Our support team is currently on holiday from December 25, 2025 to January 7, 2026, and replies may be delayed during this period.
We appreciate your patience and understanding while our team is away. Thank you for being part of the wpDiscuz community!
Merry Christmas and Happy Holidays! π
Hello,Β
We have spammers who are pasting in links in a different font so it's getting around our spam checks.
Our spam blocking will prevent this: Payit12.TK
But not this: πππ²π’πππ.ππ
Is there a way to disallow pasting of text into the comment form, or to remove all formatting from text?
Hi,
You can use the following code
add_filter('wpdiscuz_allowedtags',function($allowedtags){
//remove <strong> tag
if(isset($allowedtags['strong'])){
unset($allowedtags['strong']);
}
//remove <b> tag
if(isset($allowedtags['b'])){
unset($allowedtags['b']);
}
return $allowedtags;
});
Put the code in the active theme functions.php file.Β
This is just an example. The test ot tags can be managed on the same way.
Β
@asti unfortunately, that did not work. The issue seems to be the font family, not tags. I looked in the database and the comment does not have any tags. Here is another example of a comment we got today:
Iβve made $84,000 so far this year working online and Iβm a full time student. Iβm using an online business opportunity I heard about and Iβve made such great money. Itβs really user friendly and Iβm just so happy that I found out about it. The potential with this is endless.
Hereβs what I doβ¦β¦.. πΎππ.πͺππππ¨ππ1.πͺππ
Note how the url has a different font altogether. This allows the commenter to get around the WordPress disallowed keys because the keys are not using the same font. Apparently, PHP does not see .Com and .πͺππ as the same strings. Therefore, there is nearly an infinite number of combinations these spammers can use to get around the disallowed keys.
Any ideas?
The spammers must have to add the text in some tags, otherwise, they can't add the font-family. That is there is no way to apply the font-family to the part of the text. Β
@asti Here is a screenshot of the comment in the database, there are no tags but the characters are different:
This comment is not flagged as spam, despite the words www and .com existing in the WordPress backlisted keys list.
I believe I found a solution to the issue of spammers using non-standard alphabet characters, though it required us to remove emojis and the rich text bar entirely.Β
Any comment that is posted or edited must match the following PHP pattern or it will be trashed:
$pattern = '/[^a-zA-Z!? &.,$-β_β¦*\'ββ"ββ:%()\s\d\/]/m';
if (preg_match($pattern, $comment_content)) {
wp_trash_comment($comment_id);
}
