WordPress, Disqus, And Spam Comments

If you use the third-party commenting system Disqus, you’ll want to read the following post by Zemalf.com. In the post, Antti explains that although you can mark comments as spam which are then removed from view in Disqus, the comments are not removed from the WordPress database. Therefor, even though the comments are not in plain view, they show up within the source code HTML that renders the page by Disqus.

Spot a comment from “normal” comments that was spam, removed from Disqus, but still in WordPress database etc… Not a problem, Disqus wouldn’t show a comment removed from its own system and only existing in WP database, would it? YOU BET YOUR SORRY ASS IT WOULD!

Within the comments of the post, Daniel Ha who represents Disqus confirmed the behaviour and noted that it would probably be fixed in the next release of the plugin.

1. When you mark a comment as spam using Disqus, that information is not synced back to WordPress just as you pointed out. At one point, Disqus did do this action, but it proved to be unreliable performance-sensitive.

For example, if you’ve marked a two-year old comment as “deleted”, Disqus would need to constantly scan your 2+ years worth of comments to see which one has to have a synchronized state. It’s no problem for us, but it could prove very problematic for your own database. We’ve since nixed that functionality because of the issues that it caused. We’re currently looking at ways to do this again but in a way that won’t be otherwise damaging.

2. The content in your HTML is retrieved from your WP database. Because your local database still has the comment, it will still be rendered onto the page. I don’t think the current solution is the best, and I’m positive we’ll have a better one soon.


5 responses to “WordPress, Disqus, And Spam Comments”

  1. Thanks Jeffro for the shout out and linkage. The problem is quite annoying, but I’m happy I accidentally bumped into it (but surprised it hadn’t been noticed before) – I found it when I got odd W3C markup validation error, and couldn’t see it on page, then noticed it was only in the page source. I’m happy one spammer messed the markup of the links, so it popped up, lol

  2. @Antti Kokkonen – One more reason why it’s better to perhaps find a few plugins that can fill in the gaps of functionality of the default commenting system. I love the way my commenting system works with the reply, preview, and other options and it’s all home grown. However, I’m curios as to whether IntenseDebate suffers from the same problem considering their tight integration with WordPress. Have you looked into that?

  3. So basically, using Disquis is just like having your site hacked? ie: a bunch of spam links get injected into your site?

    That seems utterly ridiculous and a hell of a good reason not to touch it … ever!

  4. @Ryan – Assuming the bug has been in for a while, not quite as bad as getting hacked, but in theory links hidden in the page source could hurt sites reputation, so yeah, ridiculous. All in all, for external comment systems, I’m leaning towards IntenseDebate (it being from Automattic and all).


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: