The code you’ve provided does remove the website URL field from the comment form. However, bots can still directly POST to the wp-comments-post.php file with a URL included. To prevent this, you can remove the URL from the submitted data before it’s saved to the database. You can achieve this using the preprocess_comment filter. Add … Read more
If the point of the file is to allow the website to asynchronously post data why would it even be allowed to be accessed directly, especially from an ip that is not the ip of the site itself? AJAX requests come from the user’s IP address, not the site’s, because an AJAX request is by … Read more
After further research I found some relevant functions. Keep in mind it’s probably better to separate these into different functions, and if your WordPress theme gives you any trouble, check this out. // disable url field function disable_comment_url($fields) { if(isset($fields[‘url’])) unset($fields[‘url’]); return $fields; } add_filter(‘comment_form_default_fields’, ‘disable_comment_url’); // disable email field function disable_comment_email($fields) { if(isset($fields[’email’])) unset($fields[’email’]); … Read more
This is why you use nonces. $.ajax({ type: “POST”, url: ‘/wp-admin/admin-ajax.php’, data: { action: ‘mail_function’, message: ‘test’, _nonce: <?php echo wp_create_nonce( ‘mail_function_’ . $post->ID ) ?>}, dataType: “html”, success: function(data) { } }); Then in your PHP function: function my_ajax_mailer() { if ( ! wp_verify_nonce( $_REQUEST[‘_nonce’], ‘mail_function_’ . $post->ID ) ) return; // send mail… … Read more
If you don’t want people filling website field, simply remove it from the form. Put this code in functions.php of your current theme: function wpse_remove_comment_url($fields) { unset($fields[‘url’]); return $fields; } add_filter(‘comment_form_default_fields’, ‘wpse_remove_comment_url’); It is more logical than showing the field and advising users against using it. UPDATE To not confuse users, and fool some bots, … Read more
Please refer below link. It will may help you. https://gist.github.com/davejamesmiller/1966437
Contact Form 7 has support for Akismet, and reCaptcha; check the docs. Hidden fields are not useful, IMHO; they are still visible in the page source to a ‘scraper’. (Neither are ‘questions’ and some other techniques.) The only useful thing that I have found is to add some Javascript to the form that senses human … Read more
You should not add http:// or wwww. to your Comment Moderation or Blacklist boxes. This will send all comments to a pending status, or WP removes them. If you want stuff to be blacklisted that contains a certain url, add a fully qualified domain name.
you should deactivate the plugin(s) first, then delete. i just upgraded to wordpress version 3.8 and everything is okay.
To use the plugin in the question you linked to: Copy the code into notepad or an equivalent program Save the file using the extension .php (make sure your operating system has file endings turned on so it doesn’t save as filename.php.txt Put the file into a compressed (or zipped) folder. How you do this … Read more