Robert Watcher
Well-known member
There are plugins - there are all kinds of IP detection, blacklisting, Captcha schemes designed to block bots and other unwelcome visitors from filling up your Comments box and all of the management required to approve comments and delete all of the junk..
And so here is my logic that has worked pretty well so far for me. While I don't use Wordpress, they are both very simple to implement into the Wordpress source code I would think.
First thing is an amazingly simple concept I figured out several years ago. It has to do with preventing "automated" spamming - which I feel is a large percentage of spam. These type of bots fill in every form field to cover all of the bases. So if you introduce a field that is hidden from view using CSS - - - it can easily be checked if there is any content in that field when the form is processed. If there is content in there, then it is an automated spambot because no human can see that field as it is not displayed (it isn't a "hidden" field).
So in the form you may add something like <input type="text" name="special" style="display:none;" />
And then in the processing section, you can check if that field is empty and allow the processing to continue using if ($_POST['special']='') { } - - - in other words if the post variable "special" is empty.
You may be amazed that will get rid of a lot if not most of spam.
However - humans do enter Spam as well. IP blocking doesn't necessarily work that well as they can easily provide a fake IP. As well, you may end up blocking other legitimate viewers who use that IP. I had this issue where Spammers were getting around me blocking the IP that was present when they posted a comment. And so I started to look for a consistent "pattern". The email was always different - the user name was always different. I just about gave up when I got wondering why they are doing this. In most cases they are wanting to post links - - - otherwise, why would they bother just posting plain text right?
And so I already was stripping out HTML tags for links like <a href=""></a> - - -but then I noticed the pattern. This spammer was using the url BB code tags in the message to cover for the html tags being stripped out. Ingenious. And so what I ended up doing was use the PHP function stristr to see if the text "[url" was present in the comment. So the code if (stristr($_POST['comment'], '[url')) { $dontpost = true; } worked perfectly. So if $dontpost = true; then you wouldn't allow the database to be updated or an email sent to you letting you know there was a post. It can just bypass that whole process. They could keep on sending and you wouldn't know the difference.
I am posting this for those that have a basic knowledge of how to change bits of code in Wordpress. It would be quite simple. But for those who don't know, it may be a challenge. But when you think about that logic - it should cover most scenarios where someone is crating havoc with your Comments and where you get frustrated and want to get rid of them. Of course if plugins are working for you, that is great as well.
These modifications will also work with email forms as well.
And so here is my logic that has worked pretty well so far for me. While I don't use Wordpress, they are both very simple to implement into the Wordpress source code I would think.
First thing is an amazingly simple concept I figured out several years ago. It has to do with preventing "automated" spamming - which I feel is a large percentage of spam. These type of bots fill in every form field to cover all of the bases. So if you introduce a field that is hidden from view using CSS - - - it can easily be checked if there is any content in that field when the form is processed. If there is content in there, then it is an automated spambot because no human can see that field as it is not displayed (it isn't a "hidden" field).
So in the form you may add something like <input type="text" name="special" style="display:none;" />
And then in the processing section, you can check if that field is empty and allow the processing to continue using if ($_POST['special']='') { } - - - in other words if the post variable "special" is empty.
You may be amazed that will get rid of a lot if not most of spam.
However - humans do enter Spam as well. IP blocking doesn't necessarily work that well as they can easily provide a fake IP. As well, you may end up blocking other legitimate viewers who use that IP. I had this issue where Spammers were getting around me blocking the IP that was present when they posted a comment. And so I started to look for a consistent "pattern". The email was always different - the user name was always different. I just about gave up when I got wondering why they are doing this. In most cases they are wanting to post links - - - otherwise, why would they bother just posting plain text right?
And so I already was stripping out HTML tags for links like <a href=""></a> - - -but then I noticed the pattern. This spammer was using the url BB code tags in the message to cover for the html tags being stripped out. Ingenious. And so what I ended up doing was use the PHP function stristr to see if the text "[url" was present in the comment. So the code if (stristr($_POST['comment'], '[url')) { $dontpost = true; } worked perfectly. So if $dontpost = true; then you wouldn't allow the database to be updated or an email sent to you letting you know there was a post. It can just bypass that whole process. They could keep on sending and you wouldn't know the difference.
I am posting this for those that have a basic knowledge of how to change bits of code in Wordpress. It would be quite simple. But for those who don't know, it may be a challenge. But when you think about that logic - it should cover most scenarios where someone is crating havoc with your Comments and where you get frustrated and want to get rid of them. Of course if plugins are working for you, that is great as well.
These modifications will also work with email forms as well.