Simple but Effective WordPress Spam Protection without Plugins

If you don’t use an antispam plugin, you probably have thousands of spam comments. Most of them left by spambots.

/2 comments

This screenshot from one of my blogs:

Spam comments by spambots

All this comments have appeared on the blog within only one month! But finally I found a great solution, which completely blocks all comments, left by spambots. Some benefits:

Step 1. Fake textarea in the comment form

At first, you should find out the way, how comment form is inserting to the page. Actually, there are two ways, first – HTML of the form is in the comments.php, the second way – the form is inserted by the comment_form() WordPress function.

If the comment form is in comments.php

All you need to do is to add another textarea input field after default comment textarea like this:

<textarea name="comment" id="comment"></textarea><!-- default textarea (it will be fake for bots) -->
<textarea name="just_another_id" id="just_another_id"></textarea><!-- you should add something like this -->

That’s all.

If the comment form is inserted by the comment_form() function

In this case you should use this action hook:

function add_non_fake_textarea_field( $default ) {
	$commenter = wp_get_current_commenter();
	$default['comment_notes_after'] .= 
	'<p class="comment-form-just_another_id">
	<label for="just_another_id">Comment:</label>
	<textarea id="just_another_id" name="just_another_id" cols="45" rows="8" aria-required="true"></textarea>
	</p>';
	return $default;
}
 
add_filter('comment_form_defaults', 'add_non_fake_textarea_field');

Insert this code into your functions.php located in the current theme directory.

Step 2. Hiding fake field via CSS

Open any post with the comment form in it. You will see two textarea fields. So, let’s hide one of them (it must be default textarea, because it will be «fake input» for spambots).

You can hide it any way you want. For example:

#comment{
	position:absolute;
	left:-9000px;
}

If you are not sure where to insert it – just add this code to your current theme style.css file.

Step 3. Blocking spam comments

Finally, the last step. This code will block any comment with filled default comment textarea. Spambots don’t know about «fake field» so they always fill default textarea with name="comment" or id="comment". And humans never fill it because it is invisible for them. Pretty simple, yes?

Add the following code to the functions.php file.

function block_spam_comments($commentdata) {
	$fake_textarea = trim($_POST['comment']);
	if(!empty($fake_textarea)) wp_die('Error!');
	$comment_content = trim($_POST['just_another_id']);
	$_POST['comment'] = $comment_content;	
	return $commentdata;
}
 
add_filter('pre_comment_on_post', 'block_spam_comments');

Why antispam stop working in WordPress 4.4 and how to fix it?

In WP 4.4 wp-comments-post.php that lays in your site directory has been changed, after that hook pre_comment_on_post fires too late and it can not replace fake comment field. There is another decision.

  1. In you site folder create a file, you can name it stopspam.php for example. This is the code for this file:
    <?php
    $fake = trim($_POST['comment']);
    if(!empty($fake))
    	exit;
    $_POST['comment'] = trim($_POST['just_another_id']);
     
    require( dirname(__FILE__) . '/wp-comments-post.php' );
  2. Change form action attribute to this file (stopspam.php). If you are using comment_form(), it will be simpler to do with JavaScript.

Related Posts

Misha Rudrastyh

Misha Rudrastyh

I love WordPress, WooCommerce and Gutenberg so much. 10 yrs of experience.

Need some custom developer help? Let me know

Follow Misha

Need some help with WordPress?

If you need some professional developer help, I will be happy to assist you.

Contact me Who I am?

Comments — 2

Leave a comment

php js HTML CSS Code