Part of a contract I’ve been doing involves stopping pingback and trackback spam on a WordPress site. They’re not using WordPress as a blog but as a CMS, so there’s no need for comments/pings/trackbacks at all.
So I wanted to globally disable pingbacks and trackbacks. If you Google that, you’ll get something like this:
1 2 3 4
This should work.
However, somehow trackbacks were being reopened:
comment_status were being set back to
open in the database, allowing more spam in. Despite spending half a day mucking around in the internals, I wasn’t able to figure out why, and I couldn’t afford to spend any more time looking.
I was tempted to just modify
wp-trackback.php to just break trackbacks, but wanted a solution that would persist past an upgrade. I discovered in poking around that the
comments_open functions – the functions that check if a post is open for trackbacks/pingbacks/comments – both support filters. (Filters are a WordPress ‘feature’ that allows you to totally re-write the output of a function that supports them.)
So, we can simply use the filters to rewrite every single
posts_open call to completely ignore the database value and return false. While we’re at it, we do it to comments too:
Placing this in
wp-config.php will make it persistent across upgrades. I’ve put mine at the end of the file. (ISTR reading it had to be after some includes.)
This totally stopped all pings, trackbacks and comments.