Todd Lahman

The changes you are making are causing the password issue. The wrong placement of a single or double quote could disable another part of code if you aren’t careful when making these types of modifications. The variable called $sfw_comment_form_password_var is what you have disabled in this case. You need $sfw_comment_form_password_var to fetch the password, and of course you can’t submit a test comment with no password because the plugin will work regardless.

The fix is to start again with the original code in the tl_spam_free_wordpress_comments_form function, then either try the modifications, or just leave them unmodified.

You’re welcome.

Activate Spam Free WordPress. Deactivate Akismet. Make sure the line of code above is saved to the comments.php file. Dump the blog cache under wp-content.

Below this line:

<p><input type="text" name="url" id="url" value="<?php echo $comment_author_url; ?>" size="22" tabindex="3" />

Insert this line:

<?php if(function_exists ('tl_spam_free_wordpress_comments_form')) { tl_spam_free_wordpress_comments_form(); } ?>

Glad to see it’s working. ??

Can you provide a link to a page where I can see the comment form?

My first thought is to dump the cache on the server, and to dump the cache in the web browser, then view the comment form again.

Comment validation is all or nothing. Either the correct password is used, or it is considered spam. Anyone who types in the incorrect password gets an error message to go back and try again, and when they do their message is still there, so they are only left to type in, or copy and paste, the correct password in to submit their message. Allowing comments that don’t type in the correct password to still store their message in the database would defeat the entire purpose of a spam blocking plugin. This is anonymous password authentication, not a filter, so an incorrect password is considered an invalid and unauthorized login attempt.

The field that contains the password has no html identification, making it very difficult to find it in the form with a script. Although this approach has so far eliminated any script from bypassing the Spam Free WordPress security, there are new strategies that will be implemented in the upcoming version.

Go to https://www.toddlahman.com/spam-free-wordpress/ and leave a message with your correct email in the comment form with a comment, and I will contact you to get the file since Photocrati is a paid theme, and I cannot test it.

Is your problem with the comment form now resolved rfinklestein? If not I can offer an alternative solution if you provide me with a link to your blog where I can view the comment form.

This is true. The message form information is stored temporarily in the browser, and clicking the back button should provide a new password with the comment intact and ready to resubmit, although there could be instances where this does not occur as expected. To date on high volume blogs I’ve tested on, this has not been a problem, but it could be in some rare situations.

I am working through several options for a future version that will eliminate this issue, which is likely to only occur on very high traffic blogs that experience unusually large volumes of comments that average blogs do not experience.

The difficulty solving this problem relates to server performance in generating a new password for each visitor, rather than only when a new comment is posted. Generating a new password for each visitor becomes an exponential problem as the load goes up. Generating a password only when a new comment is posted is the current approach, and causes no noticeable server impact. The idea is to minimize the server impact to negligible when implementing password generation for each visitor, so it will work on high traffic and low traffic blogs alike without noticeable impact. I am currently testing several strategies before this feature is rolled out in a future release.

In testing Thematic 0.9.7.7 all that needs to be done is to activate Spam Free WordPress, and the password will show up on the comment form.

Thank you squidz.

I already added it to the plugin page at https://www.toddlahman.com/spam-free-wordpress/, but you are right, I should also update the information at www.ads-software.com. Thank you for the suggestion.

I tested Spam Free WordPress on the Genesis Theme Framework version 1.7.1 by StudioPress, and it works automatically after the plugin is activated. Afterwards, the options under Settings -> Spam Free WordPress can be configured to your preferences.

I am researching a solution right now. It would help if I had a copy of Genesis to test my solution on.

Although Spam Free WordPress is designed to work in WordPress versions 2.8 and 2.9, there does appear to be a problem on your system that could be related to something custom that was done to WordPress. I didn’t have any problems in my testing on those versions of WordPress. The next release of Spam Free WordPress will require a minimum of WordPress 3.0.

Right now WordPress 2.9.1 is the version you are running. I suggest upgrading to the latest version of WordPress, which is version 3.2.1, then follow the installation directions for WordPress 3.0 and Above on this page https://www.ads-software.com/extend/plugins/spam-free-wordpress/installation/

Let me know when the upgrade and changes to the comment form are complete, so I can take a look at the comment form on your blog again.