Fighting WordPress Spam by Removing the Website Field and Comment Hyperlinks

It’s been a minute since my last blog post… But after searching the internet high and low on how to get rid of annoying WordPress Blog Comment Spam (for a client;~D)… I put together a two-step solution that worked for me. So when it came to documenting the process, I thought => why not a blog article? And here we are…

BEFORE you start… I should state that these fixes are NOT for the faint of heart. You need to be somewhat comfortable with getting your hands dirty in some code. Nothing crazy, but using [delete] should not send you into a spiral. This solution will also assume you have knowledge of WordPress file/folder locations as well.  That said, read on...

Setting the stage:

So you read several blog articles about the “easy” (cough: plugin) way of curing your blog from receiving spam (here is a GREAT thorough get-rid-of-spam article check off list from WP Beginners), but… the list didn’t stave off determined humans (non-bots) from still posting. Doing the things in the WP Beginners article are still good to do => like adding Google reCAPTCHA, etc… BUT unfortunately they didn't work on my site or my client's site (even the code solutions in their article) for getting rid of the Website form field, NOR the removal of all the human typed => “hyperlink infested comments”. These comments are used to create backlinks to the spammer's website, thereby theoretically increasing their Google page ranking. Spam comments were still showing up in my client’s WP admin area in the  “Pending” approval comment list. What I (and my client) wanted was to NOT see these in Pending, but for them to automatically go straight to the Comment Trash list and also for the Website field to NOT be included in the comment form either!!

Step One - Remove the Website Field from the Blog Comment Form:

  1. Open the comments.php file located (typically) in your theme’s root folder, in your favorite code editor (I am using Adobe Brackets in the picture below)
  2. SAVE the original file on your harddrive JUST in case!! First!! (I like to save all of my originals with their paths of where they are found, in the file name using underscores ex: wp-content_theme_comments.php)
  3. Locate the HTML that creates the “URL” field (that is what they call the Website form field)
  4. Delete the HTML - see the highlighted code below (NO spiraling allowed!!  ;~D)
  5. Save as the new file with the original name of comments.php
  6. Upload the file to the original location (I like to delete the old file on the server first, then upload the new, but you could simply overwrite the old file)

That’s it!! No fuss, no added plugin, the field is JUST => GONE!! Whoot!! What I figured out was, PHP does not care if you remove HTML… So why not just do that?! If you are ever feeling nostalgic for that Website "url" field - you can always go back to the original file that you saved.

Step Two - Send the Comments with hyperlinks ALL to the Trash List!!

  1. We are going to use Tip #3 in this (shout out to my FAV designer website writing about how to fight spam) SmashingMagazine.com article: 10 WordPress Comments hacks
  2. Tip #3 Get Rid Of HTML Links In Comments
    1. Open the functions.php file located (typically) in your theme's folder in your favorite code editor. (Same folder location for the comment.php file above in step one)
    2. SAVE the original file on your harddrive JUST in case!! First!! (I like to save all of my originals with their paths of where they are found in the file name using underscores ex: wp-content_theme__functions.php)
    3. This time you are going to add the following code to the functions.php file:

Code to Get Rid Of HTML Links In Comments

function plc_comment_post( $incoming_comment ) {
  $incoming_comment['comment_content'] = htmlspecialchars($incoming_comment['comment_content']);
  $incoming_comment['comment_content'] = str_replace( "'", ''', $incoming_comment['comment_content'] );
  return( $incoming_comment );
}

function plc_comment_display( $comment_to_display ) {
  $comment_to_display = str_replace( ''', "'", $comment_to_display );
  return $comment_to_display;
}

add_filter('preprocess_comment', 'plc_comment_post', '', 1);
add_filter('comment_text', 'plc_comment_display', '', 1);
add_filter('comment_text_rss', 'plc_comment_display', '', 1);
add_filter('comment_excerpt', 'plc_comment_display', '', 1);

D. Save as the file back to the original name of functions.php

E. Upload the file to the original location (I like to delete the old file on the server first, then upload the new, but you could simply overwrite the old file)

What this code will do is replace the HTML tags with regular text - this allows WordPress to THEN not recognize the HTML code it typically protects!!! And because of that => we can target that text in the next step!

Add to the WordPress Blacklist:

  1. Open your WordPress Admin area
  2. Go to Settings => Discussions => Comment Blacklist
  3. In the Comment Blacklist field type http (on one line - hit enter) and https (on the next line)
  4. Save the changes

Et voila or as I like to say => Taaaaaa Daaaa ;~D That is it, if you log out of your WordPress admin account and go to one of your blog articles - you will see the Website field will not be there. Type a comment and put a URL in the comments area. Submit it, then log in to your WP Admin area, take a look at your comment lists and notice that because of your using the Blacklist, you will find your comment in the Trash list!! I like to delete the Comments Trash every so often, but at least you are not having the spam comments mucking up your Pending Comments list or posting on your blog, depending on how you have it set up!!

No Comments Yet.

Leave a comment