Nonces for comment submission

  1. LoneWolfMuskoka


    It seems that a great deal of comment spam comes from robots that seem to be hitting the wp-comments.php file without ever going to the site itself.

    I think it would be good to add nonces to the submission process so that you would have to actually submit from the comment form. This should eliminate the robotic spam.

    Posted: 9 years ago #
  2. mrclay


    -1 But good idea. For performance purposes you want to serve identical HTML to most visitors (this WP-Super-Cache). Plus the nonces would be no problem to work around for the next wave of spambots.

    Posted: 9 years ago #
  3. LoneWolfMuskoka



    I can see the performance issue being a problem. I wonder if there is a way get around that.

    Also, I'm curious as to how the spambots would get around the nonces. I imagine that it would at least force them to go to the post page first to figure out the nonce.

    If you could put a minimum time before submitting then you could probably catch out most of them or force them to run more slowly.

    But you've raised 2 very valid points and given me more stuff to think about 8=)

    Posted: 9 years ago #
  4. The easiest way to punt people hitting your comments file directly would be htaccess.

    # Stopping refferer spam
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.*example.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

    Also you can use the plugin Cookies fo Comments, which checks to make sure the visitor has a cookie before comment :)

    Posted: 7 years ago #

RSS feed for this topic


You must log in to post.

  • Rating

    9 Votes
  • Status

    Sorry, not right now