Comment Spam Reduction from Rename of WordPress wp-comments-post.php
Allowing comments on a WordPress post is a way of engaging users and helps with encouraging repeat visits. However, there are far to many malicious website viewers that want to use the WordPress comments feature to post links to themselves. This is often attempted by automated software called bots. The bots (software robots) will bypass any comment posting checks (such as CAPTCHA) and access the comment posting code directly via the WordPress file wp-comments-post.php.
Renaming WordPress wp-comments-post.php File May Reduce Spam Comments
You can reduce the chance of comment spam by renaming wp-comments-post.php, this tutorial shows how to do it. Please note this will involve changes to your WordPress installation. Always ensure regular backups of the web site are available, just in case anything needs to be restored. (Most web hosting providers give access to a back up facility on top of their own backup routines. Contact your hosting provider to find out how to perform a specific backup of your web site.)
Another Advantage of Renaming wp-comments-post.php to Reduce Comment Spam
Every time comment spam is posted the web server that the site is hosted on has to consume resources. It runs PHP code, and code to access the WordPress database. Executing code and sending the response to the wp-comments-post.php request uses server resources. If the web site is on a low cost shared hosting plan then there is a limit to the resources available. Wasting resources responding to bots could result in proper visitors experiencing slow page responses. Renaming wp-comments-post.php can help lower overall server resource usage.
In this example the new name for the wp-comments-post.php file is going to be my-comments.php. Use whatever name is suitable.
The wp-comments-post.php file is a WordPress code file that is setup from another WordPress code file called comment-template.php, in the directory wp-includes. If not using a standard WordPress theme then comments may be handled differently, check with the theme provider to see if the theme calls wp-comments-post.php.
The file comment-template.php is edited to change the reference to wp-comments-post.php to my-comments.php. (At line 2238 as at time of writing, and in the remarks at line 2144 if required). In this tutorial it is assumed the web site is using the latest version of WordPress. If not then make sure you use the correct version of the files. If the web site hosting company does not have tools to change files online then work locally with the files and upload them to the web server when ready.
(To get a local copy of the files use the tools on your web hosting provider's control panel, you should be able to download the files. Alternatively download a zipped copy of WordPress from WordPress.org and unzip the files to a local directory.)
For example on a Windows machine use a text editor to edit a local copy of comment-template.php, remember it is in the wp-includes folder. The Windows Notepad program is not suitable for editing comment-template.php because of the line formatting style used in the file. Instead use a program such as Notepad++ to edit source code files.
Alternatively if you can access the website through SSH (secure shell) then a text editor, such as nano on a Linux machine, can be used to change the file. (The following applies to the nano text editor. Your website hosting platform may use a different editor.)
If using nano:
# cd wp-includes # nano comment-template.php
Use Ctrl-W (twice) to find the correct reference to wp-comments-post.php (the second one), change it to my-comments.php (or your chosen name). Use Ctrl-O to save the file, then Ctrl-X to exit nano.
WordPress Updates May Require a Re-Edit of wp-comments-post.php
Since comment-template.php is a core WordPress file any WordPress updates may restore the original wp-comments-post.php name. After a WordPress update check that comment-template.php has not been changed. If it has edit it again to change the reference to wp-comments-post.php back to my-comments.php or whatever name was used.
Copy wp-comments-post.php to the New File
With the name changed the next step is to copy wp-comments-post.php to the new file name, here called my-comments.php, use the name you have chosen. If doing this locally upload the new file to the WordPress directory on the web site. If wp-comments-post-php gets changed in a WordPress update remember to copy the new version to a new my-comments.php.
To rename wp-comments-post.php to my-comments.php in the Linux shell use:
# mv wp-comments-post.php my-comments.php
Remove the Content of the Original wp-comments-post.php File
After creating the replacement wp-comments-post.php file the bots will still be trying to access the original. Therefore delete it. This will cause the web server to reply with a 404 error page. Alternatively to reduce the resources used to serve the 404 error page keep the wp-comments-post.php page but just delete all its contents. The bot is then just accessing a zero length file that does nothing.
Test the Changes Made to the Site to Reduce Comment Spam
Hopefully changing the wp-comments-post.php file in the web site's WordPress installation will reduce the number of annoying comment spam that clutters the site administration pages as well as the time need to handle it.
Once all the changes have been made then test that comments are working. Browse to a post that allows comments and add one. The ability to add comments should work as before. If not double check the steps given above. If necessary the changes made can be undone by replacing the changed files with originals from a WordPress zip file from WordPress.org.
To reduce comment spam bot hits on wp-comments-post.php:
- On the web server copy wp-comments-post.php to a new file, e.g my-comments.php.
- In the wp-includes directory, in the file comment-template.php change the text wp-comments-post.php, around line 2238, to the new file name, e.g. my-comments.php.
- Delete wp-comments-post.php so that bots get a 404 error response. Alternatively edit the file and remove all its contents for a low resource response.
- Test that comments can still be posted.
- When a WordPress update is released make sure that the wp-comments-post.php file has not been restored. If so copy it over to the new version (e.g. my-comments.php), and delete it or remove its contents. Also check that comment-template.php has not been restored. If so change the reference to wp-comments-post.php back to the new name (e.g. my-comments.php).
- For a full list of all the articles available on Tek Eye see the full site Index.
Author:Daniel S. Fowler Published: Updated: