Example of modifying the PHP script to enable WordPress to intercept spam comments

This article describes how to modify the PHP script to enable WordPress to intercept spam comments. This article describes how to modify the topic functions. php to implement related functions. For more information, see Intercept English spam comments

Because the vast majority of spam comments are in English, many domestic friends are using Some Chinese Please plug-ins, which can effectively intercept comment and trackback (pingback) without Chinese characters ), without writing data to the database, spam can effectively reduce unnecessary use of the blog server. Although it has not been updated for more than two years, it is still available.

You can also simply add the following code to the functions. php file of the topic. The effect is the same as that of using Some Chinese Please plug-ins:

/* Refused spam */function refused_spam_comments ($ comment_data) {$ pattern = '/[1-snapshot]/U'; if (! Preg_match ($ pattern, $ comment_data ['Comment _ content']) {err ('comments must contain Chinese! ');} Return ($ comment_data);} add_filter ('preprocess _ comment', 'refused _ spam_comments ');

@ Teddysun http://teddysun.com/Wordpress does not have the err function (this function may exist in the topic of @ Robin ). Therefore, no message is prompted. It is better to use the wp_die function, so there will be a prompt. Therefore, if the above code does not take effect, you can use the following code:

/* Refused spam */function refused_spam_comments ($ comment_data) {$ pattern = '/[1-snapshot]/U'; if (! Preg_match ($ pattern, $ comment_data ['Comment _ content']) {wp_die ('comments must contain Chinese! ');} Return ($ comment_data);} add_filter ('preprocess _ comment', 'refused _ spam_comments ');

For spam that uses technical means such as GET and POST without entering the front-end form and directly reads the background program files, only shielding IP addresses can alleviate the attacks like crazy dogs, other verification codes, sliding locks, and so on are useless.

Prohibit access from some IP addresses

You can add the following in the. htaccess file:

Order Deny,Allow Deny from xxx.xxx.xxx.xx Deny from xxx.xxx.xxx.xx

Intercept Chinese spam comments

If a large number of spam comments are found to be Chinese, you can use a small wall tool written by Willin Kan, which theoretically shields spam sent by robots by 100%. if the comment is submitted by a natural person, Xiaoqiang adds a hidden variable to the comment submission form. if this variable is not detected in the background, the variable is identified as spam. you can select the variable to be reviewed, you can also filter it out directly.

If the recipient knows the hidden variable you are using or uses virtual clicks, the small wall can be broken. however, spam is a matter of low costs and winning by quantity. unless it's your revenge against spammer, I believe people will not be so bored to break your wall. in addition, the number of spam robots accounts for the vast majority. This tool is necessary.

It seems that Willin does not need WordPress now, and the website is being maintained. I will paste the small wall code below. it is easy to use. copy to function. php file. here, wall is a hidden keyword. if you need it, you can modify it yourself (if you do not need it ).

Class anti_spam {// Create function anti_spam () {if (! Current_user_can ('level _ 0') {add_action ('Template _ redirect ', array ($ this, 'W _ TB'), 1); add_action ('init ', array ($ this, 'gate'), 1); add_action ('preprocess _ comment', array ($ this, 'sinsind'), 1 );}} // Set the bitwise function w_tb () {if (is_singular () {ob_start (create_function ('$ input', 'Return preg_replace ("# textarea (. *?) Name = ([\ "\ ']) comment ([\" \']) (. +)/textarea> # "," textarea $1 name = $2 wall $3 $4/textarea>", $ Input); ') ;}// query function gate (){(! Empty ($ _ POST ['wall']) & empty ($ _ POST ['comment'])? $ _ POST ['comment'] =_ _ POST ['wall']: $ _ POST ['spam _ confirmed '] = 1 ;} // process function sink ($ comment) {if (! Empty ($ _ POST ['spam _ confirmed ']) {// Method 1: directly remove the die (); remove the first two oblique values. // die (); // Method 2: mark it as spam, and check whether the spam is determined by the keyword in the data preview. // add_filter ('pre _ comment_approved ', create_function ('', 'Return" spam ";')); /* $ is_ping = in_array ($ comment ['Comment _ type'], array ('pingback', 'trackback ')); $ comment ['Comment _ content'] = ($ is_ping )? "◎ This is Pingback/Trackback. I suspect this may be Spam! \ N ". $ comment ['Comment _ content']:" [This is Spam! ] \ N ". $ comment ['Comment _ content']; * // processing method of MG12 $ is_ping = in_array ($ comment ['Comment _ type'], array ('pingback ', 'trackback'); if (! $ Is_ping) {die () ;}return $ comment ;}} new anti_spam ();

Computing frontend processing time

At the top of the input box, use JavaScript to take a timestamp as a global variable and obtain the submission time when submitting the form. The two time values are subtracted. if the value is smaller than the possible value, it is regarded as a robot. comments judged as robots can be processed by small walls or not (no server resources are occupied, but spam information cannot be recorded ).

Compared with the small wall, this method is more reliable, but it is not without a vulnerability, as long as spammer makes a setTimeout delay release, it will be broken.

Timestamp

The old robot method is very practical, but has the biggest drawback: poor user experience. A visitor is required to fill in a hard-to-observe number, severely suppressing the enthusiasm of reviewers. many such plug-ins are available on the WordPress platform, but I do not recommend them.