Comment on WordPress Comment SPAM by SEO Dave.

WordPress Comment SPAM If anyone trips these comment SPAM filters let me know by email (or comment if you can get past what you tripped), had one user who has tripped the nonce check.

Think it’s a session timing issue which should be resolved with a forced refresh (CTRL F5). Can live with this, the nonce number changes, if a user has been on the page a long time or the cache hasn’t refreshed it would cause the “Security check failed” message. The rare user being hit with this is worth removing 99.99% of comment SPAM (barely getting any comment SPAM now).

While researching the issue discovered the HTTP_REFERER check can be easily tripped by opening a URL in a new window/tab or copying and pasting in a browser window. Might have to remove the HTTP_REFERER check in an update if it’s being tripped by real users easily? Will first test how much new SPAM gets through with the feature disabled.