Protect your WordPress site/blog from comment spam trick
Categories: Wordpress
I got caught with this trick once so I decided to share this with other web masters who don’t know this already.
In WordPress the default settings for comments (Settings->Discussion) are set as the following:
So the requirements for a comment to appear are:
- Comment author must fill out name and e-mail.
- Comment author must have a previously approved comment .
This is all good until someone decides to be all nice about your site and make a true nice comment so you approve it and then becomes a spammer. Since you already approved one of his comments before so now he can post a spam comment with links everywhere without your permission.
This is how this trick works:
- Someone comes to your site and makes an honest nice comment about a post.
- You do the only reasonable thing to do which is to approve that comment.
- Now that the person has an approved comment, he meets both the criteria for a comment to appear without the webmaster having to approve it!
- He comes in and posts spam comments with links left right and center on your site!
To protect yourself from this, tick the “An administrator must always approve the comment” from the settings (Settings->Discussion).
#1 by Martin on December 3, 2008 - 11:41 am
Nice one! I need to change my comments settings.
#2 by tielty on December 10, 2008 - 10:05 am
Isn’t the link in the WordPress comment has rel=”nofollow” attached to it by default though?
#3 by Private Label Rights on September 1, 2009 - 9:08 pm
I love your posts! Please write more often if you can
#4 by Walte Call on November 15, 2009 - 11:10 am
Thanks a lot for very useful post. But I had trouble navigating through your web site because I kept getting 502 bad gateway error. Just thought to let you know.
#5 by splbkean on December 6, 2009 - 8:59 pm
Great list with some I missed, so thanks! (Hey that rhymed
)