Blog

A few months ago, popular people in the WordPress community (including Matt) made a push to stop using the user name “admin.” A considerably-sized brute force attack targeted this user name specifically since so many users never change or create an administrator with another name.

I followed the wisdom of the crowd and this post I found that walks you through the process of creating a new user and deleting “admin” while moving all the posts in the process. It wasn’t until a few weeks later when I noticed a problem.

I like to use themes that highlight my comments. This allows users to quickly find my updates about plugins and answers to questions that have been asked in a sea of one hundred comments. Well, all the comments I wrote while my user ID was 1 and my user name was admin were no longer highlighted.

There is a user_id column in the wp_comments table that is not changed when you delete a user and move their posts to a new owner. You need to run a MySQL query like this to implement the fix:

UPDATE wp_comments SET user_id = 11132 WHERE user_id = 1

Before executing a query like this on a WP database, the new administrator’s user ID needs to be identified so you can change 11132, which is one of my user IDs. If you do not know how to find a user ID, search this page for “user id.”

I’ve built another plugin for WordPress websites with open registration. This plugin makes it easy to prevent spam accounts from publishing posts.

Frequently asked questions

What does this thing do?

This plugin adds an item to the Users menu of your administration dashboard. Click the “Clobber Spam” link and you will see a page that puts the most recently created user names next to the email address and the title of the most recently created post by that user. You can check a box next to the users that have submitted spam and click a button to delete all their posts and prevent them from logging in again.

Why not just delete the users?

Because the software these spammers use will try to submit more than one post for each account, sometimes days later. If you delete the user, the same user name can be recreated. We can prevent the account from being used by changing the password and email address. The spam software is forced to create a new account to continue bothering us. Also, I already use a really good plugin to delete old and unused user accounts. It is called Inactive User Deleter by shra and I regularly use it to delete users with no posts and no comments that are at least 6 months old.

Can this process of deleting spam post submissions be automated?

I would love to build the “akismet for posts” because I could make a lot of money selling it. I have been using Ban Hammer and Stop Spammer Registrations and I still decided to build this plugin to handle about 50 posts a week that these plugins are failing to prevent.

Can you add feature X?

Send me your idea, and we can have a conversation.

 

I have been running a WordPress website with open author registration for a few years, and the majority of the plugins I have written have been focused on making the management of that sort of site easier. Here is a list of the unreleased plugins I am using that I have created:

• Count comment author URL as link: Include the comment author URL in the max links allowed for comment moderation
• Disable comment author homepage links: Removes home page links from comment author user names
• Hold posts with links: Set post status to pending when a new post is published containing any hyperlinks
• Show pending posts count: Show the number of pending posts in the admin dashboard menu just like comments

A list of the plugins I have published is always available on WordPress.org. I also use a version of WP Status Notifier that I have modified to include a post excerpt and a hyperlink that starts the user deletion process.

With this plugin, Clobber spam users, I am going to stop deleting spam user accounts immediately and simply prevent their use for a number of months instead. I have given some thought to making the registration process more cumbersome for everyone, but I don’t want to sacrifice the user experience of real humans to fight the bots.

Here is a download link: clobber-spam-users.zip @ WordPress.org

I wrote a new plugin to list the contributors to a WordPress website. The comment and post counts are added together, and the top X users are listed in a simple table alongside the counts.

Download top-users-by-comment-plus-post-count.zip.

Installation instructions

1. Upload the `top-users-by-comment-plus-post-count` folder to the `/wp-content/plugins/` directory
2. Activate the plugin through the ‘Plugins’ menu in WordPress
3. Place this or a similar function call in your theme: <?php top_users_by_comment_plus_post_count( 10 ); ?>

CSS sample

This is the CSS I am using to style the output.

#top-users-by-comment-plus-post-count td.tu-author{ padding-right: 8px; }
#top-users-by-comment-plus-post-count td.tu-count{ text-align: right; }

Sample output

I added tab and line break characters for readability.

