WordPress comment preprocessor

  • I’m writing a script that will filter all comments including the email address, IP and comment text. If any of these match a list that I have generated the comment will not be allowed to be posted (not even as pending approval). The comment will go to never never land; I don’t want this stuff clogging up the database in spam or trash.

    The questions:

    Which wordpress file do I need to be editing in order to trap any comments being submitted? ~/wp-comments-post.php ?

    What wordpress function can I use to grab the post attempt and dump each into variables I can use? Something like:

    $email = $_POST[’email’];
    $ip = $_POST[‘ip_addr’];
    $comment = $_POST[‘ecomment’];

    Once I have the email, IP, comment in hand, I should be able to process the data using my script.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter koniahin

    (@koniahin)

    I figured out some of this:

    $ip = getenv(“REMOTE_ADDR”);
    $author = $_POST[‘author’];
    $email = $_POST[’email’];
    $comment = $_POST[‘comment’];
    $url = $_POST[‘url’];

    This should get me the basic information needed to filter a comment.

    there is a related action 'wp_blacklist_check' which is used within /wp-includes/comment.php

    the function code starts with:

    /**
 * Does comment contain blacklisted characters or words.
 *
 * @since 1.5.0
 *
 * @param string $author The author of the comment
 * @param string $email The email of the comment
 * @param string $url The url used in the comment
 * @param string $comment The comment content
 * @param string $user_ip The comment author IP address
 * @param string $user_agent The author's browser user agent
 * @return bool True if comment contains blacklisted content, false if comment does not
 */
function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_agent) {
	/**
	 * Fires before the comment is tested for blacklisted characters or words.
	 *
	 * @since 1.5.0
	 *
	 * @param string $author     Comment author.
	 * @param string $email      Comment author's email.
	 * @param string $url        Comment author's URL.
	 * @param string $comment    Comment content.
	 * @param string $user_ip    Comment author's IP address.
	 * @param string $user_agent Comment author's browser user agent.
	 */
	do_action( 'wp_blacklist_check', $author, $email, $url, $comment, $user_ip, $user_agent );

    etc…

    Thread Starter koniahin

    (@koniahin)

    I ran a couple simple tests and this looks like it will do.

    Related question – one thing that spammers/spambots do is to try to post directly to a php script and bypass the public form, captcha, etc.

    Any advice on how to prevent/catch those if that is still possible with the latest wordpress?

    Moderator bcworkz

    (@bcworkz)

    Good question. You will want to verify that the URL in $_SERVER['HTTP_REFERER'] is from your own domain. What to do if there is not a match is widely variable. This would suffice:
    wp_die('Cheatin’ uh?');

    Thread Starter koniahin

    (@koniahin)

    Thanks to both of you for the pointers. Something always comes up, but I have the preprocessor script running and it looks good, does not require akismet or any other 3rd party program.

    Historically I’ve noticed that the spammers mostly use 2 domains in their email, gmail.com and sina.com. It appears that about 75-80% of spammers use @gmail.com and 10% or so, sina.com. I found an email validator, smtp_validateEmail.class.php, but haven’t figured out how to get it to work yet. If I can get this validator working then this will put a serious dent in the floodgates as well.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘WordPress comment preprocessor’ is closed to new replies.

Tags