wordpress漏洞工具_打击WordPress中的垃圾评论的12个重要提示和工具

wordpress漏洞工具

Are you getting tired of dealing with comment spam on your WordPress blog? Well, you are not alone.

您是否厌倦了在WordPress博客上处理垃圾评论? 那么,你并不孤单。

Spam comments are a huge problem especially if you are not prepared to deal with them properly.

垃圾邮件评论是一个巨大的问题,尤其是如果您不准备妥善处理它们。

In this article, we’ll share the best WordPress comment spam plugins and helpful tips to combat spam comments in WordPress. These tips will save you a lot of time and will significantly eliminate comment spam from your website.

在本文中,我们将分享最好的WordPress垃圾评论插件和打击WordPress中垃圾评论的有用技巧。 这些技巧将为您节省大量时间,并会从您的网站中消除垃圾评论。

Combat WordPress comment spam with these tips and tools
为什么您需要处理WordPress中的垃圾评论? (Why You Need to Deal with Comment Spam in WordPress?)

Internet is full of spam bots that automatically spread links for nefarious websites in the form of comment spam. The purpose of these spam comments is to get ranked in search engines and also to get accidental clicks from unsuspecting visitors.

互联网上到处都是垃圾邮件机器人,它们会以评论垃圾邮件的形式自动传播邪恶网站的链接。 这些垃圾评论的目的是在搜索引擎中获得排名,并获得来自毫无戒心的访问者的意外点击。

But not all comment spam is submitted by bots. There are actual human submitted spam comments as well. These off-topic and poorly written comments are harder to catch and often contain links to third-party websites.

但是,并非所有评论垃圾邮件都是由漫游器提交的。 也有实际的人类提交的垃圾邮件评论。 这些离题且写得不好的评论更难捕捉,并且通常包含指向第三方网站的链接。

If you are not monitoring your website and these comments get published, then both your actual users and search engines will be able to see them.

如果您不监视自己的网站并且这些评论被发布,那么您的实际用户和搜索引擎都将能够看到它们。

This affects your website’s reputation. Users would consider your website to be a low quality or spam website.

这会影响您的网站的声誉。 用户会认为您的网站是低质量或垃圾邮件网站。

Search engines can also mark your website as unsafe if they found links to websites that distribute malware and viruses.

如果搜索引擎找到指向分发恶意软件和病毒的网站的链接,它们也可以将您的网站标记为不安全。

That being said, let’s see how you can combat comment spam effectively, so that you spend less time worrying about spam and more time on growing your online business.

话虽如此,让我们看看如何有效地打击垃圾评论,从而减少花费在垃圾邮件上的时间,而将更多的时间用于发展在线业务

1.在WordPress中启用评论审核 (1. Turn on Comment Moderation in WordPress)

Let’s first make sure that no comment on your website is published without your approval. This step will ensure that comments don’t bypass any filters, and it will also give you full control on which comments appear on your website.

首先,请确保未经您的批准,您的网站上不会发表任何评论。 此步骤将确保评论不会绕过任何过滤器,还将使您完全控制哪些评论出现在您的网站上。

This solution is highly recommended for business websites such as law firms, accounting, etc.

强烈建议此解决方案用于商业网站,例如律师事务所,会计等。

Head over to the Settings » Discussion page inside WordPress admin area. Next, scroll down to the ‘Before a comment appears’ section and check the box next to ‘Comment must be manually approved’ option.

转到WordPress管理区域内的“设置”»“讨论”页面。 接下来,向下滚动到“出现评论之前”部分,然后选中“必须手动批准评论”旁边的框。

Enable comment moderation in WordPress

Don’t forget to click on the ‘Save changes’ button to store your settings.

不要忘记点击“保存更改”按钮来保存您的设置。

All your WordPress comments will now be held for moderation and you will have to manually approve each comment before it appears on your website.

现在,您所有的WordPress评论都将保留以进行审核,您必须手动批准每个评论,然后这些评论才会出现在您的网站上。

Now you may be wondering how would I go through all the comments? Well in the next few tips, we will show you how to eliminate spam comments so that you only have to go through genuine comments.

