Easy Way for Comment Spam to Bypass the WordPress Moderation Queue

December 19, 2011 — Tags: , | 0 Comments

Did you know that spammers could bypass the WordPress comment moderation feature? If your blog is set to automatically post comments from visitors who have previously approved comments, you could be at risk. However, there is a quick fix to the issue.

WordPress screenshot showing comment moderation optionsFor those of us who run a blog or manage a website, there's a good chance that we've seen form spam before…and probably boat loads of it. There are options for limiting the amount of spam, such as installing a CAPTCHA or some other user test. But nothing is 100% effective. In the end, if we can prevent our customers from seeing that spam, we're in good shape.

The benefit of blogging software, like WordPress, is we are given the capability to moderate comments sent through the website. If everything checks out, we just need to click a button to approve it. A problem with moderating comments, however, is the delay. Even if we're constantly monitoring the blog, there is still going to be some kind of delay before the comments go live for everyone to see.

To mitigate the delay, WordPress gives us an option to automatically go live with comments from anyone who has had comments approved in the past. For example, if Sally Somebody leaves a comment and it's approved, all future comments from Sally will be automatically posted to the website.

Having WordPress automatically approve comments is an excellent feature, especially when there is a lot of back and forth between visitors to the blog. The downside is that all a spammer needs to do is figure out the e-mail address and name of someone who posted comments. There is no IP address check or anything extra being done to make sure they are the same person.

There are probably other ways to deal with this issue, but if we're looking for quick solution, we can require that all comments be moderated by the following steps:

  • Log into the admin area for the blog
  • Click Settings
  • Click Discussion (see Figure 1)
  • Check the box which says "An administrator must always approve the comment" (see Figure 2)
  • Click Save Changes
WordPress screenshot showing the Discussion menu option
Figure 1. Discussion Menu Option
WordPress screenshot showing the checkbox option to prevent comments from being auto-approved
Figure 2. Checkbox Option to Prevent Auto-Approve

Conclusion

Disabling the auto-approve feature in WordPress may not beneficial for everyone. For example, if you receive hundreds or thousands of comments per day, manually approving those comments may be too much hassle. But if spammers are overwhelming the comments feed by pretending to be one of your regular visitors, you have another option for stopping them.

If you know of other ways to prevent this issue, I would love to hear your feedback in the comments section below. For example, maybe there's a plugin that forces WordPress to validate the visitor's IP address against their previous comments…

Previous Post:

Next Post:

0 Comments

There are currently no comments.

Leave a Comment


Warning: Undefined variable $user_ID in /home/cyberscorp/webdev.cyberscorpion.com/wp-content/themes/scorpbytes/comments.php on line 72