Spam Comments with Very Long URL’s

Super long URL's are a sure fire sign the comment is spammy. This will mark comments with URL's (as the author URL, not just in the text) longer than 50 characters as spam, otherwise leave their state the way it is.


  function rkv_url_spamcheck( $approved , $commentdata ) {
    return ( strlen( $commentdata['comment_author_url'] ) > 50 ) ? 'spam' : $approved;

  add_filter( 'pre_comment_approved', 'rkv_url_spamcheck', 99, 2 );


Reference URL


  1. Micha
    Permalink to comment#

    The URL for this page is 74 characters long.

    • Chris Coyier
      Permalink to comment#

      So using this snippet, if a user were to leave it as their author URL in a comment, it would be marked as spam.

  2. Micha
    Permalink to comment#

    Oh, only for the author URL – I see.

    I read “not just in the text” as “not only in the text”. My mistake – although I suspect other people might trip over this, too. Perhaps it would be clearer if you mentioned “author URLs” in the headline or the first sentence as well?

  3. Dave
    Permalink to comment#

    I’ve just found out that WordPress seems to accept a working script in a comment. This seems like a big no-no based on other things I’ve read about sanitizing user input before spitting it back out again. I’ll try it here and see if it works on your site too: alert(‘really?!?’).

    If your site it like mine, this page will now alert “really?!?” every time it is refreshed. On the other hand, if you have prevented this from happening, I’d hope to learn an effective approach to doing so on my site.

    If this little script does play here — and probably on millions of other WP sites — I’d sure love to hear your take on the safety of this.



    • Dave
      Permalink to comment#

      I see that your comment form has stripped out the script tags and just left the innocuous string as a part of the message. Very nice.

      I put a question about this on the support forum yesterday, and the response I got was “Try blocking the keywords usually used in scripts such as script, type, javascript, etc. in comment blacklist by going to your discussion settings (dashboard).” This didn’t seem particularly reassuring to me.

      Can you please give me a pointer the best way to tighten up the comments form on my site?

      Thanks again,


  4. Fatih
    Permalink to comment#

    Actually, you can use Regex.
    First, you should use filter_var($url, FILTER_VALIDATE_URL) than regex. For regex you can try examples from

Leave a Comment

Posting Code

We highly encourage you to post problematic HTML/CSS/JavaScript over on CodePen and include the link in your post. It's much easier to see, understand, and help with when you do that.

Markdown is supported, so you can write inline code like `<div>this</div>` or multiline blocks of code in triple backtick fences like this:

  function example() {
    element.innerHTML = "<div>code</div>";

We have a pretty good* newsletter.