现在您可能想知道我将如何浏览所有评论? 在接下来的几条提示中,我们将向您展示如何消除垃圾邮件评论,这样您只需要阅读真实的评论即可。

2.激活Akismet反垃圾邮件保护 (2. Activate Akismet Anti-spam Protection)

Akismet anti-spam protection

Akismet is an anti-spam plugin that comes pre-installed with WordPress. It filters all WordPress comments on your website through their anti-spam database and catches the most common types of spam comments.

Akismet是预装WordPress的反垃圾邮件插件。 它通过反垃圾邮件数据库过滤您网站上的所有WordPress评论,并捕获最常见的垃圾评论类型。

Akismet is available as a free plugin, but you’ll need to signup for their API key. You can get it free for a personal blog or a small website.

Akismet可作为免费插件使用,但您需要注册其API密钥。 您可以免费获得个人博客或小型网站。

To set it up, see our guide on how to set up Akismet for beginners with step by step instructions.

要进行设置,请参阅有关如何为初学者设置Akismet的指南,并提供分步说明。

3.使用Sucuri打击垃圾评论 (3. Using Sucuri to Combat Spam Comments)

Sucuri website firewall

While Akismet is able to catch a lot of spam comments, it cannot stop spammers from accessing your website. Too many requests from spammers to submit comments can slow down your website and affect performance.

虽然Akismet可以捕获大量垃圾邮件评论,但不能阻止垃圾邮件发送者访问您的网站。 垃圾邮件发送者提交评论的请求过多,可能会降低您的网站速度并影响性能。

This is where Sucuri comes in. It is the best WordPress firewall plugin that allows you to block suspicious requests before they even reach your website.

这就是Sucuri的用处 。它是最好的WordPress防火墙插件 ,可让您在可疑请求到达您的网站之前将其阻止。

They can prevent automated bots and scripts from submitting comments. This reduces the load on your servers and the number of spam comments you receive.

它们可以阻止自动的机器人程序和脚本提交评论。 这样可以减少服务器的负载并减少收到的垃圾邮件评论的数量。

4.使用Honeypot捕获垃圾邮件机器人 (4. Using Honeypot to Catch Spam Bots)

Honeypot anti spam technique

Honeypot technology is an effective method to trick spambots into identifying themselves. Once they are identified their comments can be blocked.

蜜罐技术是一种有效的手段,可以诱骗垃圾邮件识别自己。 一旦确定了他们的评论,便可以将其阻止。

First, you need to install and activate the Antispam Bee plugin. Upon activation simply go to Settings » Antispam Bee page and check the option to mark as spam for all honeypot caught comments.

首先,您需要安装并激活Antispam Bee插件。 激活后,只需转到“设置”»“反垃圾邮件蜜蜂”页面,然后选中将所有蜜罐捕获的评论标记为垃圾邮件的选项。

Don’t forget to click on the save changes button to store your settings.

不要忘记单击“保存更改”按钮来存储您的设置。

The plugin will now use the honeypot technique to catch the bad spam bots. It also has other antispam filter such as validate the IP address from your WordPress comment blacklist, look at bbcode, look in local spam database, and more.

该插件现在将使用蜜罐技术来捕获不良的垃圾邮件机器人。 它还具有其他反垃圾邮件过滤器,例如从WordPress注释黑名单中验证IP地址,查看bbcode,查看本地垃圾邮件数据库等等。

5.添加Google reCAPTCHA验证 (5. Add Google reCAPTCHA Verification)

Using reCAPTCHA in WP Comments plugin, you can enable Google reCAPTCHA challenge on your comment forms.

使用WP Comments插件中的reCAPTCHA ,您可以在评论表单上启用Google reCAPTCHA挑战。

WordPress comment form with reCAPTCHA enabled

ReCAPTCHA is an advanced form of CAPTCHA, which is a technology used to differentiate between robots and human users. CAPTCHA is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”.

ReCAPTCHA是CAPTCHA的一种高级形式,它是一种用于区分机器人和人类用户的技术。 CAPTCHA是“完全自动化的公共图灵测试以告诉计算机和人类的区别”的首字母缩写。

Google makes it easy for users to verify their identity by simply clicking on the checkbox button.

