WordPress防御垃圾评论

淮城一只猫 · · 636次浏览 ·

前言

有时候早上起来一看WordPress后台,发现一堆评论,美滋滋的想着很热闹嘛,结果一看,全是垃圾评论。这对于博主以及访客来讲,这是一个很差的体验。

解决

那么,对于国内WordPress垃圾评论解决方法有很多: 第一个就是用WordPress默认自带的防垃圾评论Akismet,说实话这个插件的确是首选,效果很好,但使用过程中发现它写入很多数据库,并且占用很大的机器资源,导致网站日渐卡顿,这不行,不存在的,所以这个不考虑。 第二个是滑动或者是解锁评论的插件,说实话这个比起上面或者是下面那几个方法好多了,也没说好说的。 第三个就是验证码插件,所谓的验证码插件就是大家见到的输入验证码才能进入下一步操作,在用户体验上面来说,这是最差的体验,比起其他方法要动的地方多得多,故不考虑。 第四个方法就是现在绝大部分网站所用到的Some Chinese Please!他的简介是这样说的:这是为用为中文写作的朋友准备的一款防御spam插件。<br></br> 它可以有效地拦截内容中不带有中文字的comment和trackback(pingback),不写入数据库中,可有效地减小spam对blog服务器的无谓使用。

从简介来看对于国内的环境的确很完美,但唯一的区别就是歪果仁如果想评论的话…可能会炸的。 对于以上总结这么多的,要么自增一个选项,要么修改评论机制,都不是合适我的胃口。

方案

2018.05.19已更新

新建PHP文件,并且引入

<?php
if ( ! defined( 'ABSPATH' ) ) { // prevent full path disclosure
    exit;
}

spicy_send_spam_comment_to_admin = false; // 开启则会将垃圾评论发到管理员邮箱 spicy_log_spam_comment = false; // 开启则会记录log文件than rejected spam comments will be logged to wp-content/plugins/anti-spam/log/anti-spam-2015-11.log
spicy_allow_trackbacks = false; // i开启则会允许使用trackbacks  spicy_settings = array(
    'send_spam_comment_to_admin' => spicy_send_spam_comment_to_admin,     'allow_trackbacks' => spicy_allow_trackbacks,
    'admin_email' => get_option('admin_email'),
    'log_spam_comment' => spicy_log_spam_comment );  /**  * 仅为具有评论表单的页面加载脚本 修改脚本地址  */ function spicy_enqueue_script() {     global withcomments; // WP所有页面上显示评论
    if ((is_singular() || withcomments) && comments_open()) { //          wp_enqueue_script('anti-spam-script', get_template_directory_uri() .'/assets/javascript/spam.min.js', null, MATERIAL_VERSION, true);     } } add_action('wp_enqueue_scripts', 'spicy_enqueue_script');  function spicy_form_part() {     global spicy_settings;
    rn = "\r\n"; // .chr(13).chr(10)      if ( ! is_user_logged_in()) { // add anti-spam fields only for not logged in users         echo '

