Hmm… that’s odd.
A couple of questions —
1) It would help to see a link to your blog. Otherwise, it’s really hard to see how you have everything setup.
2) If you are not logged in, and you navigate to where you would normally post a comment, what does it say? Mine is setup similar to yours (except I allow anyone to register), and mine says “You must be logged in to post a comment” and the “logged in” is a link to the login page. Is yours similar?
How are the spammers getting around the “registered and logged in” requirement?
They’re not. Those aren’t comments. They’re track/pingbacks. You’ve disabled comments, but have you disabled pingbacks? On every post (since it’s a per post setting)?
Install Bad Behavior and Akismet. Bad Behavior just straight up blocks like 80-90% of these, and Akismet catches the rest.
If you’d rather just disable trackbacks and pingbacks, then there is an option to do so on the discussions page. But these settings are just the default settings for new posts. All your old posts that had this turned on will have to be changed as well. Edit a post and look in the upper right hand corner of the screen, under discussion. There’s where you can turn it off. Installing BB and Akismet is easier, most likely.
What does a trackback or pingback look like? These things I’m getting look exactly like comments. The email I get asking me to moderate them refers to them as comments. If I approve one, it appears along with other comments and is indistinguishable from a comment. Can it walk like a comment and talk like a comment and still not be a comment?
My WordPress blog is at http://thinkofit.com/wordpress
Here’s an example of the moderation alerts I’m getting:
A new comment on the post #11 “Mouse Traps” is waiting for your approval
http://thinkofit.com/wordpress/?p=11
Author : box cigar purse wholesale (IP: 212.56.202.147 , static-212.56.202.147.mldnet.com)
E-mail :
URI : http://www.allgooddirect.info/box-cigar-purse-wholesale.html
Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=212.56.202.147
Comment:
box cigar purse wholesale
Thanks for clearing this up .
To approve this comment, visit: http://thinkofit.com/wordpress/wp-admin/post.php?action=mailapprovecomment&p=11&comment=79
To delete this comment, visit: http://thinkofit.com/wordpress/wp-admin/post.php?action=confirmdeletecomment&p=11&comment=79
Currently 4 comments are waiting for approval. Please visit the moderation panel:
http://thinkofit.com/wordpress/wp-admin/moderation.php
They look like comments and they do show up among the comments.
Just do what Otto said above.
If you don’t trust automated spamcatchers or if you just want to turn off trackbacks for some other reason, and if you have a lot of old postings that you want to switch over, then rather than doing it one-by-one, you can do it in your wp database. Just run the query:
UPDATE wp_posts SET ping_status=’closed’ WHERE 1
It would be nice if this was possible within WordPress, and also if ping notifications looked different from comment notifications so that people wouldn’t have to waste time trying to figure out why requiring registration for comments seems to have no effect.
Further to this, what is the point of making it possible to require registration for comments if this can easily be evaded just by sending trackbacks? Shouldn’t there be a way of enabling trackbacks only from registered users, and shouldn’t the setting of registration required for comments also automatically do the same for trackbacks?
Shouldn’t there be a way of enabling trackbacks only from registered users,
That’s a total nonsense. Or you just don’t understand the TBs.
http://codex.wordpress.org/Introduction_to_Blogging#Trackbacks
Can it walk like a comment and talk like a comment and still not be a comment?
Trackbacks and pings are intended to be a way of notifying someone that you have mentioned their post on your blog, without having to manually post a comment to tell them that they might want to check out what you wrote. Blogs talking to each other rather than visitors talking to your blog, so to speak. Good for discussion, but with the drawback that it can be abused the same way as comments. And they are handled differently because some people want to receive only trackbacks or be able to set them manually for each posts and so on.
I can only agree with the people who have suggested automated spam filtering. I use Akismet, and it does a good job.
I’m another one getting twenty porn-spams an hour despite all attempts to restrict comments. I’ve tried disabling comments on those posts that attract the most; sometimes this works but usually I get
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, [myaddress] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Don’t invent the wheel… and they are NOT comments (if you’ve read the whole topic). Just install an anti-spam plugin (or two) and you will be OK.
Um, forgive a silly question, if they are not comments why do they appear in my Comments Moderation Queue with email notification that “you have 1 zillion new comments“?
You’ve disabled comments, but have you disabled pingbacks? On every post (since it’s a per post setting)?
I guess it has to be mentioned that there is a setting in Options/Discussion to disable link notifications. Didn’t think of that until I saw it now and thought of this thread. It only determines if the option on the post panel is checked or unchecked by default, so old posts still have to be changed.
moshu, thank you for your non-response to the question
bronto,
as Moshu has already elaborated, trackbacks are not comments, in the sense that they cannot be _restricted_ like a standard “comment” Trackbacks and pingbacks are sent remotely from another site, thusly you CANNOT restrict them to registered users.
http://en.wikipedia.org/wiki/Trackback
If you want to deter trackback spam, there are tons of plugin solutions available. You can also disable the ability to accept trackbacks by ticking off ONE simple checkbox in the admin area, or by removing files completely from your install .. OR .. OR … OR… (in other words, this is an issue thats been discussed a million times here and has been covered extensively)
Thanks for answering, again, the question that I didn’t ask. I’ll try a different question:
May we hope that in some future version trackbacks and pingbacks will not be announced as comments? That they will not appear in a comments moderation queue, or, if they do appear in the same queue, the queue will be renamed the comments, trackbacks and pingbacks moderation queue?
Or is this confusion a feature rather than a flaw?
