Comments should be off by default

  1. lovingboth

    Currently, WordPress sets up a site with no active protection against comment spam, but with comments enabled on the samples.

    That this is not best practice can be seen by the fact that a search for '"Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!" viagra' produces over one and a half million hits.

    Use some other typical spam words, and it's worse.

    Comments are lovely, but they should only be turned on when the site is ready, i.e. is using Akismet or an equivalent service.

    Posted: 5 years ago #
  2. zactoff


    Yes! Are you a blog or a CMS?

    Leave the comments auto enabled for wordpress.com accounts by all means.

    Posted: 4 years ago #
  3. lovingboth

    It's possible that there are a million and a half sites selling Viagra by design and which haven't edited their sample post, but it's not very likely :)

    "Sorry, not right now" is a poor response to what would be a very, very simple fix to something that means WordPress has a reputation as a spam magnet.

    At the very, very least, comments should be off by default. Having a warning about turning them on without any spam protection would be nice, but not as essential as the basic request.

    Posted: 4 years ago #
  4. Ipstenu (Mika Epstein)

    People are more likely to turn something unused off than on. The whole reason things default to on is that, realistically, most people DO want comments. So turning them off by default would be contrary to real world usage.

    That said, it's easy to argue this one way or the other. Right now, WP is of the mindset that the average user is more likely to want comments on and, as such, they should default to on.

    Now all that said, there are plugins that can do this, for the people who want more control: http://wordpress.org/plugins/comment-control/

    but it's not a universal thing :/ Hence the not right now

    Posted: 4 years ago #
  5. lovingboth

    Of course people want comments. I want comments.

    What they - and we - don't want is for them to get a pile of spam because they've set up a WP site and not done anything much to it.

    Apparently, that's what's happened on at least one and a half million sites already. Whoever set them up left the default post in place, comments enabled. I am not about to look at all of them, but I'd bet that most have never made another post, i.e. a real one.

    A new installation of WordPress should start off safe, not as a spam magnet. What should happen is comments off by default, with the sample comment saying how to enable them.

    It wouldn't be perfect, but I'd even accept 'comments on for new posts, but off for the samples' as much better than the current position. Do people really want comments to things they haven't written?

    Posted: 4 years ago #
  6. Ipstenu (Mika Epstein)

    If people actually read the directions already, I'd agree with you :/

    They won't, and the forums would be filled with "OMG! NO COMMENTS!"

    (Now turning comments off on the Hello World post may not be a terrible idea at all, though most people just delete it and the sample comment in my experience.)

    Posted: 4 years ago #
  7. lovingboth

    A million and a half people / sites didn't delete it and presumably unwittingly left it as a spam magnet.

    What about starting with the settings / discussion / 'Before a comment appears - An administrator must always approve the comment' set to on?

    The people who can't / won't read the directions still get their comments (including on the sample post they haven't deleted!), and get email to tell them when they arrive. They just have to actively approve them before they appear - there's even a link to do that in the email.

    Some of them will doubtless approve the 'Great site, I will visit it often. By the way, see my GET VIAGRA NOW site'-type spam, but that's better than the current situation.

    Posted: 4 years ago #
  8. Ipstenu (Mika Epstein)

    What percentage of WP sites is that "million and a half" ?

    Out of two million, its a lot. Out of fifty, the amount of people getting it tat wrong drops?

    Also how many are splogs, fake sites, or - my favorite - people who install WP and never use it?

    Posted: 4 years ago #
  9. lovingboth

    Oh, I am not saying it is a high percentage. It's still a million and a half too many, isn't it? And there's a simple way to stop it getting higher.

    Yes, I bet lots of them are not using it. Some of those will be because they got so much spam, they gave up.

    As with those who have already been hacked because they followed the suggestion to use 'admin' as a username on a CMS that doesn't stop brute force attacks by default, cough, there's not much that can be done for existing sites - why doesn't WP have a remote kill switch?! :) - but there is something that can help stop new ones failing by default into a known problem.

    Posted: 4 years ago #
  10. Ipstenu (Mika Epstein)

    It's still a million and a half too many, isn't it?

    It would be, except grabbing a number like that is the math equivalent of a strawman argument :) And that's my issue with your statement, it's not provable if this is a significant value or not. It's a number. 65.1 million served at McDonalds is similarly meaningless. Is that 65.1 million people, or one 65 people a million times or ... what?

    My point is this:

    You feel that this would reduce spam.

    I feel this would increase the burden on support.

    We both agree the real problem is people aren't reading.

    (the admin/default account and HACKS are a different matter, don't change your horse midstream)

    Posted: 4 years ago #

RSS feed for this topic

Reply »

You must log in to post.

  • Rating

    7 Votes
  • Status

    Sorry, not right now