Web Hosting
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress fix WordPress allows adding comments when filters should block them

Discussion in 'Misc WordPress Requests' started by upabove, Nov 15, 2017.

  1. upabove


    WordPress allows adding comments when filters should block them, by upabove


    I’m owner of several websites. We have created simple plugin for ourselves which is showing comment form, but blocking adding comments.

    It’s working well when we try to add a comment under the post, using comment form. We use following actions and filters for this:

    add_action( 'plugins_loaded', array($this, 'ac_load_textdomain') );
    add_action( 'wp_head', array( $this, 'ac_process_comment' ) );
    add_action( 'comment_form_after_fields', array($this, 'ac_reconstruct_form') );

    // filters
    add_filter( 'comment_form_default_fields',array( $this, 'ac_disable_fields' ), 10, 2 );
    add_filter( 'comment_form_submit_button',array( $this, 'ac_reconstruct_submit_btn' ), 10, 2 );

    So settings of our websites are:

    • * Allow comments
    • * Allow comments without logging in
    • * Comment don’t need to be approved to be published

    And comments are still being blocked because of our plugin.

    BUT for some reason, some spam gets inside. It seems that some spam bots are able to add comment without using wordpress comment form.

    • * There is no way to add a comment by hacking plugin, I checked that
    • * Every website have different plugins, themes and theme authors, yet there is still universal way to publish comment without filling a comment form.

    Could you please tell me, how they are able to do that, so we could think about a way to block it? Is there some sort of CMS public API, which allows spammers to just post a comment without even opening website, when commenting is open?


    WordPress allows adding comments when filters should block them

Share This Page

Web Hosting