Hidden ID values for fields on comment forms to deter spam bots

  1. hemmeter


    Akismet does a great job capturing comment spam, but I think it'd be nice if there was an easy way to stop the spam bots from filling out the forms in the first place. This idea might be better suited as part of the Akismet plugin, but I thought I'd start here. Here's my idea...

    The idea is to use fake ID values on the public HTML comment form and then translate those ID values to the real ones when comments are submitted. This translation would occur inside WordPress PHP code.

    For example, the default ID value for the name entered into a comment is "author". I assume spam bots look for the ID "author" (and other possible names) when filling out the form. What if that field's id was changed to "453n43nk4%#"? When the comment is submitted, WordPress would know that "453n43nk4%#" = "author". However, when a spam bot fills out a form on the site or submits a comment via a HTTP call, they would look for/send over "author" and WordPress wouldn't know what to do with it because it wants to get "453n43nk4%#".

    If this worked, you could go even further and have WordPress generate a new ID code each day/session/etc.

    Posted: 10 years ago #
  2. John Havlik

    hemmeter, if scrambling is not done semi-randomly (e.g., if 453n43nk4%# always meant author) then the spammers would just have to update their clients for the new terms. If these were random, then it would work better, though the method of implementation I have in mind would not be very gentle to the server running WordPress. Additionally, this could only stop spammers that directly access the wp-comments-post.php file without going to a comment form.

    Posted: 10 years ago #
  3. Ipstenu (Mika Epstein)

    Plugins do this, like http://wordpress.org/extend/plugins/spam-honeypot/

    Posted: 8 years ago #

RSS feed for this topic

Topic Closed

This topic has been closed to new replies.

  • Rating

    1 Vote
  • Status

    This is plugin territory