1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress Security & Comment Bot Combatter

Discussion in 'Blogging' started by blackhatcodex, Aug 30, 2011.

  1. blackhatcodex

    blackhatcodex BANNED BANNED

    Joined:
    Aug 28, 2011
    Messages:
    144
    Likes Received:
    248
    I thought I'd share a little script to combat Comment Bots and add security to your WordPress site.

    What it does:
    It uses Nonces security keys. When you sign into WordPress, you are granted a cookie... a little file that lives in your browser and acts as your "backstage pass" to the WordPress admin. This prevents unauthorized people from accessing your admin and doing bad things. They don't have the cookie, so they're stopped at the door by the bouncer. Your cookie is tied to your user account, which ties into the WordPress capabilities system which controls what things you can and can't do in the admin. This is authentication: verifying that the person performing an admin action is authorized to do it.

    This plugin also uses nonces security key for the comment form for unique validation per user/commenter.

    Plugin Code:
    PHP:
    <?php
    /*
    Plugin Name: WP Security - (or whatever you name it)
    Plugin URI: ****
    Author: ****
    Author URI: ****
    Version: 1.0
    Description: The plugin assists in avoiding bots from posting comments directly onto your WP site.
    Licence: GPLv2
    */

    add_action'comment_form_after_fields''ccb_comment_fields' );
    function 
    ccb_comment_fields() {
        global 
    $post;

        
    wp_nonce_fieldget_ccb_nonce_secret() . $post->ID'_nonce'truetrue );
    }

    add_action'pre_comment_on_post''ccb_pre_comment_check' );
    function 
    ccb_pre_comment_check$id ) {
        if ( 
    is_user_logged_in() )
            return 
    $id;

        if ( ! isset( 
    $_POST['_nonce'] ) ) {
            
    wp_die'Security check fail' );
        }

        if ( ! 
    wp_verify_nonce$_POST['_nonce'], get_ccb_nonce_secret() . $_POST['comment_post_ID'] ) ) {
            
    wp_die'There seems to be some problem adding your comment. Please contact the administrator' );
        }

        return 
    $id;
    }

    add_action'admin_init''ccb_settings' );
    function 
    ccb_settings() {
        
    register_setting'general''ccb-nonce''esc_attr' );
        
    add_settings_field'ccb-nonce''Combat Comments Bot Secret Key''ccb_field''general' );
    }

    function 
    ccb_field() {
        
    $nonce_key get_ccb_nonce_secret();
        echo 
    '<input type="text" value="' $nonce_key '" class="regular-text" name="ccb-nonce" />';
    }

    function 
    get_ccb_nonce_secret() {
        return ( 
    get_option'ccb-nonce' ) ) ? get_option'ccb-nonce' ) : 'comment';
    }
    ?>