Make WordPress Core

Opened 2 months ago

Last modified 2 months ago

#62703 new feature request

Do not allow to leave a comment that contains prohibited keywords

Reported by: tunyk's profile tunyk Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Administration Keywords:
Focuses: administration Cc:

Description

Thousands of websites face spam and hacking attempts through comments. To combat this, various moderation, validations, captchas, plugins, etc. are involved. Unfortunately, such solutions do not always cope and load the website using external scripts, etc.

Proposal to improve WordPress security:
Currently, on the page /wp-admin/options-discussion.php there is a block "Prohibited comments keywords" it acts as an automatic moderation for sending to the trash (i.e. comments are still accepted, so the trash can can contain a lot of spam).

I propose to modernize this function, namely to allow administrators to choose what to do with comments that contain prohibited comments keywords (radio button):

  • send to trash
  • do not accept (when clicking on submit button, perform system validation, if there is a word from the list, then display a notification to the user that the comment is prohibited)

Change History (2)

#1 @abcd95
2 months ago

  • Component changed from Security to Administration

Thanks, @tunyk, for the suggestion! I think it's a great idea to prevent spam and hacky comments from entering the system rather than accepting and then trashing them.

I believe the change would involve extending wp_check_comment_disallowed_list() to either continue with the current trash behavior or return an error for blocking the disallowed message, whichever action is preferred by the admin.

We can add a condition here to block the posting of disallowed comments

if ( $blocking_disallowed_comment ) {
        return new WP_Error(
            'comment_disallowed',
            __( 'Sorry, this comment cannot be submitted as it contains prohibited content.' ),
            403
        );
}

I do invite discussions if there are better ways to handle this.

#2 @tunyk
2 months ago

Good option. I think there is no need for any complicated parts here. Minor changes can significantly improve security and reduce administration time for thousands of websites

Note: See TracTickets for help on using tickets.