Hack: Filter Comments For Specific Text

Even with multiple anti-spam plugins you may still get junk comments on your WordPress site. It can be really annoying to get comment after comment that is so obviously spam to you, but they get through to your site or eat up your time asking for your (dis)approval.

Sometimes you just want to say: if a comment contains X, just trash it! Well, with a few lines of code in your functions.php file or custom plugin, you can.

This filter will take a comment and check it for a piece of text. It actually does a little more than that. First, here’s the code.

add_filter('pre_comment_approved', 'wpfilter_check_comment', '99', 2);
function wpfilter_check_comment($approved , $comment) {
	if (user_can($comment[user_id],'edit_posts')) return $approved; // allow editors to do anything
	if (substr_count($comment['comment_agent'],"MSIE 6") > 0) die("Error code #357.4");
	if (substr_count(strtolower($comment['comment_content']),"viagra") > 0) die("Error code #97934.9");
	return $approved;

So the hook we are using here is pre_comment_approved. The comment data goes into this, and then the first parameter passes through. So if we don’t find anything to flag here, we can just return $approved and it is like the filter never ran.

But before we do that, we are going to do two checks. The first is to check the comment_agent and see if it contains MSIE 6. Who is still using Internet Explorer 6 today? Fake bots that spam you, that’s who. Well, they actually aren’t using a browser at all, but they are faking a post and for some reason using that browser name.

The second check is for the text viagra in the comment_content. This is just an example. Notice that we are using substr_count and checking to see if the value is more than zero. You could check to see if it is more than 1 or 2 if you like to be a little more flexible. Also notice we are using strtolower to make sure we check for the phrase regardless of capital letters.

Now I’m using die commands when either of these two are found. Instead, I could use return and the value of ‘spam’ to simply mark the comments as spam. Or 0 to mark it as pending. But the idea here is I don’t even want to see these comments, nor do I want them to even reach the database. And I don’t care what the spambot sees after they submit the post. Let them see a one-line error message, not a nicely-formatted page. But maybe in some cases I would use 0 so I can see a post.

I do make the error message confusing. The numbers mean nothing. But I don’t like putting a message like Sorry, but your comment appears to be spam. To me, this is like issuing a challenge to the spammers to try to get around it. A weird error message like Error code #357.4 will maybe make them think that their spambot isn’t working right. But if an actual person comes across it, and they email you and say “I got Error code #357.4” then you can figure out which of your rules was triggered.

Oh, and one more thing. That first line uses user_can to check to see if the person submitting the post is an editor. So any rules I add below that won’t affect me or other editors. For instance, if I add a line that checks for more than 2 http instances, indicating there are a lot of links in the comment, then I won’t be bothered by that if I am responding to someone.

Leave a Reply

Your email address will not be published. Required fields are marked *