How to make your WordPress site more secure is probably your most important goal. Hundreds of spam bots crawling your site can make your head hurt not just once. So why just not block any of those scammers and avoid spending your time on marking as a spam posts? Well here is the quickest way to achieve it without any plugins!
Let’s start with removing a website field from a comment form by navigating via Admin panel to: Appearance -> Theme Editor, then select functions.php from right hand side list and scroll the file contents to the bottom.
Paste these lines and save your changes:
// Disable Website URL field in Comments
function jlwp_disable_comment_url($fields) {
unset($fields['url']);
return $fields;
}
add_filter('comment_form_default_fields','jlwp_disable_comment_url');
Next up is to enhance our comments validations on PHP side to block any contents which contains phrases like wwww or http.
We do that by downloading file: wp-includes/comment.php and by navigating to line number: 3373. Around those those two if checks we add our custom validation:
$allow_empty_comment = apply_filters( 'allow_empty_comment', false, $commentdata );
if ( '' === $comment_content && ! $allow_empty_comment ) {
return new WP_Error( 'require_valid_comment', __( 'ERROR: please type a comment.' ), 200 );
}
//START new validation for blocking links
if (strpos($comment_content, 'http') || strpos($comment_content, 'www')) {
return new WP_Error( 'require_valid_comment', __( 'ERROR: URL links in comments are disabled.' ), 200 );
}
//END new validation for blocking links
$check_max_lengths = wp_check_comment_data_max_lengths( $commentdata );
if ( is_wp_error( $check_max_lengths ) ) {
return $check_max_lengths;
}
Upload your updated file back to the server aaaand…
That’s it!
By navigating to any comment page and trying to add any suspicious link in a comment we should get the error page of:
Thanks Adam,
Works perfect!