WordPress.org

Ready to get started?Download WordPress

Forums

Spam bypassing comment registration? (5 posts)

  1. Paul Whitener Jr.
    Member
    Posted 3 years ago #

    I have a site up and running where I'm requiring users to register before being able to post comments. I've tested this and it's set up correctly, users are not given a comment box until they're logged in.

    However, I have spam comments coming through, these are not being posted by members. How are these comments sliding through if I'm not allowing this?

    As a safeguard I turned off trackbacks as I read elsewhere that there may be a bug which allows spammers to send through comments this way, but to no avail as I've received more spam since doing so.

    This isn't about the spam per se (as I'll get Akismet running) but I'm wondering/concerned that there may be a larger issue if spammers can bypass these settings in WordPress 3.0.

    Any solutions to this? Is this a bug?

  2. govpatel
    Member
    Posted 3 years ago #

    You will find answer to your problem here as some else has the same problem
    http://wordpress.org/support/topic/possible-new-user-registration-problem?replies=2

  3. Paul Whitener Jr.
    Member
    Posted 3 years ago #

    Hello, thanks for the reply but that's not the issue. These are not spam bots that are registering, I'm monitoring my registrations closely and am using a double-opt in email verification to keep bots from gaining access.

    This issue is that bots are able to post comments without registering, which they should not be able to do since I've set it up in Settings > Discussion "User must be registered and logged in to comment." How are they bypassing this? Thoughts? Bug?

  4. Chip Bennett
    Theme Review Admin
    Posted 3 years ago #

    Try blocking no-referrer spam in .htaccess. Spam bots will simply submit $_POST data to comments.php, completely bypassing your comments template markup.

  5. Paul Whitener Jr.
    Member
    Posted 3 years ago #

    Chip, thanks! This make sense and appears to be a solid solution to this problem. I've added the necessary code to my .htaccess file and will continue to monitor the situation.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.