Grow your CSS skills. Land your dream job.

Last updated on:

Spam Comments with Very Long URL’s

Super long URL's are a sure fire sign the comment is spammy. This will mark comments with URL's (as the author URL, not just in the text) longer than 50 characters as spam, otherwise leave their state the way it is.

<?php

  function rkv_url_spamcheck( $approved , $commentdata ) {
    return ( strlen( $commentdata['comment_author_url'] ) > 50 ) ? 'spam' : $approved;
  }

  add_filter( 'pre_comment_approved', 'rkv_url_spamcheck', 99, 2 );

?>

Reference URL

Comments

  1. Permalink to comment#

    The URL for this page is 74 characters long.

  2. Permalink to comment#

    Oh, only for the author URL – I see.

    I read “not just in the text” as “not only in the text”. My mistake – although I suspect other people might trip over this, too. Perhaps it would be clearer if you mentioned “author URLs” in the headline or the first sentence as well?

  3. Dave
    Permalink to comment#

    I’ve just found out that WordPress seems to accept a working script in a comment. This seems like a big no-no based on other things I’ve read about sanitizing user input before spitting it back out again. I’ll try it here and see if it works on your site too: alert(‘really?!?’).

    If your site it like mine, this page will now alert “really?!?” every time it is refreshed. On the other hand, if you have prevented this from happening, I’d hope to learn an effective approach to doing so on my site.

    If this little script does play here — and probably on millions of other WP sites — I’d sure love to hear your take on the safety of this.

    Thanks,

    Dave

    • Dave
      Permalink to comment#

      I see that your comment form has stripped out the script tags and just left the innocuous string as a part of the message. Very nice.

      I put a question about this on the WordPress.org support forum yesterday, and the response I got was “Try blocking the keywords usually used in scripts such as script, type, javascript, etc. in comment blacklist by going to your discussion settings (dashboard).” This didn’t seem particularly reassuring to me.

      Can you please give me a pointer the best way to tighten up the comments form on my site?

      Thanks again,

      Dave

Leave a Comment

Current day month ye@r *

*May or may not contain any actual "CSS" or "Tricks".