Discussion for non-logged-in users

  • Hi

    I changed the setting to only logged in users can comment but for some reason I keep getting spam comments from non-registered users.

    What am I missing?
    Thanks

Viewing 9 replies - 1 through 9 (of 9 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Please don’t bump your posts.

    First, upgrade to 3.1.4 if you can. Then try turning off your plugins. You may have one that’s causing the default WP behavior to not function correctly.

    Thread Starter emailaya

    (@emailaya)

    Thank you for your reply.

    That’s the thing. When I view a blog’s post while logged out, I get the “you need log in to leave a comment” so it does work, so I don’t understand how someone else/robot can leave a comment without registering and logging in

    Thanks

    That’s because bots inject data into the processor itself, it doesn’t submit it through the form you are using. It submits the data pretending it IS the form so it doesn’t have to be authenticated or go through the basic error checking. That is why you can remove text fields from the forms all together and bots can still post to them as if they still exist. It’s because WordPress was not built with that security in mind. There are plugins that prevent this but it should have been a built in security check since day one.

    Thread Starter emailaya

    (@emailaya)

    Thanks
    What plugin can you recommend to avoid that?

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Akismet, Cookies for Comments, and/or Bad Behavior. Between them, I rarely get any.

    Also, since you only want logged in users to comment, you could toss in a check for “Comment author must have a previously approved comment” – That will leave your regulars alone and only bug the newbies.

    Thread Starter emailaya

    (@emailaya)

    I’ll check out the 3 plugins you gave me, Akismet is no longer a freeware as I understand

    And the option of “must have a previously….” is already checked

    Thanks

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Akismet is no longer a freeware as I understand

    No no, still free ??

    If “must have a previous…” is checked, these guys shouldn’t be able to have their posts show up publicly, though they would still on the back end. Are they showing up on the front end?

    Thread Starter emailaya

    (@emailaya)

    How is it free? it is asking for a key or something to activate it, what am I missing?

    I checked another option that the admin must approve so I keep getting comments to approve but they are spam, I want to avoid it

    Thanks
    for now I’m using bad behavior… I’ll see how it goes

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    https://akismet.com/signup/

    Choose ‘Personal blog’ and set Yearly contribution to $0.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Discussion for non-logged-in users’ is closed to new replies.