Notes.

Stopping Trackbacks and Pingbacks on WordPress. In Bulk. Permanently.

Part of a contract I’ve been doing involves stopping pingback and trackback spam on a WordPress site. They’re not using WordPress as a blog but as a CMS, so there’s no need for comments/pings/trackbacks at all.

So I wanted to globally disable pingbacks and trackbacks. If you Google that, you’ll get something like this:

Close all the comments and pings on all published posts and pages.Source (corrected)
1
2
3
4
UPDATE wp_posts SET comment_status='closed' WHERE post_status = 'publish' AND post_type = 'post';
UPDATE wp_posts SET comment_status='closed' WHERE post_status = 'publish' AND post_type = 'page';
UPDATE wp_posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'post';
UPDATE wp_posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'page';

This should work.

However, somehow trackbacks were being reopened: ping_status and comment_status were being set back to open in the database, allowing more spam in. Despite spending half a day mucking around in the internals, I wasn’t able to figure out why, and I couldn’t afford to spend any more time looking.

I was tempted to just modify wp-trackback.php to just break trackbacks, but wanted a solution that would persist past an upgrade. I discovered in poking around that the posts_open and comments_open functions – the functions that check if a post is open for trackbacks/pingbacks/comments – both support filters. (Filters are a WordPress ‘feature’ that allows you to totally re-write the output of a function that supports them.)

So, we can simply use the filters to rewrite every single posts_open call to completely ignore the database value and return false. While we’re at it, we do it to comments too:

A way to force all pings and comments to be closed.
1
2
add_filter('pings_open', '__return_false');
add_filter('comments_open', '__return_false');

Placing this in wp-config.php will make it persistent across upgrades. I’ve put mine at the end of the file. (ISTR reading it had to be after some includes.)

This totally stopped all pings, trackbacks and comments.