Make WordPress Core

Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#17667 closed enhancement (wontfix)

Reducing spam by requiring referrer in wp-comments-post.php

Reported by: benchapman's profile BenChapman Owned by:
Milestone: Priority: normal
Severity: minor Version: 3.2
Component: Comments Keywords: 2nd-opinion close
Focuses: Cc:

Description

Would it not be a good idea to try thwart spammers by just adding a part to the top of wp-comments-post.php that rejects the query if there's no referrer, or even checks to see if the referrer is coming from the correct website?

Attachments (1)

17667.diff (466 bytes) - added by BenChapman 14 years ago.
Adds an if statement to the top of wp-comments-post.php which stops request and returns 404 if there is no referrer

Download all attachments as: .zip

Change History (6)

@BenChapman
14 years ago

Adds an if statement to the top of wp-comments-post.php which stops request and returns 404 if there is no referrer

#1 @BenChapman
14 years ago

  • Cc admin@… added

#2 @sivel
14 years ago

  • Keywords 2nd-opinion close added

There are a number of "legitimate" reasons that a referrer may not be sent such as due to security related browser extensions. I'd say it would be best to handle this via a plugin.

#3 @nacin
14 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Agreed, sounds like a good plugin.

#4 @ocean90
14 years ago

6 years ago we had already removed the referrer for comments, same reason, see #1673.

Also many plugins already includes a referrer check.

Code snippet:

function my_verify_comment_referer() {
	if ( ! wp_get_referer() )
		wp_die( 'You need to enable referrers in your browser.' );
}
add_action( 'pre_comment_on_post', 'my_verify_comment_referer' );

#5 @dd32
14 years ago

Might as well mention this: Since WordPress has such a large amount of installs, If we moved to -require- it, 95% of the spambots in the world would be updated overnight to send a valid referer too.. might work in the short term to reduce spam, but long term, it only causes more problems :)

Note: See TracTickets for help on using tickets.