Hello,
We have spammers who are pasting in links in a different font so it's getting around our spam checks.
Our spam blocking will prevent this: Payit12.TK
But not this: 𝐏𝐚𝐲𝐢𝐭𝟏𝟐.𝐓𝐊
Is there a way to disallow pasting of text into the comment form, or to remove all formatting from text?
Hi,
You can use the following code
add_filter('wpdiscuz_allowedtags',function($allowedtags){
//remove <strong> tag
if(isset($allowedtags['strong'])){
unset($allowedtags['strong']);
}
//remove <b> tag
if(isset($allowedtags['b'])){
unset($allowedtags['b']);
}
return $allowedtags;
});
Put the code in the active theme functions.php file.
This is just an example. The test ot tags can be managed on the same way.
@asti unfortunately, that did not work. The issue seems to be the font family, not tags. I looked in the database and the comment does not have any tags. Here is another example of a comment we got today:
I’ve made $84,000 so far this year working online and I’m a full time student. I’m using an online business opportunity I heard about and I’ve made such great money. It’s really user friendly and I’m just so happy that I found out about it. The potential with this is endless.
Here’s what I do…….. 𝑾𝒘𝒘.𝑪𝒂𝒔𝒉𝑨𝒑𝒑1.𝑪𝒐𝒎
Note how the url has a different font altogether. This allows the commenter to get around the WordPress disallowed keys because the keys are not using the same font. Apparently, PHP does not see .Com and .𝑪𝒐𝒎 as the same strings. Therefore, there is nearly an infinite number of combinations these spammers can use to get around the disallowed keys.
Any ideas?
The spammers must have to add the text in some tags, otherwise, they can't add the font-family. That is there is no way to apply the font-family to the part of the text.
@asti Here is a screenshot of the comment in the database, there are no tags but the characters are different:
This comment is not flagged as spam, despite the words www and .com existing in the WordPress backlisted keys list.
I believe I found a solution to the issue of spammers using non-standard alphabet characters, though it required us to remove emojis and the rich text bar entirely.
Any comment that is posted or edited must match the following PHP pattern or it will be trashed:
$pattern = '/[^a-zA-Z!? &.,$-–_…*\'‘’"“”:%()\s\d\/]/m';
if (preg_match($pattern, $comment_content)) {
wp_trash_comment($comment_id);
}
