I would like to propose a slightly different fix that is purely client side and much simpler.
Here is my fix for this particular problem. I change the link using javascript. When the index.php page loads
in a _real_ browser, the link on the post page will change. The name of the real link should be unique. Here
I use an example which ideally everyone should change. Unless the spammer actually parse for this hac, they will
go to my “enable javascript please” page.
Since making this change I have had no spam, and I believe that this is a highly effective manner of using Javascript.
You must change the file wp-comments-post.php to a different name. Here I use wp-comments-nospamplease-post.php.
Then create a new file for the bogus post page. I created a file called wp-enable-javascript.php and
it instructs people to enable JS on their browsers.
Below are the file names and the changes I made to them, not including the change I just mentioned above.
wp-comments.php:
Change the post attribute to point to your bogus page.
Before:
—————-
<form action="<?php echo get_settings('siteurl'); ?>/wp-comments-nospamplease-post.php" method="post" id="commentform">
After:
—————-
<form action="<?php echo get_settings('siteurl'); ?>/wp-enable-javascript.php" method="post" id="commentform">
index.php:
Add the following Javascript code to the header
————————————————-
<head profile="https://gmpg.org/xfn/1">
<title><?php bloginfo('name'); ?><?php wp_title(); ?></title>
<SCRIPT language="JavaScript">
<!--
function changePostLink() {
var action = action="<?php echo get_settings('siteurl'); ?>/wp-comments-nospamplease-post.php";
var node = document.getElementById("commentform");
if ( node == null)
{
return;
}
node.setAttribute("action", action);
}
//-->
</SCRIPT>
And change the body tag to include the onLoad attribute:
——————————————————–
Before:
——–
<body>
After:
——
<body onload="changePostLink(); return true;">