Google只需单击复选框按钮,即可使用户轻松验证其身份。

For spambots, this technology is quite hard to bypass because when Google detects a spam bot, it gives them a much harder challenge.

对于垃圾邮件攻击者来说,很难绕过这项技术,因为当Google检测到垃圾邮件漫游器时,这给他们带来了更大的挑战。

See our guide on how to how to add reCAPTCHA to WordPress comments.

请参阅我们的指南,了解如何将reCAPTCHA添加到WordPress注释中

Note: while most WordPress comment captcha plugins are annoying, this is the best form of CAPTCHA you can use.

注意:虽然大多数WordPress注释验证码插件都很烦人,但这是您可以使用的验证码的最佳形式。

6.从评论表单中删除网站URL字段 (6. Removing Website URL Field from Comment Form)

Remove website field from the comment form

The URL field in the comment form attracts not only spammers (both automated and human), but it also invites people who have absolutely no interest in the discussion at all.

注释表单中的URL字段不仅吸引了垃圾邮件发送者(自动发送者和人工发送者),而且还邀请了对此讨论完全不感兴趣的人。

These comments usually contain a line or two of irrelevant nonsense, and the comment author name will contain a keyword or a combination of a real name with keywords like Sally from Dunder Mifflin, or John @SEOconsultants, etc.

这些注释通常包含一两行无关紧要的废话,注释作者名称将包含关键字或实名与关键字的组合,例如Dunder Mifflin的Sally或John @SEOconsultants等。

Simply add the following code to your WordPress theme’s functions.php file or a site-specific plugin.

只需将以下代码添加到WordPress主题的functions.php文件或特定站点的插件中即可



function wpb_disable_comment_url($fields) { 
unset($fields['url']);
return $fields;
}
add_filter('comment_form_default_fields','wpb_disable_comment_url');

This code simply filters the WordPress comment form fields and removes the website field from the form.

此代码仅过滤WordPress注释表单字段,并从表单中删除网站字段。

Note: you will need to login to your WordPress hosting via FTP to upload the code above.

注意:您需要通过FTP登录到WordPress托管才能上传上面的代码。

7.禁用对媒体附件的评论 (7. Disable Comments on Media Attachments)

WordPress automatically creates image attachment pages where users can see an image and even leave a comment on it.

WordPress自动创建图像附件页面,用户可以在其中看到图像,甚至在图像上发表评论。

If you are linking your images to the attachment page, then after a while you will have a lot of attachment pages with comments enabled on them.

如果要将图像链接到附件页面,则过一会儿,您将有很多附件页面,这些页面上都启用了注释。

If images are a central part of your content, then that’s fine. But if you don’t want users to comment on images, then you should turn off comments on media attachments.

如果图像是内容的中心部分,那很好。 但是,如果您不希望用户对图像发表评论,则应关闭对媒体附件的评论。

The easiest way to do this is by installing the Disable Comments plugin. Upon activation, go to Settings » Disable Comments page and check the box next to ‘Media’ option.

最简单的方法是安装“ 禁用评论”插件。 激活后,转到“设置”»“禁用评论”页面,然后选中“媒体”选项旁边的框。

Disable comments for attachments

Click on the save changes button to store your settings. The plugin will now disable comments on your WordPress media files and attachments.

单击保存更改按钮以存储您的设置。 该插件现在将禁用对WordPress媒体文件和附件的评论。

8.禁用注释中HTML (8. Disable HTML in Comments)

Disable HTML in WordPress comments

Another handy tip to discourage links in comments is disabling HTML in comments. HTML can be used to hide spam links in WordPress comments.

阻止评论中的链接的另一个方便技巧是禁用评论中HTML。 HTML可用于隐藏WordPress注释中的垃圾邮件链接。

Simply add the following code to your theme’s functions.php file or a site-specific plugin.