'.
rn; // question (hidden with js) echo ' <p class="antispam-group antispam-group-e" style="display: none;"> <label>Leave this field empty</label> <input type="text" name="antspm-e-email-url-website" class="antispam-control antispam-control-e" value="" autocomplete="off" /> </p>'.rn; // empty field (hidden with css); trap for spammers because many bots will try to put email or url here } } add_action('comment_form', 'spicy_form_part'); // add anti-spam inputs to the comment form function spicy_check_comment(commentdata) { global spicy_settings; rn = "\r\n"; // .chr(13).chr(10) extract(commentdata); spicy_pre_error_message = '<p><strong><a href="javascript:window.history.back()">Go back</a></strong> and try again.</p>'; spicy_error_message = ''; if ((spicy_settings['send_spam_comment_to_admin']) || (spicy_settings['log_spam_comment'])) { // if sending email to admin is enabled or loging post = get_post(comment->comment_post_ID); spicy_message_spam_info = 'Spam for post: "'.post->post_title.'"' . rn; spicy_message_spam_info .= get_permalink(comment->comment_post_ID) . rn.rn; spicy_message_spam_info .= 'IP: ' . _SERVER['REMOTE_ADDR'] . rn; spicy_message_spam_info .= 'User agent: ' . _SERVER['HTTP_USER_AGENT'] . rn; spicy_message_spam_info .= 'Referer: ' . _SERVER['HTTP_REFERER'] . rn.rn; spicy_message_spam_info .= 'Comment data:'.rn; // lets see what comment data spammers try to submit foreach (commentdata as key => value) { spicy_message_spam_info .= 'commentdata['.key. '] = '.value.rn; } spicy_message_spam_info .= rn.rn; spicy_message_spam_info .= 'Post vars:'.rn; // lets see what post vars spammers try to submit foreach (_POST as key => value) { spicy_message_spam_info .= '_POST['.key. '] = '.value.rn; } spicy_message_spam_info .= rn.rn; spicy_message_spam_info .= 'Cookie vars:'.rn; // lets see what cookie vars spammers try to submit foreach (_COOKIE as key => value) { spicy_message_spam_info .= '_COOKIE['.key. '] = '.value.rn; } spicy_message_spam_info .= rn.rn; spicy_message_append = '-----------------------------'.rn; spicy_message_append .= 'This is spam comment rejected by Anti-spam plugin - wordpress.org/plugins/anti-spam/' . rn; spicy_message_append .= 'You may edit "anti-spam.php" file and disable this notification.' . rn; spicy_message_append .= 'You should find "spicy_send_spam_comment_to_admin" and make it equal to "false".' . rn; } if ( ! is_user_logged_in() && comment_type != 'pingback' && comment_type != 'trackback') { // logged in user is not a spammer spam_flag = false; antspm_q = ''; if (isset(_POST['antspm-q'])) { antspm_q = trim(_POST['antspm-q']); } antspm_d = ''; if (isset(_POST['antspm-d'])) { antspm_d = trim(_POST['antspm-d']); } antspm_e = ''; if (isset(_POST['antspm-e-email-url-website'])) { antspm_e = trim(_POST['antspm-e-email-url-website']); } if ( antspm_q != date('Y') ) { // year-answer is wrong - it is spam if ( antspm_d != date('Y') ) { // extra js-only check: there is no js added input - it is spam spam_flag = true; if (empty(antspm_q)) { // empty answer - it is spam spicy_error_message .= 'Error: empty answer. ['.esc_attr( antspm_q ).']
'.
rn; } else { spicy_error_message .= 'Error: answer is wrong. ['.esc_attr( antspm_q ).']<br> '.rn; } } } if ( ! empty(antspm_e)) { // trap field is not empty - it is spam spam_flag = true; spicy_error_message .= 'Error: field should be empty. ['.esc_attr( antspm_e ).']
'.
rn; } if (spam_flag) { // it is spam spicy_error_message .= '<strong>Comment was blocked because it is spam.</strong><br> '; if (spicy_settings['send_spam_comment_to_admin']) { spicy_subject = 'Spam comment on site ['.get_bloginfo('name').']'; // email subject spicy_message = ''; spicy_message .= spicy_error_message . rn.rn; spicy_message .= spicy_message_spam_info; // spam comment, post, cookie and other data spicy_message .= spicy_message_append; @wp_mail(spicy_settings['admin_email'], spicy_subject, spicy_message); // send spam comment to admin email } if (spicy_settings['log_spam_comment']) { spicy_message = rn.rn.'========== ========== =========='.rn.rn; spicy_message .= spicy_error_message . rn.rn; spicy_message .= spicy_message_spam_info; // spam comment, post, cookie and other data } wp_die( spicy_pre_error_message . spicy_error_message ); // die - do not send comment and show errors } } if ( ! spicy_settings['allow_trackbacks']) { // if trackbacks are blocked (pingbacks are alowed) if (comment_type == 'trackback') { // if trackbacks ( || comment_type == 'pingback') spicy_error_message .= 'Error: trackbacks are disabled.<br> '; if (spicy_settings['send_spam_comment_to_admin']) { // if sending email to admin is enabled spicy_subject = 'Spam trackback on site ['.get_bloginfo('name').']'; // email subject spicy_message = ''; spicy_message .= spicy_error_message . rn.rn; spicy_message .= spicy_message_spam_info; // spam comment, post, cookie and other data spicy_message .= spicy_message_append; @wp_mail(spicy_settings['admin_email'], spicy_subject, spicy_message); // send trackback comment to admin email } wp_die(spicy_pre_error_message . spicy_error_message); // die - do not send trackback } } return $commentdata; // if comment does not looks like spam } if ( ! is_admin()) { add_filter('preprocess_comment', 'spicy_check_comment', 1); }

