Area: works | Storefront: partially works’ is closed to new replies.