WordPress spam comments have always been super annoying. Without an effective blocking solution, the website will be instantly overwhelmed by hundreds of spam comments every day.
Because it is an unavoidable problem for every WordPress site, everyone has shown their talents and come up with many solutions. Here is a summary of the characteristics, pros and cons of each method:
Identify spam comments
Represented by the Akismet plug-in, it determines whether a comment is spam based on the comment content or the commenter’s information, and then decides whether to block it. After turning it on, it can intercept almost all spam comments, but the biggest flaw of this method is misjudgment. This site has been using the Akismet plug-in before, and the probability of misjudgment is still quite high. Even if you often check the trash can, occasionally a normal comment mixed with a lot of spam comments can be easily missed. Secondly, it will slow down the speed of submitting comments, because each comment must first be sent to Akismet’s foreign server for identification.
Non-Chinese comments are prohibited
More than 90% of spam comments come from abroad, so this method can intercept more than 90% of spam comments. However, the disadvantage is that it cannot send pure emoticons and normal comments such as “2333” and “Thanks”, and Chinese spam comments cannot be intercepted.
Modify comment post address
Although this method seems a bit self-deceptive, the effect is surprisingly good, because most of the spam comments are mentally retarded and only know how to submit spam comments through wp-comments-post.php in the root directory of the post website. What’s a little more troublesome is that WordPress needs to be re-modified every time it is upgraded.
Manual verification plug-in
For example, drag-and-drop unlocking, puzzles, and verification codes have good effects, but they sacrifice user experience and are unnecessary for small sites.
Set token
This site has now switched to this method. The principle is that every time the page is refreshed, the backend will return a different token and place it anywhere on the page, and then use JavaScript to fill the token into a hidden input at the appropriate time. When submitting a comment, the value of the hidden input (normally the token) will be submitted together. The backend will judge whether the comment is submitted through normal channels by judging whether the value is legal. Although this method can also be cracked, the difficulty of cracking is obviously much higher. More importantly, the token algorithm and the structure of the hidden input are easy to change. Every simple small modification can make the crack invalid.
It is also very simple to use. Just put the following code into the theme’s function.php. The code is as follows:
$leonax_magic_lower = 328; // token 最小值,自己随意修改
$leonax_magic_upper = 3450709; // token 最大值,自己随意修改
function leonax_anti_spam_form($fields){
global $leonax_magic_lower, $leonax_magic_upper;
$leonax_magic = mt_rand($leonax_magic_lower, $leonax_magic_upper); // 放在页面的token值,是一个随机数,每次都不同
$fields['leonax_magic'] = <<<EOT
<input type="hidden" id="leonax-magic" name="leonax-magic" value="0"> // 隐藏的 input
<script>
$(function() {
$("#comment-content").on("keyup", function() { // js 检测到触发 keyup、click 或 touch 事件时填充 token
$("#leonax-magic").val("$leonax_magic");
});
$('body').on('click touch', function () {
$("#leonax-magic").val("$leonax_magic");
});
})
</script>
EOT;
return $fields;
}
add_filter('comment_form_default_fields', 'leonax_anti_spam_form');
function leonax_anit_spam_caught() {
wp_die('<strong>评论失败</strong>: 垃圾评论什么的去死吧!');
}
function leonax_anti_spam_check( $commentdata ) {
$comment_type = '';
if ( isset($commentdata['comment_type']) ) {
$comment_type = trim($commentdata['comment_type']);
}
if ( ($comment_type == 'pingback') || ($comment_type == 'trackback') ) {
return $commentdata;
}
$content = '';
if ( isset($commentdata['comment_content']) ) {
$content = trim($commentdata['comment_content']);
}
if (!strlen($content)) {
leonax_anit_spam_caught();
}
global $leonax_magic_lower, $leonax_magic_upper;
if ( isset($commentdata['user_ID']) && $commentdata['user_ID'] ) { // 登陆用户不做判断
return $commentdata;
}
if ( !isset($_POST['leonax-magic']) ) {
leonax_anit_spam_caught();
}
$magic = intval($_POST['leonax-magic']);
if ($magic < $leonax_magic_lower || $magic > $leonax_magic_upper) { // token 值在上面设置的最大值和最小值之间才合法
leonax_anit_spam_caught();
}
return $commentdata;
}
add_filter( 'preprocess_comment' , 'leonax_anti_spam_check' );The above code comes from LEONA+ and JustYY.com.
Only these methods have been found so far, welcome to add more.