<table id="top-users-by-comment-plus-post-count">
	<tr><td class="tu-author">DisgustedInDenver</td><td class="tu-count">297</td></tr>
	<tr><td class="tu-author">Corey</td><td class="tu-count">109</td></tr>
	<tr><td class="tu-author">G11</td><td class="tu-count">60</td></tr>
	<tr><td class="tu-author">jmbecker13</td><td class="tu-count">10</td></tr>
	<tr><td class="tu-author">trustmedotcom</td><td class="tu-count">9</td></tr>
	<tr><td class="tu-author">ulfwolf</td><td class="tu-count">8</td></tr>
	<tr><td class="tu-author">noscamsforme</td><td class="tu-count">8</td></tr>
	<tr><td class="tu-author">who8dapple</td><td class="tu-count">7</td></tr>
	<tr><td class="tu-author">cindmo</td><td class="tu-count">7</td></tr>
	<tr><td class="tu-author">nytemare4u</td><td class="tu-count">7</td></tr>
</table>

I just wrote a new plugin to disable commenter names from linking to the website URLs they may provide when commenting.

Some themes allow commenters to provide a home page URL along with their comment. The comment author’s name then becomes a link to that website wherever it appears on your site. This plugin removes those links.

Download disable-comment-author-links.zip

Installation instructions

1. Upload the `disable-comment-author-links` folder to the `/wp-content/plugins/` directory
2. Activate the plugin through the ‘Plugins’ menu in WordPress

Bottom of every post is a WordPress plugin I wrote in July of 2011. This plugin is a simple filter that adds some content to the bottom of each post. I thought for sure a plugin like this would already exist, and I was surprised to find a few very complex solutions with way more features than necessary.

This plugin has no other features and adds no administration options pages in your admin dashboard (because you can edit the settings via the Plugin editor). The message that is appended to each post is saved in a text file in the plugin directory. I chose a file on disk instead of a WordPress database option because I dislike plugin options pages for simple plugins.

This plugin will never be updated, and that is a good thing. It is very simple and designed for you to make edits to suit your needs. An update would erase your customizations, so there will never be a new version.

How can I edit the message?

To edit the message that will be added to the bottom or footer of your posts, Go to Plugins > Editor and choose “Bottom of every post” with the top right selector. The plugin’s files will be loaded on the right. Choose the file `bottom_of_every_post.txt` and edit at will.

How can I remove the message from my home page posts?

You’ll have to edit the plugin. Find this line:

if( !is_page( ) && file_exists( $fileName )){

…and change that code to one of these lines depending on your configuration:

Blog post home page

if( !is_page( ) && !is_home( ) && file_exists( $fileName )){

Static front page

if( !is_page( ) && !is_front_page( ) && file_exists( $fileName )){

How can I not show the message on a certain category?

First, be sure whether you need a category exclusion or a custom post type exclusion. For categories, add a call to has_category:

Exclude a category

if( !is_page( ) && !has_category('portfolio') && file_exists( $fileName )){

Exclude a custom post type

if( !is_page( ) && 'portfolio' != get_post_type() && file_exists( $fileName )){

Download bottom-of-every-post.zip

Installation instructions

1. Modify `bottom-of-every-post.txt` to contain the content you would like at the bottom of every post
2. Upload the `bottom-of-every-post` folder to the `/wp-content/plugins/` directory
3. Activate the plugin through the ‘Plugins’ menu in WordPress

I am also going to use this code to teach a few people how to create their own WP plugins. Here is the full source code of my new plugin:

<?php
/*
Plugin Name: Bottom of every post
Plugin URI: https://coreysalzano.com/wordpress/bottom-of-every-post/
Description: Add some content to the bottom of each post.
Version: 1.0
Author: Corey Salzano
Author URI: http://profiles.wordpress.org/users/salzano/
License: GPL2
*/


/*
	avoid a name collision, make sure this function is not
	already defined */

if( !function_exists("bottom_of_every_post")){
	function bottom_of_every_post($content){

	/*	there is a text file in the same directory as this script */

		$fileName = dirname(__FILE__) ."/bottom_of_every_post.txt";

	/*	we want to change `the_content` of posts, not pages
		and the text file must exist for this to work */

		if( !is_page( ) && file_exists( $fileName )){

		/*	open the text file and read its contents */

			$theFile = fopen( $fileName, "r");
			$msg = fread( $theFile, filesize( $fileName ));
			fclose( $theFile );

		/*	append the text file contents to the end of `the_content` */
			return $content . stripslashes( $msg );
		} else{

		/*	if `the_content` belongs to a page or our file is missing
			the result of this filter is no change to `the_content` */

			return $content;
		}
	}

	/*	add our filter function to the hook */

	add_filter('the_content', 'bottom_of_every_post');
}

?>