只需将以下代码添加到主题的functions.php文件或特定站点的插件中


    function wpb_comment_post( $incoming_comment ) {
    $incoming_comment['comment_content'] = htmlspecialchars($incoming_comment['comment_content']);
    $incoming_comment['comment_content'] = str_replace( "'", ''', $incoming_comment['comment_content'] );
	return( $incoming_comment );
    }
    function wpb_comment_display( $comment_to_display ) {
     $comment_to_display = str_replace( ''', "'", $comment_to_display );
     return $comment_to_display;
}
add_filter( 'preprocess_comment', 'wpb_comment_post', '', 1);
add_filter( 'comment_text', 'wpb_comment_display', '', 1);
add_filter( 'comment_text_rss', 'wpb_comment_display', '', 1);
add_filter( 'comment_excerpt', 'wpb_comment_display', '', 1);
remove_filter( 'comment_text', 'make_clickable', 9 );

This code changes HTML code into HTML entities which are displayed as the code and are not parsed by the browser.

此代码将HTML代码更改为HTML实体,这些HTML实体显示为该代码,并且不会被浏览器解析。

9.最小和最大评论长度 (9. Minimum and Maximum Comment Length)

Another way to combat comment spam is by using Yoast Comment Hacks plugin to set a minimum and maximum comment length.

打击评论垃圾邮件的另一种方法是使用Yoast Comment Hacks插件设置最小和最大评论长度。

Recently we ran into a comment spam problem where a spammer was leaving hundreds of comments per hour with a single word: hello.

最近,我们遇到了垃圾评论垃圾邮件问题,垃圾邮件发送者每小时用一个词留下数百条评论:你好。

Akismet and Sucuri were not able to block this because the comment looked natural. Antispam bee honeypot slowed the spammer down, but it too wasn’t able to entirely block the attack.

Akismet和Sucuri无法阻止此操作,因为评论看起来很自然。 反垃圾邮件蜜蜂蜜罐减慢了垃圾邮件发送者的速度,但是它也无法完全阻止攻击。

We simply enabled the Yoast Comment Hacks plugin and set the minimum comment length. This forces the user to leave a more meaningful comment instead of just a one word message.

我们只是启用了Yoast Comment Hacks插件并设置了最小评论长度。 这迫使用户留下更有意义的注释,而不是一个单词的消息。

10.在WordPress中禁用引用 (10. Disable Trackbacks in WordPress)

A big portion of comment SPAM is trackbacks. For most blogs, it is not necessary to have trackbacks enabled. You can choose to disable trackbacks on your entire blog or in an individual post. This is an easy way to significantly reduce comment SPAM.

评论SPAM的很大一部分是引用。 对于大多数博客,没有必要启用引用。 您可以选择在整个博客或单个帖子中禁用引用。 这是一种显着减少评论垃圾邮件的简便方法。

Disable trackbacks in WordPress

You can find the above option by visiting Settings » Discussion. This will turn off trackbacks for your entire site.

您可以通过访问设置»讨论找到以上选项。 这将关闭整个网站的引用。

11.关闭对旧帖子的评论 (11. Turn off Comments on Old Posts)

WordPress allows you to turn off comments on old posts. This particularly helpful for websites publishing content that is more timely like news or events websites.

WordPress允许您关闭旧帖子的评论。 这对于发布更及时的内容(如新闻或事件网站)的网站特别有用。

Simply go to Settings » Discussion, under ‘Other comment settings’ you will see the option ‘Automatically close comments on articles older than’. Check the box next to this option and enter the number of days you want comments to be displayed on a post.

只需转到“设置”»“讨论” ,在“其他评论设置”下,您将看到“自动关闭对早于此的文章的评论”选项。 选中此选项旁边的框,然后输入要在帖子上显示评论的天数。

Close comments on older articles

WordPress will now automatically close comments on posts older than the number of days you defined for this option. If you need, you can override comment deadline in WordPress for individual posts where you would like comments to remain open.

WordPress现在将自动关闭对早于您为此选项定义的天数的帖子的评论。 如果需要,您可以在WordPress中为希望保留评论的各个帖子覆盖评论截止日期

12.关闭评论 (12. Switch Off Comments )

In case you feel that you don’t need comments on your WordPress site, or comment moderation goes out of your hands, remember that you can always switch off comments in WordPress. All you have to do is go to Settings » Discussion and uncheck the box next to ‘Allow people to post comments on new articles’.

