[wp-hackers] Best way to 'enhance' wp-comments-post.php

Eric A. Meyer eric at meyerweb.com
Thu May 25 18:06:33 GMT 2006

Hey all,

    In order to block a flood of direct-submission comment spam-- 
stuff that was just hitting the WP post scripts directly, never 
touching a post or its comment form-- I hacked some measures into 
wp-comments-post.php.  These took the basic form of checking to see 
if the submission came from a post comment form, and if not, skipping 
over everything in wp-comments-post.php from the comment "//if the 
user is logged in" to the $location redirect.  By preserving the 
redirect, I figured I could fool any scripts that hit the scripts 
directly but also checked to see if they got the post page back as a 
    I'd like to abstract this process out to a plugin, so I don't have 
to re-hack wp-comments-post.php every time I upgrade.  So what I'm 
wondering is, what hook should I hang on to start this check?  I 
thought about copying one of the hooks Akismet uses, but I didn't 
really know why it was using the ones it was using, so that seemed 
like a fragile solution at best.  I also don't really have to start 
where I did with my hack-- it just seemed like a good place.
    Also, should the plugin itself do the redirect part instead of 
trying to somehow jump to the appropriate point in 
wp-comments-post.php?  That seems simplest, but I wasn't sure if 
there was a better way.
    Thanks for any help with this.

Eric A. Meyer  (eric at meyerweb.com)
Principal, Complex Spiral Consulting   http://complexspiral.com/
"CSS: The Definitive Guide," "CSS2.0 Programmer's Reference,"
"Eric Meyer on CSS," and more    http://meyerweb.com/eric/books/

More information about the wp-hackers mailing list