Today I got a comment POSTed by a spam bot straight into /wp-comments-post.php, even though Disqus was enabled. The bot knew how to post new comments even if no form is available – it’s very simple to do by using a manual POST request.
When Disqus is enabled, it should disable the built-in comment system, as all comments should go through the Disqus JS form.
I have created a patch which uses the dsq_can_replace() logic to determine if Disqus is enabled and tested it on a development site with Disqus enabled and disabled. When Disqus was enabled, it has successfully errored out with a 500 error and an explanation. When Disqus was disabled, it allowed the comment to go through.
I will post the pull request in a minute.
- The topic ‘[Plugin: Disqus Comment System] Disqus should disable POSTing of comments to built-in comments (patc’ is closed to new replies.