WordPress.org

Ready to get started?Download WordPress

Forums

disable "Leave a Reply" on images (11 posts)

  1. MrsJessicaSimpson
    Member
    Posted 2 years ago #

    Hello all,

    I don't usually resort to this sort of thing, but its a poser! ... Users love em' or loath em' we got em'.

    Now I allow "comments" on 'Posts' ... But have my 'Pages' locked up and don't allow comments there at all.
    One of my users found something out and I can't turn it off.

    Go to one of your pages where there is a Media picture installed! Click on the Media picture.

    The picture is now displayed like a regular Page is but without your words of wisdom.

    Under the picture is the option to "Leave a Reply"

    Now I've just entered my own site as a visitor ... With no privileges at all and left some 'Spam' comment on the picture files. I have 'CAPTCHA' Installed and it did ask me a question. I passed the test and the Spam message was placed on my WordPress web page --- How do I turn this OFF!

    I've read all about the hidden drop down 'comments' on my dashboard and they're all unchecked. As I say 'comments' are unchecked on my 'Pages' so one can leave a reply there, but on Media Images? --- I'm stumped.

    btw I'm using Weaver 2010 and 'simple.php' isn't so simple to edit.
    'comment.php' seems buried inside a set of conditions? - I don't really want to play with that option.

    Any one got any 'other' pointers.

    Thanks for reading Jessy.

  2. s_ha_dum
    Member
    Posted 2 years ago #

    CAPTCHAs won't stop a human spammer. They aren't intended to. They are intended to stop automated spamming, which is pretty much all of it. Spamming is a numbers game and it is hard to post millions of spam comments by hand. :)

    I think you are going to have to edit your single.php file. I looked for a filter but didn't find one. Your media pages should come through with post_type = 'attachment' so you will need to find your comment section-- look for comments_popup_link and comments_template-- and wrap it in a conditional like this:

    if ('attachment' != $post->post_type) {
        // the comment stuff you located earlier
    }

    Feel free to hold your breathe for a better idea. Maybe somebody has one. :)

  3. MrsJessicaSimpson
    Member
    Posted 2 years ago #

    Thanks for your quick response.

    Yes! As you said I think I'm going to have to edit that 'single.php' file! Damm! and poo sticks... WordPress was looking soooo! secure till I found out about this!

    Thanks for reading Jessy!

  4. s_ha_dum
    Member
    Posted 2 years ago #

    Why do you think this has anything to do with security? I don't see anything in what you've posted that indicates a security problem.

  5. MrsJessicaSimpson
    Member
    Posted 2 years ago #

    Because I've got all 'comments' on 'pages' turned off for a reason.

    That reason being I don't want or need the hassle of keeping an eye on unwarranted 'comments' on my 'Pages' ... WordPress does this! Brilliant. But as I've discovered it doesn't on images. Now I've the back door issue ... And now I've got to be aware of these comments.

    It's not a security issue as such ... Just a wide hole.

    BTW your comment on 'CAPTCHA' ... I never said they were designed to stop spammers. I know that! ... But what I was trying to say is that spammers now have a back door and even though I have to approved all 'comments' it's just more grief that I shouldn't have to accept.

    welcome.

  6. s_ha_dum
    Member
    Posted 2 years ago #

    You have misunderstood how the system works, or assumed that it works in a way that it doesn't. You aren't talking about a 'Page'. When WordPress displays an image it treats it like a post, not a page, and you said above that you allow comments on posts. This is not a backdoor. And these comments are no more or less secure than the comments that you have chosen to allow, so it isn't a back door in that way either.

    As far as being a hassle, I don't think I've ever seen a comment posted to an image in many years of running several WordPress installs. I imagine that it has probably happened but it must be pretty rare. If you think about it, it makes sense. Most, or all, of your exposed images are attached to posts. Those are the only images that a spam bot would be aware of. Guessing random image names or IDs isn't really good use of spammer time. But, if comments are enabled on the 'parent' post, the bot has to look no further to find a comment form. Tunneling down to the images is unnecessary work. Even if you have images on pages chances are that the bot is going to end up on a post since there be many more posts than pages.

    Really, I understand removing the comment form from the media pages for aesthetic and 'tidiness' reasons, but this in not a security issue at all and I very much doubt it will cause any extra maintenance hassle.

    I just thought about it but what we've been talking about is removing the comment form from those media posts. However, if you are interested, it should be possible to redirect attempts to view those media posts to somewhere else entirely like the site's home page, for example. Its a trickier thing to pull off than just wrapping that comment in a conditional, but it should be possible.

  7. MrsJessicaSimpson
    Member
    Posted 2 years ago #

    Ta!

  8. cjc1867
    Member
    Posted 2 years ago #

    For Twenty Eleven theme the file images.php has a code snippet that adds the 'Rely to' or Comments for images.

    Look for this line <?php comments_template(); ?>, either delete it or add this code that will check to see if Comments are enable from the Parent file:

    <?php if (comments_open($post->post_parent)) {
    // Only show the Comments Form if the parent post has comments open
    comments_template();
    } ?>
    Please remove the backticks when inserting it into the file.

    I didn't want comments on images as my other sites have Spam Comments on them and I don't have the time to look after them all. This solved the problem, for TwentyTen the file to look for is attachment.php

    Thanks

    Colin

  9. ai
    Member
    Posted 2 years ago #

    Thank you, Colin. Your post is a godsend!

  10. Really Must I?
    Member
    Posted 1 year ago #

    @ s_ha_dum

    Regarding your statement

    "As far as being a hassle, I don't think I've ever seen a comment posted to an image in many years of running several WordPress installs. I imagine that it has probably happened but it must be pretty rare. "

    In the past 4 hours I have received 19 spam comments on images. It is a hassle especially when you choose to approve all comments and get notified when someone submits a comment.

  11. cjc1867
    Member
    Posted 1 year ago #

    Since I originally posted i.e. 10 months ago, another WordPress website that I forgot to delete or amend the comments code has had quite a number of spam comments added and I forgot about this post. Thank you Really Must I for bringing this issue back up.

    I was wondering where they were all coming from. Like you say it is hassle and I don't have the time to go through every website to delete them or mark as spam.

Topic Closed

This topic has been closed to new replies.

About this Topic