Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

No More Comment Spam

DZone's Guide to

No More Comment Spam

Problems with spam comments? See if Paul Underwood's WordPress plugin can help reduce or eliminate the spam filling up your blog's database.

· Web Dev Zone
Free Resource

Learn how to build modern digital experience apps with Crafter CMS. Download this eBook now. Brought to you in partnership with Crafter Software

Since moving my comments from Disqus back to native WordPress comments, I was getting a lot of spam comments—a couple every minute. I had the suggested plugins installed like Akismet.

Akismet is owned by Automattic, the same guys that make WordPress, and it's the recommended plugin to use to solve any spam comment problems you might be facing. But even with this installed, I was still getting spam comments all the time.

If I left this for a couple of days then the database would start to be filled with a lot of spam comments. I had to find a new solution on how to remove the spam comments from the WordPress site, as when using Disqus I wouldn't get any spam comments in my WordPress database.

Thinking about what Disqus did that would make sure no spam comments can come through and this is using JavaScript to load Disqus onto the page, making sure that any spam bots can't post the form, as JavaScript isn't loaded by bots.

Therefore, why can't we use JavaScript with native WordPress comments and add a hidden field onto the form? Then on posting the comment we check if this hidden field is posted—if it's not then we reject the comment.

Creating the Plugin

First we need to create a plugin that's going to add a JavaScript file to the page and another function to process the $_POST of the comment form.

<?php
/*
* Plugin Name: Paulund No More Comment Spam
* Plugin URI: https://paulund.co.uk
* Description: Remove comment spam from your WordPress site by checking for a JavaScript injected element
* Version: 1.0
* Author URI: https://paulund.co.uk
* License: GPL2
*/
class No_More_Comment_Spam
{
    /**
     * No_More_Comment_Spam constructor.
     * 
     * Add the scripts and preprocessor comment
     */
    public function __construct()
    {
        add_action('wp_enqueue_scripts', array($this, 'add_scripts'));
        add_action('preprocess_comment', array($this, 'check_for_element'));
    }

    /**
     * Add JS which will add the element to the page
     */
    public function add_scripts()
    {

    }

    /**
     * Check for the can comment element
     * 
     * @param $commentdata
     * @return mixed
     */
    public function check_for_element($commentdata)
    {

    }
}
new No_More_Comment_Spam();

As you can see in the constructor of the class we have 2 add_action() functions, one for wp_enqueue_scripts to add the JavaScript file, and preprocess_comment to process the comment data from the comment form.

Add JavaScript File

/**
 * Add JS which will add the element to the page
 */
public function add_scripts()
{
    wp_enqueue_script('add-comment-spam-js', plugin_dir_url(__FILE__) . 'js/no-more-comment-spam.js', array('jquery'), false, true);
}

Now we can create the JavaScript file to add the form element to the page. For this we just check for the commentform ID in the HTML and then append a new input hidden type to the form with a value of 99999.

$j=jQuery.noConflict();

$j(document).ready(function()
{
    if($j('#commentform').length > 0)
    {
        $j('#commentform').append('<input type="hidden" id="can-comment" name="can-comment" value="99999" />');
    }
});

On the server side, we need to check for this can-comment element and check the value is still the same and if it is then we allow the comment to go through.

Preprocess Comment

In this we need to check that the can-comment element exists—if it does, then we know the visitor had JavaScript on and is a real user and we can accept the comment. If the can-comment doesn't exist, then the user could either be spam or not have JavaScript turned on.

/**
 * Check for the can comment element
 * 
 * @param $commentdata
 * @return mixed
 */
public function check_for_element($commentdata)
{
    if(!isset($_POST['can-comment'])) {
        wp_die('Are you spam?');
    }

    if(empty($_POST['can-comment']))
    {
        wp_die('Are you spam?');
    }

    if($_POST['can-comment'] != 99999)
    {
        wp_die('Are you spam?');
    }

    return $commentdata;
}

Since having this small plugin installed I've gone from getting a spam comment every minute to ZERO spam comments; nothing filling up my database with spam comments.

You can either create this same plugin for your WordPress sites or Paulund members can download this same plugin and just install it on your site.

Crafter is a modern CMS platform for building modern websites and content-rich digital experiences. Download this eBook now. Brought to you in partnership with Crafter Software.

Topics:
comments ,data ,wordpress ,form ,javascript ,comment ,spam

Published at DZone with permission of Paul Underwood, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}