Renaming WordPress wp-comments-post.php File May Reduce Spam Comments
Allowing comments on a WordPress post is a way of engaging users and helps with encouraging repeat visits. However, there are far to many malicious web sites that want to use the WordPress comments feature to post links to themselves. This is often attempted by automated software called bots. The bots (software robots) will bypass any comment posting checks (such as CAPTCHA) and access the comment posting code directly via the WordPress file wp-comments-post.php. You can reduce the chance of comment spam by renaming wp-comments-post.php, this tutorial shows how to do it. Please note this will involve changes to your WordPress installation. Always ensure regular backups of the web site are available, just in case anything needs to be restored. (Most web hosting providers give access to a back up facility on top of their own backup routines. Contact your hosting provider to find out how to perform a specific backup of your web site.)
Another Advantage of Renaming wp-comments-post.php to Reduce Comment Spam
Every time comment spam is posted the web server that the site is hosted on has to consume resources. It runs PHP code and code to access the WordPress database. Executing code and sending the response out to the wp-comments-post.php request uses server resources. If the web site is on a low cost shared hosting plan then there is a limit to the resources available. Wasting resources responding to bots could result is proper visitors experiencing slow page responses. Renaming wp-comments-post.php can help lower overall server resource usage.
In this example the new name for the wp-comments-post.php file is going to be my-comments.php. Use what ever name is suitable.
The wp-comments-post.php file is a WordPress code file that is called from another WordPress code file called comment-template.php, in the directory wp-includes. If not using a standard WordPress theme then comments may be handled differently, check with the theme provider to see if the theme calls wp-comments-post.php.
The file comment-template.php is edited to change the reference to wp-comments-post.php to my-comments.php, at line 2022. In this tutorial it is assumed the web site is using the latest version of WordPress. If the web site hosting company does not have tools to change files on line then work locally with the files and upload them to the web server when ready. For example on a Windows machine use a text editor to edit a local copy of comment-template.php, remember it is in the wp-includes folder. The Windows Notepad program is not suitable for editing comment-template.php because of the line formatting style used in the file. Instead use a program such as Notepad++ to edit source code files.
(To get a local copy of the files use the web hosting tools to download the files. Alternatively download a zipped copy of WordPress from WordPress.org and unzip the files to a local directory.)
WordPress Updates May Require a Re-Edit of wp-comments-post.php
Since comment-template.php is a core WordPress file any WordPress updates may restore the original wp-comments-post.php name. After a WordPress update check that comment-template.php has not been changed. If it has edit it again to change the reference to wp-comments-post.php back to my-comments.php or whatever name was used.
Changing the theme-compat Directory
The file wp-comments-post.php is also referenced in the directory wp-includes/theme-compat, in comments-popup.php and comments.php. These files are deprecated (no longer used by the lastest WordPress releases). They are present in order to support old themes that have not been updated. If using the standard WordPress themes or other modern themes then these files can be deleted. Otherwise also change the reference to wp-comments-post.php to the new file name in both comments-popup.php and comments.php.
Copy wp-comments-post.php to the New File
With the name changed the next step is to copy wp-comments-post.php to the new file name, here called my-comments.php, use the name you have chosen. If doing this locally upload the new file to the wp-includes directory on the web site. If wp-comments-post-php gets changed in a WordPress update remember to copy the new version to a new my-comments.php.
Remove the Content of the Original wp-comments-post.php File
After creating the replacement wp-comments-post.php file the bots will still be trying to access the original. Therefore delete it. This will cause the web server to reply with a 404 error page. Alternatively to reduce the resources used to serve the 404 error page keep the wp-comments-post.php page but just delete all its contents. The bot is then just accessing a zero length file that does nothing.
Hopefully changing the wp-comments-post.php file in the web site’s WordPress installation will reduce the number of annoying comment spam that clutters the site administration pages as well as the time need to handle it.
Test the Changes Made to the Site to Reduce Comment Spam
Once all the changes have been made then test that comments are working. Browse to a post that allows comments and add one. The ability to add comments should work as before. If not double check the steps given above. If necessary the changes made can be undone by replacing the changed files with originals from a WordPress zip file from WordPress.org.
To reduce comment spam bot hits on wp-comments-post.php:
- On the web server copy wp-comments-post.php to a new file, e.g my-comments.php.
- In the wp-includes directory, in the file comment-template.php change the text wp-comments-post.php at line 2022 to the new file name, e.g. my-comments.php.
- Delete the files in the wp-includes/theme-compat directory (or if using old non-WordPress themes change the references to wp-comments-post.php in comments.php and comments-popup.php).
- Delete wp-comments-post.php so that bots get a 404 error response. Alternatively edit the file and remove all its contents for a low resource response.
- Test that comments can still be posted.
- When a WordPress update is released make sure that the wp-comments-post.php file has not been restored. If so copy it over to the new version (e.g. my-comments.php) and delete it or remove its contents. Also check that comment-template.php has not been restored. If so change the reference to wp-comments-post.php back to the new name (e.g. my-comments.php).