Support » Fixing WordPress » Phishing links

  • hey,
    lately, my blog has been flooded with phishing links in comments. people are somehow able to post link which points to different url ( and then redirects to phishing site.

    i guess they do this by posting links as [“url=phishing_site”]normal_link[“/url”]

    i already banned few words and made adjustments in file kses.php but it didnt help. i would appreciate a quick reply how to solve this (disable any links like that)

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Ipstenu (Mika Epstein)


    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    TinyURL works by making long URLs short. In essense, it obfuscates them. The spammers are using tinyurl to get around link-checking.

    Do you have Akismit installed? If so, consider adding on something like Bad Behavior.

    i know what tinyurl does. i know what spam is. this is nothing like that, these comments are manually added, very intentional, misusing some “feature” in wordpress. all i need to do is disable comment structure mentioned above.

    Moderator Ipstenu (Mika Epstein)


    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    No, they’re not misusing a feature of WordPress. They’re using it as intended. Adding links. They’re just being morons about it.

    To stop ALL comments from having links, go to Discussion Settings in your admin side and edit

    Hold a comment in the queue if it contains X or more links. (A common characteristic of comment spam is a large number of hyperlinks.)

    Make X to be 1.

    Alternately, you can look into the plugins I mentioned, which prevent them from spamming without making you affect your users and stop the good people from posting links.

    Ipstenu, I get like 500 comments a day so manually checking all comments with links is not an option. i just need to print literally what users enter.

    Moderator Ipstenu (Mika Epstein)


    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    I really think you’re making way too much of this and going about it the wrong way. The solution to ‘OMG Spam!’ is not ‘disable all links’, as that will prevent your 500-commenters a day that are legitimate from ever being able to post a link. How many spammers with these links are you getting to make this a tenable solution?

    But. You want what you want. Here are two options.

    Literal Comments can disable ALL HTML from comments. No HTML means no links. However, the spam post, with the spam URL, will still be there. Someone could follow it. And that’s what they want, those dirty spammers. The other downside is that you’ll loose bolding, italics and all that.

    Strip! allows you hide links from a given comment. Click a button, link is gone. Problem there is you’ll still need to moderate the links.

    My suggestions before you go whole hog:
    Add the Akismet and Bad-Behavior plugins. My spam was cut down to 2 (yes, 2) a month (yes, a month) that got past those two. If you’re using them and these spammers are still getting through then look into WP-SpamFree.

    Also, double check that the advice in Combating Comment Spam has been followed. It’s good advice.

    There are a whole lot of plugins for combatting spam, and you’ll have to sort out which one works best, but really, yanking all links should be a last ‘I am getting 100 spam posts a day!’ thing.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Phishing links’ is closed to new replies.