Zero Comment Spam

Yes it's true, I've had zero comment spam since implementing the keyword scheme. I've had quite a few comments, even one from my Dad, which demonstrates that entering the keyword isn't too onerous. As promised, here's what I did.

First of all I added the following (in green) at the end of wp-includes/template-functions-comments.php:

echo '</rdf:RDF>';

function ordinalSuffix($number)  {
    $suffixes = array("th","st","nd","rd");

    $suffixIndex = $number % 10;
   if (    $suffixIndex > 3
        || $number == 11
        || $number == 12
        || $number == 13) {
    $suffixIndex = 0;

    return $suffixes[$suffixIndex];


Then, I modified wp-comments.php by adding the following:

  <label for="comment"><?php _e("Your Comment"); ?></label>
  <br />
  <textarea name="comment" id="comment" cols="70" rows="4" tabindex="4"></textarea>

  <label for="phraseword">As a comment spam precaution, please type the
    <?php _e( (1 + ($id  % 16)) . ordinalSuffix(1 + ($id  % 16)) ) ?>
    word of the following phrase: <br />
    <q>I know a bank where the wild thyme blows,
    where oxlips and the nodding violet grows</q>
  <br />
  <input type="text" name="phraseword" id="phraseword" size="28" tabindex="5 " />

  <input name="submit" type="submit" tabindex="5" value="<?php _e("Say It!"); ?>" />

Feel free to choose your own pass phrase. Finally, I added the following to wp-comments-post.php:

$comment = trim($_POST['comment']);
$comment_post_ID = intval($_POST['comment_post_ID']);
$user_ip = $_SERVER['REMOTE_ADDR'];

$phrase = 'I know a bank where the wild thyme blows, where oxlips and the nodding violet grows';
$keywords = preg_split("/[s,.]+/", $phrase);

$phraseword = trim($_POST['phraseword']);
if ( empty ($phraseword) ) {
        die( __('Sorry, you didn't enter the phrase word.') );
else {
  if  ($phraseword != $keywords[ $comment_post_ID % count($keywords)]) {
          die( __('Sorry, you didn't enter the correct phrase word. '));


if ( 'closed' ==  $wpdb->get_var("SELECT comment_status FROM $tableposts WHERE ID = '$comment_post_ID'") )

Make sure that your phrase doesn't have any punctuation at the end otherwise the code to split the phrase into words will add an extra empty word at the end and confuse the code that checks the poster entered the correct word.

There it is. Zero comment spam. For now at least.


Other posts tagged as internet-alchemy, php, spam, wordpress

Earlier Posts