如果您觉得自己不需要在WordPress网站上发表评论,或者评论审核一发不可收拾,请记住,您随时可以在WordPress中关闭评论。 所有您需要做的就是转到“设置”»“讨论”,然后取消选中“允许其他人对新文章发表评论”旁边的框。

Turn off comments

You can also make comments for registered users only by checking the box in your Settings ~ Discussion page. For more details, see our guide on how to completely disable comments in WordPress.

您还可以仅通过选中“设置”〜“讨论”页面中的框来为注册用户发表评论。 有关更多详细信息,请参见有关如何完全禁用WordPress中的注释的指南。

用户常见问题 (Frequently Asked Questions by Users)

Why are they spamming me?

他们为什么向我发送垃圾邮件?

Spammers want to get better search rankings or lure unsuspecting visitors to dubious and malicious sites. They think that by spamming they can get more links, and it will somehow positively affect their search rankings.

垃圾邮件发送者希望获得更好的搜索排名,或诱使毫无戒心的访客访问可疑和恶意的网站。 他们认为通过发送垃圾邮件,他们可以获得更多链接,这将以某种方式对他们的搜索排名产生积极影响。

In most cases, it is not a personal attack against you rather it’s a systematic process that targets many blogs.

在大多数情况下,这不是针对您的人身攻击,而是针对许多博客的系统化流程。

What happens to comments that are marked as “Spam”?

标为“垃圾邮件”的评论会如何处理?

The comments that you mark as spam, are not displayed on your website. You can delete Spammed comments in batch and/or recover good comments from the SPAM list.

您标记为垃圾邮件的评论不会显示在您的网站上。 您可以批量删除垃圾评论,和/或从垃圾邮件列表中恢复良好评论。

Spam comments

Why is every comment going into the moderation queue?

为什么每个评论都进入审核队列?

You enabled the comment moderation as the first tip in this article. This gives you absolute control on any comment that gets published on your website.

您已启用评论审阅作为本文的第一技巧。 这使您可以绝对控制在您的网站上发布的任何评论。

We hope this article helped you find useful tips and tools to combat comment spam in WordPress. You may also want to see our guide on how to grow your website traffic and convert users into subscribers by creating an email newsletter.

我们希望本文能帮助您找到有用的技巧和工具来对抗WordPress中的垃圾评论。 您可能还希望查看我们的指南,该指南介绍了如何通过创建电子邮件通讯增加网站流量以及如何将用户转换为订户。

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

如果您喜欢这篇文章,请订阅我们的YouTube频道 WordPress视频教程。 您也可以在TwitterFacebook上找到我们。

翻译自: https://www.wpbeginner.com/beginners-guide/vital-tips-and-tools-to-combat-comment-spam-in-wordpress/

wordpress漏洞工具

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
有很多WordPress漏洞利用工具可用于测试和利用WordPress网站的安全漏洞。其一个工具叫做WPXF。根据引用,WPXF可以用于利用symposium_shell_upload漏洞。使用WPXF,你可以设置目标URI和主机,以便对WordPress网站进行漏洞利用。在引用,设置了目标URI为/wordpress/,设置了主机为wp-sandbox。此外,还有其他的WordPress漏洞利用工具,比如WordpressPingbackPortScanner,它可以用于扫描WordPress网站的开放端口,以便发现潜在的安全风险。你可以在引用找到更多关于这个工具的信息。<span class="em">1</span><span class="em">2</span><span class="em">3</span> #### 引用[.reference_title] - *1* *2* [一款强大的WordPress漏洞利用框架 - WPXF](https://blog.csdn.net/weixin_35779001/article/details/116177937)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_1"}}] [.reference_item style="max-width: 50%"] - *3* [Wordpress漏洞利用&WPscan使用](https://blog.csdn.net/q20010619/article/details/121389238)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_1"}}] [.reference_item style="max-width: 50%"] [ .reference_list ]
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值