Stop spam bot comments

Stop spam bot comments

Stop spam bot comments

From time to time I got a few spam comments at my blog. Such comments contain multiple links inside to increase somebody’s sites ratings in the search engines results. This job is made by software bots obviously.
I use Disqus comment system plugin for users comments here at shinephp.com. This plugin duplicates any comment sent to Disqus in your WordPress blog database. This is good thing in case you decide to change comments system in the future. But I still got some comments at my WordPress database only without pair at Disqus. So I have a conclusion that there is a way to send comments to WordPress blog even without opening its post in the browser. Cases when the same comment text inserted into multiple posts at the same time just confirmed my thoughts.
While there were 2-3 spam comments a day I did not take much attention to that. But recent days spam comments quant was drammatically increased to about 30 a day. So I had to search a way to stop this annoying thing.
Good news! It seems I found the right decision.
Spamers use WordPress built-in functionality to make their bad business. Such functionality is provided by code in wp-comments-post.php file, which allows to send comment for any blog post programmatically, without visiting blog and opening post in the browser.
The 1st thought which I got was just insert return; operator at the begin of this file. That is the simplest decision but not the best one as any WordPress update will break it.
So I read the code and (thanks to WordPress developers) found correspondent action pre_comment_on_post, which we can use to absolutely block the wp-comments-post.php usage without changing a bit of code inside this file. We just need to define procedure to execute for the pre_comment_on_post action, which fully stops wp-comments-post.php code execution. Thus, to block spam bot comments through wp-comments-post.php I added the code below to my blog theme functions.php file:

function block_wp_comments() {
  wp_die( __('Sorry, comments are closed for this item.') );
}
// end of block_wp_comments()
 
add_action('pre_comment_on_post', 'block_wp_comments');

If you use Disqus comment system plugin and suffer from plenty spam comments inserted to your WordPress database directly, try this decision. I hope it will help to you as good as it does for me. I have not any comments from spam bots about a week 🙂 already.

Another ways which could help in the fight with spam comments in general are described at WordPress Codex article Combating Comment Spam/Denying Access.

Tags: ,

  • Pingback: Disqus users: How to stop bot & script comments in Wordpress()

  • Novice question about placement 🙂 I put that code at the bottom of my functions.php file. Does it need to be in a specific place other than within that file? Thank you!

  • It could be placed at some other places, but with the same effect – making WordPress plugin, put as .php file into wp-content/mu-plugins/ folder. Placing this code into theme’s functions.php file is quite enough. You will think about other places possibly, if you plan to change themes at your site.

  • Wonderful! Thanks so much for the help 🙂

  • Awesome tip! We just installed disqus at our site hoping to eliminate the problem with comment spam. This works!

  • Thanks for sharing this information.

  • Does this still work on 3.8?

  • Yes, this decision is valid for WordPress 3.8 too.

  • Вадим Абрамов

    df

  • I’m still getting bot comments. Does this still work with WordPress 4.5.2 ?