Spam Comments with Very Long URL’s

Super long URL's are a sure fire sign the comment is spammy. This will mark comments with URL's (as the author URL, not just in the text) longer than 50 characters as spam, otherwise leave their state the way it is.

<?php

  function rkv_url_spamcheck( $approved , $commentdata ) {
    return ( strlen( $commentdata['comment_author_url'] ) > 50 ) ? 'spam' : $approved;
  }

  add_filter( 'pre_comment_approved', 'rkv_url_spamcheck', 99, 2 );

?>

Comments

  1. User Avatar
    Micha
    Permalink to comment#

    The URL for this page is 74 characters long.

    • User Avatar
      Chris Coyier
      Permalink to comment#

      So using this snippet, if a user were to leave it as their author URL in a comment, it would be marked as spam.

  2. User Avatar
    Micha
    Permalink to comment#

    Oh, only for the author URL – I see.

    I read “not just in the text” as “not only in the text”. My mistake – although I suspect other people might trip over this, too. Perhaps it would be clearer if you mentioned “author URLs” in the headline or the first sentence as well?

  3. User Avatar
    Dave
    Permalink to comment#

    I’ve just found out that WordPress seems to accept a working script in a comment. This seems like a big no-no based on other things I’ve read about sanitizing user input before spitting it back out again. I’ll try it here and see if it works on your site too: alert(‘really?!?’).

    If your site it like mine, this page will now alert “really?!?” every time it is refreshed. On the other hand, if you have prevented this from happening, I’d hope to learn an effective approach to doing so on my site.

    If this little script does play here — and probably on millions of other WP sites — I’d sure love to hear your take on the safety of this.

    Thanks,

    Dave

    • User Avatar
      Dave
      Permalink to comment#

      I see that your comment form has stripped out the script tags and just left the innocuous string as a part of the message. Very nice.

      I put a question about this on the WordPress.org support forum yesterday, and the response I got was “Try blocking the keywords usually used in scripts such as script, type, javascript, etc. in comment blacklist by going to your discussion settings (dashboard).” This didn’t seem particularly reassuring to me.

      Can you please give me a pointer the best way to tighten up the comments form on my site?

      Thanks again,

      Dave

  4. User Avatar
    Fatih
    Permalink to comment#

    Actually, you can use Regex.
    First, you should use filter_var($url, FILTER_VALIDATE_URL) than regex. For regex you can try examples from regexr.com

Submit a Comment

Posting Code

You may write comments in Markdown. This makes code easy to post, as you can write inline code like `<div>this</div>` or multiline blocks of code in triple backtick fences (```) with double new lines before and after.

Code of Conduct

Absolutely anyone is welcome to submit a comment here. But not all comments will be posted. Think of it like writing a letter to the editor. All submitted comments will be read, but not all published. Published comments will be on-topic, helpful, and further the discussion or debate.

Want to tell us something privately?

Feel free to use our contact form. That's a great place to let us know about typos or anything off-topic.

icon-closeicon-emailicon-linkicon-logo-staricon-menuicon-nav-guideicon-searchicon-staricon-tag