SO网友:Frank P. Walentynowicz
分析
最常见的误解是,现代垃圾邮件发送者使用评论表单。他们根本不关心他们。他们直接发布评论数据,绕过表单处理,使用验证码、验证码等,将评论表单留给合法用户(人类)。在检测垃圾评论的过程中,有两名玩家参与其中——WordPress和一个补充插件。有了正确的设置,WordPress在捕获垃圾邮件方面相当成功,但无法捕获所有垃圾邮件。插件应该进一步完善流程。
解决方案
多年来,我在各种生产网站上实施了以下方法,使它们几乎没有垃圾邮件。你可能会怀疑,所以不要相信我的话,试试看,然后做出你自己的判断。
第1部分。WordPress中Settings -> Discussion
设置以下建议选项:
检查Allow people to post comments on new articles 盒
检查Comment author must fill out name and email 盒
检查Comment must be manually approved 盒
设置的值Hold a comment in the queue if it contains 至1
根据您的需要选择其他选项。
第2部分。必须使用插件创建文件fpw-antispam.php
, 使用下面的代码,并将其放置在/wp-content/mu-plugins
文件夹
<?php
/*
Plugin Name: FPW Anti Spam
Description: Handles spammed comments and disables comments trash
Plugin URI: http://fw2s.com/
Version: 0.1
Author: Frank P. Walentynowicz
Author URI: http://fw2s.com/
Copyright 2014 Frank P. Walentynowicz (email : frankpw@fw2s.com)
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License, version 2, as
published by the Free Software Foundation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
// prevent direct access
if (!defined(\'ABSPATH\'))
die(\'Direct access to this script is not allowed!\');
function fpwDeleteComment($commentID, $approved, $commentData) {
if(\'trash\' === $approved || \'spam\' === $approved) {
$requestedBy = (empty($commentData[\'comment_author_url\'])) ? \'WordPress\' : \'must use plugin\';
if(wp_delete_comment($commentID, true)) {
error_log("Comment ({$commentID}) has been PERMANENTLY DELETED by {$requestedBy}");
} else {
error_log("Comment ({$commentID}) - delete failed");
}
} else {
error_log("Comment ({$commentID}) - status: {$approved}");
}
}
add_action(\'comment_post\', \'fpwDeleteComment\', 100, 3);
function fpwDeleteTrashedComment($commentID, $commentObject) {
if(wp_delete_comment($commentID, true)) {
error_log("Comment ({$commentID}) has been TRASHED and PERMANENTLY DELETED");
} else {
error_log("Comment ({$commentID}) - delete failed");
}
}
add_action(\'comment_trash_\', \'fpwDeleteTrashedComment\', 100, 2);
function fpwCommentHandler($approved , $commentdata) {
return empty($commentdata[\'comment_author_url\']) ? $approved : \'trash\';
}
add_filter(\'pre_comment_approved\' , \'fpwCommentHandler\' , 100, 2);
Note: error_log
函数调用可以帮助您不受干扰地跟踪插件的进度。一旦你确信它能按预期工作,你就可以对这些电话进行评论。
第3部分。将以下行添加到style.css
当前主题:
p.comment-form-url { display: none }
这只会对用户隐藏作者的URL字段,这样用户就不会意外地填写此字段。请记住保持注释模板不变-不要删除此字段!
更新,因为它工作得很好,我甚至没有回头对上面的方法做任何更改。在发布我的答案后,我决定看看是否有任何改进。最终结果如下。
必须使用的插件被简化为一个过滤器,最重要的变化是,删除垃圾评论,而不访问数据库。
function fpwCommentHandler($approved , $commentdata) {
if (!empty($commentdata[\'comment_author_url\']) || \'spam\' == $approved || \'trash\' == $approved)
return new WP_Error( \'spam\', \'Comment spam detected!\');
return $approved;
}
add_filter(\'pre_comment_approved\' , \'fpwCommentHandler\' , 100, 2);
Note: 如果您觉得不舒服,可以按原样使用(不需要日志记录),您可以自己添加日志记录。我已经在我的生产网站上实现了这个新方法。