Reduce WordPress Spam By Creating Fake Comment Forms For Spam Bots

Tony Williams | Feb 16, 2007 | Comments

Top Tip: Click here to run a free scan for common PC errors

Last month I gave tips on how to eliminate WordPress Spam forever. Today I’ve got an ever better tip for reducing comment spam on WordPress blogs, but should also work on other sites with comment forms.

My friend Billy came up with a neat mod to trick these spam bots on my site, which is increasingly coming under attack. Most comment spam comes from spam bots that try to post comments to the first comment forms they see. So, what I’ve done on this blog is create a few fake forms that are placed in front of the real comment form, and are invisible to real readers. This means that the stupid spam bots try and post spam to these forms first, and never make it through to the real forms so I never see the spam!

To add fake comment forms to your site do the following:

Create the Fake forms

  • In your WordPress comments.php file look for the following lines:

    • <?php else : ?>
    <form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">

  • Directly inbetween these lines add the following:

    • <?php /* ===============================fake =======================================*/?>
    <div style="display:none;">
    <form action="<?php echo get_option('siteurl'); ?>/fakecommentform.php" method="post" id="commentform">
    <input type="text" name="author" id="author" value="" size="22" tabindex="1" />
    <input type="text" name="email" id="email" value="" size="22" tabindex="2" />
    <input type="text" name="url" id="url" value="" size="22" tabindex="3" />
    <textarea name="comment" cols="20%" rows="10" tabindex="4">1</textarea>
    <input name="submit" type="submit" id="submit" tabindex="5" value="Submit Comment" />
    <input type="hidden" name="comment_post_ID" value="<?php rand(2000,5000); ?>" />
    </form>
    </div>
    <div style="display:none;">
    <form action="<?php echo get_option('siteurl'); ?>/fakecommentform.php" method="post" id="commentform">
    <input type="text" name="author" id="author" value="" size="22" tabindex="1" />
    <input type="text" name="email" id="email" value="" size="22" tabindex="2" />
    <input type="text" name="url" id="url" value="" size="22" tabindex="3" />
    <textarea name="comment" cols="20%" rows="10" tabindex="4">1</textarea>
    <input name="submit" type="submit" id="submit" tabindex="5" value="Submit Comment" />
    <input type="hidden" name="comment_post_ID" value="<?php rand(2000,5000); ?>" />
    </form>
    </div>
    <?php /* ===============================fake end =======================================*/?>
    so that your comments.php now looks like this:
    <?php else : ?><?php /* ===============================fake =======================================*/?>
    <div style="display:none;">
    <form action="<?php echo get_option('siteurl'); ?>/fakecommentform.php" method="post" id="commentform">
    <input type="text" name="author" id="author" value="" size="22" tabindex="1" />
    <input type="text" name="email" id="email" value="" size="22" tabindex="2" />
    <input type="text" name="url" id="url" value="" size="22" tabindex="3" />
    <textarea name="comment" cols="20%" rows="10" tabindex="4">1</textarea>
    <input name="submit" type="submit" id="submit" tabindex="5" value="Submit Comment" />
    <input type="hidden" name="comment_post_ID" value="<?php rand(2000,5000); ?>" />
    </form>
    </div>
    <div style="display:none;">
    <form action="<?php echo get_option('siteurl'); ?>/fakecommentform.php" method="post" id="commentform">
    <input type="text" name="author" id="author" value="" size="22" tabindex="1" />
    <input type="text" name="email" id="email" value="" size="22" tabindex="2" />
    <input type="text" name="url" id="url" value="" size="22" tabindex="3" />
    <textarea name="comment" cols="20%" rows="10" tabindex="4">1</textarea>
    <input name="submit" type="submit" id="submit" tabindex="5" value="Submit Comment" />
    <input type="hidden" name="comment_post_ID" value="<?php rand(2000,5000); ?>" />
    </form>
    </div>
    <?php /* ===============================fake end =======================================*/?>
    <form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">

Continue Reading This Post:12


Read Related Posts

  1. Complete Guide To Eliminating Blog Spam Complete Guide To Eliminating Blog Spam
  2. How To Eliminate WordPress Spam Forever! How To Eliminate WordPress Spam Forever!
  3. Use A Language Filter To Reduce Gmail Spam Use A Language Filter To Reduce Gmail Spam
  4. How To Control Text Inside Search Forms How To Control Text Inside Search Forms



««
»»

Latest Posts

Filed Under: Using The Internet

Tags:

About the Author: Want to get more out of your PC, the internet or your mp3 player? Onetipaday.com is here to provide clear simple tips and guides to help you achieve just that. Each tip will be easy to implement and will take no more than 5 minutes to read and implement. What will you learn today?

  • Hi Tony,

    Most users usually have the wp-comments-post.php instead of wp-cpp.php
  • thanks will update now
  • Thats so simple, but so clever... I'm definitely going to try this... I've already reduced a lot of my spam by renaming the comments page, and blocking direct attempts to post to it with mod_security, but this should hopefully kill off those last few bots that do actually scan the page and try to find a comment form to post to.
  • let me know how you get on - so far it's working fine for me. If it works don't forget to show some love and digg ajay's submission.

    Now all I need to do is work out a way to stop trackback spam as that's all I'm getting now.....
  • billg
    Looks lke a good tactic, but it won't when the war.
    If this catches on, spammers will simply look for multiple forms and hit them all.

    We will be vulnerable to spam as long as we accept reader input via HTML forms.
  • let's keep it to ourselves for a while then ;-)
  • is this a real comment form?
  • the fake ones aren't visible to readers - only spam bots see them.

    That's the beauty of this mod
  • hehehe that is nifty.
  • What about users who use their own stylesheet (or don't use any at all) or a text browser?
    It's good if you use real forms
    (you can check names of passed variables and value of a submit button).

    There is other method, simple and truly transparent for users:

    1. Put in the form a commented out hidden field:
    <!-- -->
    If variable spam1 is passed to wp-comments-post.php, get rid of spam:

    2. Put in the form a hidden field:

    If variable spam2 isn't passed to wp-comments-post.php, get rid of spam:

    3. Check the value of the submit button. If it's different from the value in the comment form, get rid of spam:
blog comments powered by Disqus