Comment Spam Solution, for now…

at 10:25 ... ob: meta

I've added a simple addition problem as an attempt to thwart comment spammers. Initial code from jeff barr, mods by agrippa_cash at nuke tibet, final code with additional minor mods, below. You will likely have to edit this code to fix quotes (") and possibly other characters mangled in rendering. It boggles my mind that posting code to the web is such a royal pain in the ass [ edit: It is wordpress’s default texturize feature that was causing me trouble with the quotes. Apparently toggled in wp-includes/vars.php or using remove_filter() in myhacks.php . ]

Add to wp-comments.php, wp-comments-popup.php. Modify tabindex fields accordingly:

<input type="hidden" name="factor1" value="<?php srand((double)microtime()*1000); $factor1 = rand(1,9); echo $factor1;?>"/>
<input type="hidden" name="factor2" value="<?php $factor2 = rand(0,9); echo $factor2;?>"/>
<label for="spam"><?php _e("Add 'em up: <b>"); echo $factor1 . " + " . $factor2 ."= ";?></></label>
<input type="text" name="spam" id="spam" value="<?php echo $comment_spam; ?>" tabindex="5">

Add to wp-comments-post.php:

if ($_POST['factor2'] != $_POST['spam'])
die( __('<h1>Sorry, you must correctly answer the problem to post a comment.</h1><h2>Please take off your shoes and try again.</h2>(This is a SPAM elimination measure)'));

19 Responses to “Comment Spam Solution, for now…”

  1. null Says:

    Brings back memories of the old “stealth bomber” game on the Apple ][.
    You had to do some quick additions to get fuel and guns, and quick multiplications to upgrade.. then you got to fly and play.

  2. Anonymous Says:

    This is a test piece of html code.

  3. null Says:

    This is a “quoted” string
    And so is "this"
    And this is “whack”

  4. null Says:

    it’s wordpress that ‘fancy-quoted’ the above strings..
    the first line used the ascii char: ”
    the next line used &quot;
    the last line used the ascii char: ” and some other char: ”

  5. me Says:

    Yeah, it is all this engine ‘texturize’ one of a few that can be used, but the one that is default — and is not obviously disabled… working on it though ;).. i want what i type. let the browser on the other end ‘texturize’ it if it is so important.

  6. Jeff Barr Says:

    This is cool, but your second chunk of code was mangled in the post. You want something like:

    if ($_POST[‘factor2’] != $_POST[‘spam’])

  7. mike Says:

    Thanks jeff, should be fixed.

  8. Ampersand Says:

    I cut-and-pasted just as described, but couldn’t get it to work… even when I put in the correct answer, it wouldn’t accept comments. Very frustrating!

    Your spamblocker is elegant as heck, so if you have any idea what I’m doing wrong, I’d love to know.

  9. Ampersand Says:

    Got it working now – thanks to the person who sent me instructions!

  10. wolfangel Says:

    It seems to not be working (or, specifically, I seem to have screwed up). Initially I couldn’t post any comments. Then I switched to if ($_POST[’factor2’] != $_POST[’spam’]) in my comments-post file, and now it lets me post ignoring the add em up box altogether. Incidentally, you’ve got an open bold starting right at “add ’em up”.

  11. Moebius Stripper Says:

    I love this idea, but alas, I too cannot get it to work. I copy-pasted the first block right before the code for the “say it button”; the code for wp-comments-post.php, I pasted right before the “simple flood protection” part. Any suggestions? I am sorry for not being more specific, but I am no php expert by any means.

  12. Moebius Stripper Says:

    Sorry – the error is that it won’t let me post anything, even if I add the numbers correctly.

  13. wolfangel Says:

    You can fix it so that it ignores the add ’em up box by changing the line as in comment 6.

  14. herext Says:

    Here are links to my functioning wp-comments.php and wp-comments-post.php. Hope this helps.

  15. Moebius Stripper Says:

    It works – thank you!

  16. Tall, Dark, and Mysterious Says:

    Now with 99% less spam.
    Via Alas, a blog, I’ve installed a new comment spam blocking feature. Comments are still moderated – for some reason I can’t turn comment moderation off – but hopefully, now I won’t have to clear dozens of spam comments from the moderation queue ev…

  17. wolfangel Says:

    I even compared my php to yours, and the moderation is totally non-functional now. I have no idea why — I’m sure it’s something obvious, but I know zero PHP.

  18. mike Says:

    anyone reading this old thread should check out the recently released askimet (included in wordpress 2.0) best of luck.

  19. blah Says:


Leave a Reply