disable "Leave a Reply" on images

CAPTCHAs won’t stop a human spammer. They aren’t intended to. They are intended to stop automated spamming, which is pretty much all of it. Spamming is a numbers game and it is hard to post millions of spam comments by hand. 🙂

I think you are going to have to edit your single.php file. I looked for a filter but didn’t find one. Your media pages should come through with post_type = ‘attachment’ so you will need to find your comment section– look for comments_popup_link and comments_template— and wrap it in a conditional like this:

if ('attachment' != $post->post_type) {
    // the comment stuff you located earlier
}

Feel free to hold your breathe for a better idea. Maybe somebody has one. 🙂

Why do you think this has anything to do with security? I don’t see anything in what you’ve posted that indicates a security problem.

You have misunderstood how the system works, or assumed that it works in a way that it doesn’t. You aren’t talking about a ‘Page’. When WordPress displays an image it treats it like a post, not a page, and you said above that you allow comments on posts. This is not a backdoor. And these comments are no more or less secure than the comments that you have chosen to allow, so it isn’t a back door in that way either.

As far as being a hassle, I don’t think I’ve ever seen a comment posted to an image in many years of running several WordPress installs. I imagine that it has probably happened but it must be pretty rare. If you think about it, it makes sense. Most, or all, of your exposed images are attached to posts. Those are the only images that a spam bot would be aware of. Guessing random image names or IDs isn’t really good use of spammer time. But, if comments are enabled on the ‘parent’ post, the bot has to look no further to find a comment form. Tunneling down to the images is unnecessary work. Even if you have images on pages chances are that the bot is going to end up on a post since there be many more posts than pages.

Really, I understand removing the comment form from the media pages for aesthetic and ‘tidiness’ reasons, but this in not a security issue at all and I very much doubt it will cause any extra maintenance hassle.

I just thought about it but what we’ve been talking about is removing the comment form from those media posts. However, if you are interested, it should be possible to redirect attempts to view those media posts to somewhere else entirely like the site’s home page, for example. Its a trickier thing to pull off than just wrapping that comment in a conditional, but it should be possible.

For Twenty Eleven theme the file images.php has a code snippet that adds the ‘Rely to’ or Comments for images.

Look for this line <?php comments_template(); ?>, either delete it or add this code that will check to see if Comments are enable from the Parent file:

<?php if (comments_open($post->post_parent)) {
// Only show the Comments Form if the parent post has comments open
comments_template();
} ?>
Please remove the backticks when inserting it into the file.

I didn’t want comments on images as my other sites have Spam Comments on them and I don’t have the time to look after them all. This solved the problem, for TwentyTen the file to look for is attachment.php

Thanks

Colin

@ s_ha_dum

Regarding your statement

“As far as being a hassle, I don’t think I’ve ever seen a comment posted to an image in many years of running several WordPress installs. I imagine that it has probably happened but it must be pretty rare. “

In the past 4 hours I have received 19 spam comments on images. It is a hassle especially when you choose to approve all comments and get notified when someone submits a comment.