The Best Efficient Anti-Spam PHP Code Detection for WordPress


A wordpress blog can receive more than 100 spam comments (produced by spam robots) a day, which is annoying.

wordpress-spam The Best Efficient Anti-Spam PHP Code Detection for Wordpress php programming languages wordpress

wordpress-spam

Generally, these can be captured by plugins such as Akismet, however, these data are still preserved in database before they are pruned out manually or after expiry date.

LEONA provides a clever solution to prevent these spam comments even going to database in the first place. It is based on putting a hidden field in the form and set a value when the user presses a key (onkeyup). So if the values do no match, we think it is not submitted by human.

wordpress provides the preprocess_comment filter, so you can check the comments and exit the page using wp_die() earlier.

WP Official API says (https://codex.wordpress.org/Plugin_API/Filter_Reference/preprocess_comment), the $commentdata contains the following information:

1
2
3
4
5
6
7
'comment_post_ID'      - The post to which the comment will apply
   'comment_author'       - (may be empty)
   'comment_author_email' - (may be empty)
   'comment_author_url'   - (may be empty)
   'comment_content'      - The text of the proposed comment
   'comment_type'         - 'pingback', 'trackback', or empty for regular comments
   'user_ID'              - (empty if not logged in)
'comment_post_ID'      - The post to which the comment will apply
   'comment_author'       - (may be empty)
   'comment_author_email' - (may be empty)
   'comment_author_url'   - (may be empty)
   'comment_content'      - The text of the proposed comment
   'comment_type'         - 'pingback', 'trackback', or empty for regular comments
   'user_ID'              - (empty if not logged in)

We can then use this plugin to allow pingback/trackback (which I think it is useful) and get rid of the spam comments effectively.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
$leonax_magic_lower = 328;
$leonax_magic_upper = 3450709;
 
function leonax_anti_spam_form($fields){
    global $leonax_magic_lower, $leonax_magic_upper;
    $leonax_magic = mt_rand($leonax_magic_lower, $leonax_magic_upper);
    $fields['leonax_magic'] = <<<EOT
        <input type="hidden" id="leonax-magic" name="leonax-magic" value="0">
        <script type="text/javascript">
          jQuery(function() {
            jQuery("#comment").on("keyup", function() {
              jQuery("#leonax-magic").val("$leonax_magic");
            });
          })
        </script>
EOT;
    return $fields;
}
 
add_filter('comment_form_default_fields', 'leonax_anti_spam_form');
 
function leonax_anit_spam_caught() {
  wp_die('<strong>ERROR</strong>: Looks like you are a spam bot. Please stop doing this.');
}
 
function leonax_anti_spam_check( $commentdata ) {
  $comment_type = '';
  if ( isset($commentdata['comment_type']) ) {
    $comment_type = trim($commentdata['comment_type']);
  }   
  
 if ( ($comment_type == 'pingback') || ($comment_type == 'trackback') ) {
    return $commentdata;
  }
  $content = '';
  if ( isset($commentdata['comment_content']) ) {
    $content = trim($commentdata['comment_content']);
  }   
  if (!strlen($content)) {
    leonax_anit_spam_caught();
  }
  
  if (preg_match("/[a-e0-9]{25,}/i", $content)) { // To capture the strange IDs
    leonax_anit_spam_caught();  
  }
 
  global $leonax_magic_lower, $leonax_magic_upper;  
  
  if ( isset($commentdata['user_ID']) && $commentdata['user_ID'] ) { // Login-users are not bad
    return $commentdata;
  }
  
  if ( !isset($_POST['leonax-magic']) ) {
    leonax_anit_spam_caught();
  }
  $magic = intval($_POST['leonax-magic']);
  if ($magic < $leonax_magic_lower || $magic > $leonax_magic_upper) {
    leonax_anit_spam_caught();
  }
  return $commentdata;
}
 
add_filter( 'preprocess_comment' , 'leonax_anti_spam_check' );
$leonax_magic_lower = 328;
$leonax_magic_upper = 3450709;

function leonax_anti_spam_form($fields){
    global $leonax_magic_lower, $leonax_magic_upper;
    $leonax_magic = mt_rand($leonax_magic_lower, $leonax_magic_upper);
    $fields['leonax_magic'] = <<<EOT
        <input type="hidden" id="leonax-magic" name="leonax-magic" value="0">
        <script type="text/javascript">
          jQuery(function() {
            jQuery("#comment").on("keyup", function() {
              jQuery("#leonax-magic").val("$leonax_magic");
            });
          })
        </script>
EOT;
    return $fields;
}
 
add_filter('comment_form_default_fields', 'leonax_anti_spam_form');

function leonax_anit_spam_caught() {
  wp_die('<strong>ERROR</strong>: Looks like you are a spam bot. Please stop doing this.');
}
 
function leonax_anti_spam_check( $commentdata ) {
  $comment_type = '';
  if ( isset($commentdata['comment_type']) ) {
    $comment_type = trim($commentdata['comment_type']);
  }   
  
 if ( ($comment_type == 'pingback') || ($comment_type == 'trackback') ) {
    return $commentdata;
  }
  $content = '';
  if ( isset($commentdata['comment_content']) ) {
    $content = trim($commentdata['comment_content']);
  }   
  if (!strlen($content)) {
    leonax_anit_spam_caught();
  }
  
  if (preg_match("/[a-e0-9]{25,}/i", $content)) { // To capture the strange IDs
    leonax_anit_spam_caught();  
  }

  global $leonax_magic_lower, $leonax_magic_upper;  
  
  if ( isset($commentdata['user_ID']) && $commentdata['user_ID'] ) { // Login-users are not bad
    return $commentdata;
  }
  
  if ( !isset($_POST['leonax-magic']) ) {
    leonax_anit_spam_caught();
  }
  $magic = intval($_POST['leonax-magic']);
  if ($magic < $leonax_magic_lower || $magic > $leonax_magic_upper) {
    leonax_anit_spam_caught();
  }
  return $commentdata;
}
 
add_filter( 'preprocess_comment' , 'leonax_anti_spam_check' );

If we test the function/filter by entering the strange IDs on purpose, we will get the following (and the comment is not entered into the awaiting-area).

Note: Put the above code at the end of functions.php template (or child theme).

wordpress-spam-detect The Best Efficient Anti-Spam PHP Code Detection for Wordpress php programming languages wordpress

wordpress-spam-detect

It works like a magic!

–EOF (The Ultimate Computing & Technology Blog) —

GD Star Rating
loading...
641 words
Last Post: Benefits of JIT Compilation
Next Post: Two Linux API added: uptime and cal

The Permanent URL is: The Best Efficient Anti-Spam PHP Code Detection for WordPress

Leave a Reply