wordpress 邮件_我如何停止WordPress评论垃圾邮件

wordpress 邮件

I love almost every part of being a tech blogger:  learning, preaching, bantering, researching.  The one part about blogging that I absolutely loathe:  dealing with SPAM comments.  For the past two years, my blog has registered 8,000+ SPAM comments per day.  PER DAY.  Bloating my database with that trash slows down my blog in every which way, and recently I decided I was done with it.  I was also tired of moderating comments and seeing loads of SPAM comment notifications in my email inbox.  Done.  And like a boss...I stopped it.  Dead.  Here's how I did it!

我几乎喜欢成为技术博客的每个方面：学习，讲道，开玩笑，研究。 我绝对讨厌有关博客的内容：处理垃圾邮件评论。 在过去的两年中，我的博客每天注册8,000多个垃圾邮件评论。 每天 。 用这些垃圾填充数据库会以各种方式减慢我的博客的速度，最近我决定自己已经做好了。 我也厌倦了审核评论以及在电子邮件收件箱中看到大量的垃圾邮件评论通知。 做完了 像老板一样...我停了下来。 死。 这是我的方法！

我如何被垃圾邮件 (How I Was Getting Spammed)

There's no way to tell, but I suspect bots detected that I had a WordPress blog, knew the form keys for submitting comments, and did so accordingly.  I was getting comments for Viagra, Cialis, Michael Kors, Nike shoes, and more.  Stuff only bots would spend the time on.  It all had to be a detected, automated attack -- nothing targeted.

没有办法告诉我，但是我怀疑机器人检测到我有一个WordPress博客，知道用于提交评论的表单密钥，因此也这样做了。 我收到有关伟哥，Cialis，Michael Kors，耐克鞋等的评论。 只有东西的机器人会花时间。 所有这些都必须是一种已检测到的自动攻击，没有针对性。

什么不起作用 (What Wasn't Working)

Everything.  I had used different WordPress plugins and continued to get SPAM.  Akismet is the premier WordPress SPAM protector and it wasn't able to prevent the problems -- and included 100KB+ of JavaScript which slowed down my site.  I never used a CAPTCHA utility because any barrier to commenting on my site should be a problem I deal with, not all of you.  In the end, I was let down by numerous utilities.  I was disappointed but refused to give in.

一切。 我使用了不同的WordPress插件，并继续获得SPAM。 Akismet是最主要的WordPress SPAM保护程序，它无法阻止这些问题-并包含100KB +JavaScript，这使我的网站变慢了。 我从未使用过CAPTCHA实用程序，因为在我的网站上发表评论的任何障碍都应该是我要解决的问题，而不是所有人。 最后，我被众多公用事业所失望。 我很失望，但拒绝屈服。

什么工作 (What Worked)

The first step was removing all of the anti-spam plugins, as there was a good chance they were messing with each other and letting the SPAM in.  My solution was allowing the generic anti-spam solution:  adding an INPUT to the form which should remain empty during the submission process.  Empty in value but present via key:  the premise is that bots that read form inputs would populate the form field values with rubbish just to make sure submissions weren't rejected based on empty values.

第一步是删除所有反垃圾邮件插件，因为它们很有可能彼此搞乱并让SPAM进入。我的解决方案是允许通用的反垃圾邮件解决方案：在表单中添加一个INPUT在提交过程中保持空白。 价值为空，但通过键显示：前提是，读取表单输入的机器人会将垃圾填入表单字段值，以确保不会基于空值拒绝提交。

我如何实施垃圾邮件防护 (How I Implemented Spam Protection)

You can't simply add inputs on the server side -- they are output to the page and the bot can read those and populate (or not populate) them.  Creating those fields on the client side eliminates the simple bot / curl readers.  You can add said form fields with JavaScript (via any framework) and that's your best bet.  Before we do that, however, let's implement the server-side SPAM block check.

您不能简单地在服务器端添加输入-它们被输出到页面，并且机器人可以读取并填充(或不填充)它们。 在客户端创建这些字段将消除简单的bot / curl阅读器。 您可以使用JavaScript(通过任何框架)添加所述表单字段，这是最好的选择。 但是，在执行此操作之前，让我们实现服务器端SPAM块检查。

WordPress PHP (The WordPress PHP)

Before accepting a comment on the server side, we need to check for the dynamic key presence.  All we need is an isset check:

在服务器端接受评论之前，我们需要检查动态密钥是否存在。 我们需要做的是一个isset检查：

// Fuck off spammers
function preprocess_new_comment($commentdata) {
	if(!isset($_POST['is_legit'])) {
		die('You are bullshit');
	}
	return $commentdata;
}
if(function_exists('add_action')) {
	add_action('preprocess_comment', 'preprocess_new_comment');
}

If the check fails, we reject the comment.  Of course this means that users without JavaScript support will have their comments rejected, but the chance of being spammed is probably greater than that of users without JS support so I'm fine with that.  If the key isn't set, we outright reject the comment all together.  This is a chance, of course, but statistics show it's worth it.

如果检查失败，我们将拒绝评论。 当然，这意味着不支持JavaScript的用户将拒绝其评论，但是被垃圾邮件发送的可能性可能比不支持JS的用户更大，因此我可以接受。 如果未设置密钥，我们将完全拒绝评论。 当然，这是一个机会，但是统计数据表明这是值得的。

JavaScript (The JavaScript)

The easy answer here is using basic JavaScript to inject the form field, and since every JS framework has its own syntax, I'll pass on providing code for all of them.  Adding said field upon page load seems a bit suspect to me, as an intelligent bot may be able to detect that.  In the case of my blog, I use MooTools and submit comments via AJAX, so I simply append the secret field within the JavaScript code upon submission:

一个简单的答案是使用基本JavaScript注入表单字段，并且由于每个JS框架都有自己的语法，因此我将继续为所有这些代码提供代码。 在页面加载时添加该字段对我来说有点令人怀疑，因为智能机器人可能能够检测到这一点。 就我的博客而言，我使用MooTools并通过AJAX提交评论，因此我只需在提交时在JavaScript代码中附加秘密字段即可：

var form = $('comment-form');

new Request({
    url: form.action,
    method: 'post',
    onRequest: function() {},
    onSuccess: function(content) {},
    onComplete: function() {}
}).send(form.toQueryString() + '&is_legit=1');

Adding that key upon submission has proven safe to this point.

在提交时添加密钥已被证明是安全的。

获奖 (WINNING)

After two weeks I've received 0 SPAM comments.  Zero.  None.  Nil.  Absolute zip.  I went from over 8,000 per day to none.  Better than Akismet, better than any plugin.  Take WordPress SPAM prevention into your own hands -- use client-side magic with a small PHP function to make your life easier!

两周后，我收到了0条垃圾邮件评论。 零。 没有。 零。 绝对拉链。 我从每天超过8,000变成了无。 比Akismet更好，比任何插件都更好。 将WordPress SPAM预防掌握在自己手中-使用客户端魔术和一个小型PHP函数使您的生活更轻松！

翻译自: https://davidwalsh.name/wordpress-comment-spam

wordpress 邮件