Blocking admin-ajax.php from outside domain

If the point of the file is to allow the website to asynchronously post data why would it even be allowed to be accessed directly, especially from an ip that is not the ip of the site itself? AJAX requests come from the user’s IP address, not the site’s, because an AJAX request is by … Read more

How to hide and disable URL and email fields from comments?

After further research I found some relevant functions. Keep in mind it’s probably better to separate these into different functions, and if your WordPress theme gives you any trouble, check this out. // disable url field function disable_comment_url($fields) { if(isset($fields[‘url’])) unset($fields[‘url’]); return $fields; } add_filter(‘comment_form_default_fields’, ‘disable_comment_url’); // disable email field function disable_comment_email($fields) { if(isset($fields[’email’])) unset($fields[’email’]); … Read more

Can admin-ajax.php be used for spam purposes? And if yes, how to prevent that?

This is why you use nonces. $.ajax({ type: “POST”, url: ‘/wp-admin/admin-ajax.php’, data: { action: ‘mail_function’, message: ‘test’, _nonce: <?php echo wp_create_nonce( ‘mail_function_’ . $post->ID ) ?>}, dataType: “html”, success: function(data) { } }); Then in your PHP function: function my_ajax_mailer() { if ( ! wp_verify_nonce( $_REQUEST[‘_nonce’], ‘mail_function_’ . $post->ID ) ) return; // send mail… … Read more

Simple comments spam solution

If you don’t want people filling website field, simply remove it from the form. Put this code in functions.php of your current theme: function wpse_remove_comment_url($fields) { unset($fields[‘url’]); return $fields; } add_filter(‘comment_form_default_fields’, ‘wpse_remove_comment_url’); It is more logical than showing the field and advising users against using it. UPDATE To not confuse users, and fool some bots, … Read more

comments are going to spam

You should not add http:// or wwww. to your Comment Moderation or Blacklist boxes. This will send all comments to a pending status, or WP removes them. If you want stuff to be blacklisted that contains a certain url, add a fully qualified domain name.

Adding a “Report the post” button/form?

To use the plugin in the question you linked to: Copy the code into notepad or an equivalent program Save the file using the extension .php (make sure your operating system has file endings turned on so it doesn’t save as filename.php.txt Put the file into a compressed (or zipped) folder. How you do this … Read more