Comment on Stallion Responsive WordPress SEO Theme by SEO Dave.

Stallion WordPress SEO Package Found my first Stallion 8.1 bug in the new comment SPAM feature.

Stallion Responsive 8.1 comment SPAM filtering is so good since activating it had only two comments go to SPAM and one of them is due to a bug, rest dealt with before it was added to WordPress.

With Akismet would be at around 3,000 in the same period: stopped thousands of SPAM comments before being added to the database = big performance tick using Stallion Responsive.

To the bug.

When a logged in WordPress user has added their website URL on their profile page and the comment author URL is disabled (Stallion feature), Stallion will post the logged in authors comment URL. Like this comment will have a link to home where my author name is next to the avatar, but if you post a comment you can’t add a author URL, don’t want anyone posting comments for backlinks.

Added a new SPAM filter few days before releasing final Stallion 8.1 which when the author URL is disabled it checks if an author URL has been added and if it has adds it to SPAM. Looking at the core WordPress code I thought WordPress dealt with a logged in author URL in a different way to non logged in, apparently not.

Felt sure I’d tested this permutation and it didn’t trip the filter: logged in user, author website added to profile page, author URL turned off on the Stallion SEO options page. Apparently not as it trips the filter.

Will be adding a fix (was an easy fix) that I’ll upload to the zip files within the hour.

For anyone who has already updated it’s this file:

/wp-content/themes/stallion-responsive/plugins/stallion-stop-stupid-spambots.php

Near the bottom change:

<?php if (st_author_links() == '0') {
#function str_remove_comment_fields($fields) {
#unset($fields['url']);
#return $fields;
#}
add_filter('comment_form_default_fields','str_remove_comment_fields');
function str_url_spamcheck2( $approved , $commentdata ) {
return ( strlen( $commentdata['comment_author_url'] ) > 1 ) ? 'spam' : $approved;
}
add_filter( 'pre_comment_approved', 'str_url_spamcheck2', 99, 2 );
}
?>

to

<?php if (st_author_links() == '0' && !is_user_logged_in()) {
function str_remove_comment_fields($fields) {
unset($fields['url']);
return $fields;
}
add_filter('comment_form_default_fields','str_remove_comment_fields');
function str_url_spamcheck2( $approved , $commentdata ) {
return ( strlen( $commentdata['comment_author_url'] ) > 1 ) ? 'spam' : $approved;
}
add_filter( 'pre_comment_approved', 'str_url_spamcheck2', 99, 2 );
}
?>

Or upload the one file via FTP. Not going to change the version number for this small bug, so for those that updated will require the minor modification.

For those that understand code what this does is check if the Stallion hide author URL option is set (0 means off or no author URL field loads), followed by checking if the user is NOT logged in.

If user not logged in and Stallion is set to not show the author URL, remove the URL field.

Stallion has a custom URL field for, so this is a double check just in case if a real commenter manages to add a URL even if the comment field isn’t shown, this removes it.

The last bit adds a function that checks if the comment data includes the author URL field and if the content is above 1 character in length.

If a user is logged out they can’t add an author URL when Stallion hides the URL field, if they can somehow add a URL it’s almost certainly a SPAM bot directly hitting the core WordPress file /wp-comments-post.php (used for posting comments) so we can set those comments to SPAM.

I considered having this filter not allow the comment to be posted at all, but not 100% sure if real commenters can accidentally add a URL, so going with SPAM until I’m sure. If for the next update I’ve not seen real comments marked as SPAM I’ll filter these out completely like some of the other SPAM filters that throw out an error message to go back and change something.

David

Update: have uploaded a new Stallion Responsive 8.1 zip file. Realised as I fixed this bug the feature as a whole is going to filter trackbacks as well (I’ve never allowed trackbacks on a site and didn’t think to test them). I’m not going to add a fix for trackback URLs for this update since trackbacks are SEO damaging (should never allow trackbacks). Will figure out a fix for trackbacks next update.