Support » Fixing WordPress » Comment Spam

  • It seems the auto-spammers have hit WP. They use programs like “Link Dump” to directly hit the wp-comments-post.php directly.
    Many of my hosting clients are getting hit with over 3-4000+ pieces of comment spam a day – – including my own blog.
    The moderation for spam is nice, including the filter list – however, when you’re getting that many spam hits in a day – you still get the emails and you still have to go in and delete the comments out of the queue — which is frustrating and timely.
    The trick is to stop them from sending the spam in the first place:
    Change the name of your wp-comments-post.php to something else – – I changed mine to something like: stopspam-post.php.
    Then in your wp-comments.php template — look for this code:
    <form action="<?php echo $siteurl; ?>/wp-comments-post.php" method="post" id="commentform">
    And change the wp-commens-post.php to the file that you renamed it to.
    For example, since I renamed my wp-comments-post.php to stopspam-post.php — that line in the wp-comments.php now looks like this:
    <form action="<?php echo $siteurl; ?>/stopspam-post.php" method="post" id="commentform">
    On a day that I was getting hit with over 4000 spam hits, the very minute I did this – it stopped and they haven’t returned. It doesn’t stop the one time spammer who actually clicks your comments link and manually enters their spam – – but those guys are easier to maintain than these autospammers.

Viewing 15 replies - 1 through 15 (of 91 total)
  • Looks good, but what did you really rename your file to?

    typo in the first line. I renamed it stopspam-post.php
    Really, you can rename it to anything you want to, it doesn’t matter as long as it matches the code line in your wp-comments.php

    Oh no! My reply just hit the ether.
    I’m obviously new to this stuff, and thot there was something needful with “sapm”. I see now it doesn’t.
    In going thru all my files, i see that wp-comments-post.php is called in a couple of other files:
    Should the file name be changed there too?

    You can change the line in wp-popup-comments.php if you use popup comments. I don’t use popup comments, so I didn’t include that . . but should have.
    I did not change it in wp-comments-reply.php — haven’t had any issues with that at all. Not sure what that file does, but I would imagine it should be changed there too. 🙂

    This is very helpful, but is there a way to set wordpress so that only those who have registered can post a comment?

    I love to read from someone who actually searched for a solution prior to post a request. Good example.
    I’m also touched by comment spam since a few days. Nothing too ugly so far.
    But I might create a comment form with security images included. You know, those images with digits you have to enter to be able to proceed with the form. That should stop most if not all of the automated spam. From the documentation I’ve read it isn’t THAT complicated to implement. I’ll work on that in the next weeks. I’m pretty sure everyone prefers that type of solution rather than to have everyone to register.

    I’ve followed the instructions in this post and renamed the files, but I’m still getting spam.

    I did the rename described here – just renamed it to something else. (perhaps the spammers are reading support and adapted to ‘stopspam-post.php’ – just a guess). Since doing the rename process described here, no spam has come through. It would seem that if everyone picks some random ‘rename’ of the files/script parts – then the spammers cannot adapt to all. Of course, if someone wants to zap a specific site, they can see what to adapt to within the script. So, I’m going to try and implement some of the other ‘comment spam’ fixes, too.

    I also followed the suggestion and renamed the .php file to a unique name. I am still getting tons of comment spam.

    I too renamed mine to something completely unrelated to anything and I am still getting this spam, is there a way to just dump the comments instead of moderateing them? The innocous comment with less than 2 links seems to work just fine, I haven’t had a real commetn get moderated yet. At this point I would just prefer a delete all button or toss them into the dumper. When your getting 15 a day it is still a pain to go in and click delete on each of them.

    Whats the verdict guys ? Does the renaming trick work ? What is causing the breakages ?

    The answer is no. It doesnt’t. Thanks for the interest.

    FYI, I’ve found that renaming it from wp-comment-post.php has stopped a bunch of subsequent attempts that someone has been making.

    One of the reasons that spams still reaches you is because you have not deleted wp-comments-post.php from the server.

    There is a lot of work going into spam management for the next release, but we all have to understand that this is a Cold War…as hard as we work to counteract their efforts, the spammers are equal to the task in looking for methods to circumvent everything we throw at them.
    Your only guaranteed method to stop this is to turn of your comments totally, or don’t have a blog that is open to the internet.

Viewing 15 replies - 1 through 15 (of 91 total)
  • The topic ‘Comment Spam’ is closed to new replies.