No More Comment Spam

in Customise Comments

Since moving my comments from Disqus back to native WordPress comments I was getting a lot of spam comments a couple every minute. I had the suggested plugins installed like Akismet.

Akismet is owned my automattic the same guys that make WordPress and it's the recommended plugin to use to solve any spam comment problems you might be facing. But even with this installed I was still getting spam comments all the time.

If I left this for a couple of days then the database would start to be filled with a lot of spam comments. I had to find a new solution on how to remove the spam comments from the WordPress site, as when using Disqus I wouldn't get any spam comments in my WordPress database.

Thinking about what disqus did that would made sure no spam comments can come through and this is using JavaScript to load disqus onto the page, making sure that any spam bots can't post the form as JavaScript isn't loaded by bots.

Therefore Why can't we use JavaScript with native WordPress comments and add a hidden field onto the form, then on posting the comment we check if this hidden field is posted, if it's not then we reject the comment.

Creating The Plugin

First we need to create a plugin that's going to add a JavaScript file to the page and another function to process the $_POST of the comment form.

<?php
/*
* Plugin Name: Paulund No More Comment Spam
* Plugin URI: https://paulund.co.uk
* Description: Remove comment spam from your WordPress site by checking for a JavaScript injected element
* Version: 1.0
* Author URI: https://paulund.co.uk
* License: GPL2
*/
class No_More_Comment_Spam
{
    /**
     * No_More_Comment_Spam constructor.
     * 
     * Add the scripts and preprocessor comment
     */
    public function __construct()
    {
        add_action('wp_enqueue_scripts', array($this, 'add_scripts'));
        add_action('preprocess_comment', array($this, 'check_for_element'));
    }

    /**
     * Add JS which will add the element to the page
     */
    public function add_scripts()
    {

    }

    /**
     * Check for the can comment element
     * 
     * @param $commentdata
     * @return mixed
     */
    public function check_for_element($commentdata)
    {

    }
}
new No_More_Comment_Spam();

As you can see in the constructor of the class we have 2 add_action() functions, one for wp_enqueue_scripts to add the JavaScript file and preprocess_comment to process the comment data from the comment form.

Add JavaScript File

/**
 * Add JS which will add the element to the page
 */
public function add_scripts()
{
    wp_enqueue_script('add-comment-spam-js', plugin_dir_url(__FILE__) . 'js/no-more-comment-spam.js', array('jquery'), false, true);
}

Now we can create the JavaScript file to add the form element to the page. For this we just check for the commentform ID in the HTML and then append a new input hidden type to the form with a value of 99999.

$j=jQuery.noConflict();

$j(document).ready(function()
{
    if($j('#commentform').length > 0)
    {
        $j('#commentform').append('<input type="hidden" id="can-comment" name="can-comment" value="99999" />');
    }
});

On the server side we need to check for this can-comment element and check the value is still the same and if it is then we allow the comment to go through.

Preprocess Comment

In this we need to check that the can-comment element exists if it does that we know the visitor had JavaScript on and is a real user and we can accept the comment. If the can-comment doesn't exist then the user could either be spam or not have JavaScript turned on.

/**
 * Check for the can comment element
 * 
 * @param $commentdata
 * @return mixed
 */
public function check_for_element($commentdata)
{
    if(!isset($_POST['can-comment'])) {
        wp_die('Are you spam?');
    }

    if(empty($_POST['can-comment']))
    {
        wp_die('Are you spam?');
    }

    if($_POST['can-comment'] != 99999)
    {
        wp_die('Are you spam?');
    }
        
    return $commentdata;
}

Since having this small plugin installed I've gone from getting a spam comment every minute to ZERO spam comments, nothing filling up my database with spam comments.

You can either create this same plugin for your WordPress sites or Paulund members can download this same plugin and just install it on your site.

Upgrade to access all content on Paulund

Members unlock all tutorials and snippets

Access to all downloadable content

Access to code examples before others

Sign Up Now

Already a member? Login here

Subscribe To Newsletter

Get weekly updates to your email