My wife Kim is the successful editor behind At Home with Kim Vallee. She uses the WordPress platform.
With success and a popular platform, problems with comment and contact form spam becomes quickly a pain to manage. That’s why you need a good toolset to keep your sanity intact. Good WordPress plugins to protect against spamming and keep your installation secure include:
- Akismet – protects against spam
- Login LockDown – adds extra security to your login form
- WP Security Scan – security
- WP-SpamFree – extra spam protection
WP-SpamFree is quite invaluable against robots and contact form spam. However, it came to our attention that some people would see the following message instead of the contact form:
Your location has been identified as part of a reported spam network. Contact form has been disabled to prevent spam.
See the message when it would appear instead of Kim’s contact form:
This was really annoying. People were telling Kim they couldn’t send comments.
By chance, one PC at our office had this bug. The unique IP address assigned to our network by Videotron seemed clean. So I dug further and looked at the plugin code to understand and debug what’s happening. It seems some browsers in some configurations (in our case a particular Firefox installation on Windows XP) do not transmit the HTTP_ACCEPT_LANGUAGE variable to servers. There is a check in the WP-SpamFree plugin that identifies the visitor as a spammer if this variable is empty.
Once the problem identified, the fix is easy: simply disable this verification. The quick fix to the plugin is to modify the wp-spamfree.php file in the plugin directory to put this condition in comment. See my changes in red:
/*
$user_http_accept_language = trim($_SERVER[‘HTTP_ACCEPT_LANGUAGE’]);
if ( !$user_http_accept_language ) {
$contact_form_blacklist_status = ‘2’;
$spamfree_error_code .= ‘ CF-HAL1001’;
}
*/
// Add blacklist check – IP’s only though.
if ( $contact_form_blacklist_status ) {
$spamfree_contact_form_content = ‘<strong>Your location has been identified as part of a reported spam network. Contact form has been disabled to prevent spam.</strong>’;
}
$content_new = str_replace(‘<!–spamfree-contact–>’, $spamfree_contact_form_content, $content);
That’s it. No more false positives for Kim’s visitors!
I’ll send this issues to the WP-SpamFree devs.