WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#17667 closed enhancement (wontfix)

Reducing spam by requiring referrer in wp-comments-post.php

Reported by: BenChapman Owned by:
Milestone: Priority: normal
Severity: minor Version: 3.2
Component: Comments Keywords: 2nd-opinion close
Focuses: Cc:

Description

Would it not be a good idea to try thwart spammers by just adding a part to the top of wp-comments-post.php that rejects the query if there's no referrer, or even checks to see if the referrer is coming from the correct website?

Attachments (1)

17667.diff (466 bytes) - added by BenChapman 3 years ago.
Adds an if statement to the top of wp-comments-post.php which stops request and returns 404 if there is no referrer

Download all attachments as: .zip

Change History (6)

BenChapman3 years ago

Adds an if statement to the top of wp-comments-post.php which stops request and returns 404 if there is no referrer

comment:1 BenChapman3 years ago

  • Cc admin@… added

comment:2 sivel3 years ago

  • Keywords 2nd-opinion close added

There are a number of "legitimate" reasons that a referrer may not be sent such as due to security related browser extensions. I'd say it would be best to handle this via a plugin.

comment:3 nacin3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Agreed, sounds like a good plugin.

comment:4 ocean903 years ago

6 years ago we had already removed the referrer for comments, same reason, see #1673.

Also many plugins already includes a referrer check.

Code snippet:

function my_verify_comment_referer() {
	if ( ! wp_get_referer() )
		wp_die( 'You need to enable referrers in your browser.' );
}
add_action( 'pre_comment_on_post', 'my_verify_comment_referer' );

comment:5 dd323 years ago

Might as well mention this: Since WordPress has such a large amount of installs, If we moved to -require- it, 95% of the spambots in the world would be updated overnight to send a valid referer too.. might work in the short term to reduce spam, but long term, it only causes more problems :)

Note: See TracTickets for help on using tickets.