spam.js填写:

(function () {
    function a() {
        var d, b, g, f = "", e = new Date().getFullYear(), h;
        g = document.querySelectorAll(".antispam-group");
        b = g.length;
        for (d = 0; d < b; d++) {
            g[d].style.display = "none"
        }
        g = document.querySelectorAll(".antispam-control-a");
        if ((g) && (g.length > 0)) {
            f = g[0].value
        }
        g = document.querySelectorAll(".antispam-control-q");
        b = g.length;
        for (d = 0; d < b; d++) {
            g[d].value = f
        }
        g = document.querySelectorAll(".antispam-control-e");
        b = g.length;
        for (d = 0; d < b; d++) {
            g[d].value = ""
        }
        h = document.createElement("input");
        h.setAttribute("type", "hidden");
        h.setAttribute("name", "antspm-d");
        h.setAttribute("class", "antispam-control antispam-control-d");
        h.setAttribute("value", e);
        g = document.querySelectorAll("form");
        b = g.length;
        for (d = 0; d < b; d++) {
            if ((g[d].id === "comments") || (g[d].id === "respond") || (g[d].id === "commentform")) {
                var c = g[d].className.indexOf("anti-spam-form-processed");
                if (c === -1) {
                    g[d].appendChild(h);
                    g[d].className = g[d].className + " anti-spam-form-processed"
                }
            }
        }
    }

    if (document.addEventListener) {
        document.addEventListener("DOMContentLoaded", a, false)
    }
    setTimeout(function () {
        a()
    }, 1000)
})();

本博客所有内容采用 知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议 进行许可

转载文章请注明:WordPress防御垃圾评论 - https://iiong.com/wordpress-spam-comment.html

分类: 奇淫技巧

淮城一只猫

永远年轻,永远热泪盈眶

7 个评论

4Rou · 2017年12月24日 - 下午4:56

Google的那个人机验证也挺好玩的,好些国外网站用的是这个

跨境电商平台 · 2017年11月14日 - 上午4:41

这个必须学习收藏,多谢了

后宫学长 · 2017年11月13日 - 下午11:17

在测试站尝试了下,代码是生效了,但是在提交的时候提示没有填写昵称和邮箱……
但是肯定是填写了的。

    淮城一只猫 · 2017年11月15日 - 上午10:49

    的确是,代码版本老了,我已经更新了

      后宫学长 · 2017年11月15日 - 下午10:29

      你好!很高兴你及时更新了!不过用在我现用的主题上会导致WP 500,比老代码要严重呢,如果有需要我可以提供VPS Admin……
      另外不得不说,您的编辑器很好用,让我用WP又多了一个理由呢……

    JIUCAIJIUCAI · 2017年12月19日 - 上午5:29

    好东西谢谢~~~~~~

    JIUCAIJIUCAI · 2017年12月19日 - 上午9:34

    新手,准备着手这个。。。

发表评论

电子邮件地址不会被公开。 必填项已用*标注

我不是机器人*