Now Forget about Spam Comment in WordPress

Released: Download Forget Spam Comment Plugin.

The default commenting system of WordPress has two major problems.

  1. Attracting spam comments.
  2. Not sending follow-up email to the comment author (Will discuss in a while).

Let’s talk about its solutions.

Preventing Spam Comments

Instead of directly allowing anyone to make POST request at /wp-comments-post.php we can add some logic to prevent spam comments by 100%.

Step 1. Restrict Comment POST request Path over Query Parameter

I am going to share three ways, use one method.

Apache

  • Yoast > Go to Tools > File Editor
  • RankMath > Go to General Settings > Edit .htaccess
  • FTP/SSH > Check /var/www/html
# If Query string doesn't matches return 404
<IfModule mod_rewrite.c>
	RewriteEngine On
        RewriteCond %{REQUEST_URI} .wp-comments-post\.php
        RewriteCond %{QUERY_STRING} !^45jpfAY9RcNeFP
	RewriteRule (.*) - [R=404,L]
</IfModule>

If you’re on LiteSpeed, it also support .htaccess file. You must restart after implementation.

NGINX

location = /wp-comments-post.php {

 if ($query_string !~ "45jpfAY9RcNeFP") {
     return 404;
  }
}

Cloudflare

  • Login to Cloudflare Dashboard
  • Go to Firewall > Firewall Rules
  • Create a new firewall rule with below expression
FieldOperatorValue
URIcontainswp-comments-post.phpAnd
URL Query Stringdoes not equal45jpfAY9RcNeFP
  • Choose Action: Block

At the end, you will see expression

(http.request.uri contains "wp-comments-post.php" and http.request.uri.query ne "45jpfAY9RcNeFP")

Step 2. Correct the Comment POST URL on Scroll event

  • Add below function using Code Snippets plugin or theme functions.php
  • Make sure to use correct domain and form ID.
function correct_comment_url_on_scroll() {
// Check if Comment is enabled
if(comments_open()) echo '<script>
let commentForm = document.querySelector("#commentform, #ast-commentform, #ht-commentform");

// Load new comment path on the scroll event
document.onscroll = function () {
    commentForm.action = "https://www.example.com/wp-comments-post.php?45jpfAY9RcNeFP";
};
</script>';
}
add_action('wp_footer', 'correct_comment_url_on_scroll', 99);

Alternatively, if you’re a GeneratePress Premium theme User you can add above JS part directly using Elements module.

<script>
let commentForm = document.querySelector("#commentform");

commentForm.action = "https://www.example.com/wp-comments-post.php";
// Load new comment path on the scroll event
document.onscroll = function () {
    commentForm.action = "https://www.example.com/wp-comments-post.php?45jpfAY9RcNeFP";
};
</script>
  • Add a new hook
  • New Hook Title: Change Comment URL on the Fly
  • Hook: WP Footer
  • Priority: 99
  • Location: Posts – All posts
  • Publish

How to check if it is working?

  • Generally WordPress return 405 response for GET request at /wp-comments-post.php
  • But after above setup, you should see Access Denied.
  • And, the URL should only load in the presence of special Query String 45jpfAY9RcNeFP that we added for preventing spam comments. You may change this query string to something else in all above configuration.
  • The source code will typically show wp-comments-post.php path but if you inspect element after scroll you will notice a query string added.

Result #1: No Spam

Result #2: Spammers getting blocked

Bonus tip to make default Comment System even better

  • By default WordPress commenting system doesn’t send follow-up e-mail to the Comment Author. To fix this issue, you can use Comment Reply Email Notification plugin by Arno Welzel.

Any question? Please ask at Gulshan Forum.

4 thoughts on “Now Forget about Spam Comment in WordPress”

Leave a Comment