Part of a contract I’ve been doing involves stopping pingback and
trackback spam on a WordPress site. They’re not using WordPress as a blog but as a CMS, so there’s no need for comments/pings/trackbacks at all.
So I wanted to globally disable pingbacks and trackbacks. If you Google that, you’ll get something like this:
However, somehow trackbacks were being reopened: ping_status and comment_status were being set back to open in the database, allowing more spam in. Despite spending half a day mucking around in the internals, I wasn’t able to figure out why, and I couldn’t afford to spend any more time looking.
I was tempted to just modify wp-trackback.php to just break trackbacks, but wanted a solution that would persist past an upgrade. I discovered in poking around that the posts_open and comments_open functions – the functions that check if a post is open for trackbacks/pingbacks/comments – both support filters. (Filters are a WordPress ‘feature’ that allows you to totally re-write the output of a function that supports them.)
So, we can simply use the filters to rewrite every single posts_open call to completely ignore the database value and return false. While we’re at it, we do it to comments too:
A way to force all pings and comments to be closed.