The Comments Post Rewriter Plugin shall prevent spambots sending their POST request always on the same script (wp-comments-post.php) by blocking such attempts and let pass through posts with a special "code" (see below "Details").
Download
For people who cannot wait: Download v0.1a here.
MD5: 73a909e3a780f17a0a443a3dcce49eb2
SHA1: 1d3dd9adce2c09b3938891ea8a33741bfac321b5
Description / purpose
This plugin rewrites with JavaScript the comments form's "action" value from the well-known wp-comments-post.php to a randomized script name. With the help of Apache's mod_rewrite module the URL got rewritten to point back on wp-comments-post.php. The code got extracted from the script's name and submitted as a GET variable. So the plugin is now be able to block POST requests only on wp-comments-post.php and keep your weblog a little more spam-free. :-)
Features
Here is a list of the current features of my plugin:
- Several data can be added or removed from the final key generation process in the settings section.
- Blocks attempts on the vanilla wp-comments-post.php but accepts POST requests on e.g. wp-comments-post-random-code-here.php.
- Simple installation: Upload one file and add lines to the .htaccess file.
- Works with WordPress 2.x.
Requirements
- WordPress 2.0.4 (cause of many fixes!)
- And all requirements WordPress needs
- Needs Apache's mod_rewrite module and client-side JavaScript enabled to work probably.
Version history
v0.1a (alpha)
- First offical alpha release! :-)
The licence is GNU GPL.
I forgot to mention that you need to patch your comments.php to get this plugin working for you. So I have updated the documentation. Also the above checksums are no longer valid. Please use these instead:
MD5: 85fb7d27ab315214f236b5e6e39c240d
SHA1: 61f69b206d961ffa98d1308c9f0958f47261896e
Quix0r
Okay, latest version is 0.7b with a cool admin area, "block" in your dashboard and exportable (in blog index) viewable stats). :-)
MD5: 97bd9d623b30a7ca0e294bb3cdfb625e
SHA1: 3e876debae11b05df4f2bbb591b23ee8526e5c17
matt0041
Member
Posted 3 years ago #
I cannot download the latest version from your website. what's wrong with your website ?
It was down because I have used alpha-code in a "productive" area. :-) The SQL cacher I have written has made my server very busy.
I have switched it off now. You may want to download it now.
Okay, good news: Editing of comments.php no more needed. :)
Version 1.6 (opps, I didn't update so regulary here) fixes the bug in anonymous statistics. There are several new features added:
- Spam Karma 2 binding to my CPR plug-in added
- Log reader added. You need to enable logging in CPR settings. When everything is fine with my plug-in just switch logging off.
- Anonymous statistics on http://cpr-stats.mxchange.org added. They got updated by a "ping".
- Tar pit added which slows down a detected spammer. Spammers doesn't like this and maybe they stop spamming your blog.
- Several bugfixes and other minor improvements
Enjoy. :)
If you get the error message that wp-includes/js/ is not writeable you may want to try this here:
· Head to the main directory of your blog and them continue tp wp-includes
· Change the permissions of js to 777.
· Click on Dashboard in your admin area.
· If the success message appears protoype.js was downloaded for you and stored to wp-includes/js/
· Now set 755 for the folder js (FTP!) to remove full write permissions.
· That shall be all. :)
You can additionally read the same hints in comment no. 7 on my blog.
Thanks! Will give that a try then.... I thought I skimmed through the comments without finding anything, but I must have just spaced it....
Yup - worked a treat, thanks again!
To all the others: 1.7 is out and I have fixed this mysterious "key length invalid" error. Additionally CPR is now writing it's rewrite rules safely.
Quix0r
vkaryl