Welcome to the new design! Please report any bugs or issues, thanks :)
Web Dev + WordPress + Security

Another Mystery Solved..

Recently, after researching comment links for an upcoming article, I realized that my default <input> values were being submitted as the URL for all comments left without associated website information. During the most recent site redesign, I made the mistake of doing this in comments.php:

...

<input class="input" name="url" id="url" value="[website]" onfocus="this.select();" type="text" tabindex="3" size="44" maxlength="133" alt="website" />

...

Notice the value="[website]" attribute? It seemed like a good idea at the time — I even threw in a nice onfocus auto-highlighting snippet for good measure. I ran the form with this in place for around eight weeks before finally noticing multiple comments using this for their site URL:

http://website

Hmmm. Not so good. For one, that’s not very search-engine friendly. For two, it’s sloppy. For three it’s wrong. What was I thinking? Who cares. The point is, if you are using predefined values in your comment form, they are submitted as user-input data whenever a “real” value is not provided. Thus, all of those visitors leaving comments without bothering to include their site URL have been filling your site with “dead” links. Weak, dude (said pointing to myself). Another important point is that auto-clearing JavaScript will not actually “clear” anything before the comment is submitted.

Having learned this important lesson, I immediately restructured the comment form, replacing all predefined value attributes with blank values (value=""). Then, with all future occurrences prevented, it was time to clean up the mess. And for that, there are two possibilities:

  • Scour the comments section via the admin and edit each URL link manually

..or..

  • Crack open the database for a two-second batch-edit via SQL update, aka “find and replace”

Fortunately, there were fewer than twenty links erroneously referencing http://website, so manually editing all of them would not have taken longer than fifteen minutes at the most. Even so, there are far better ways to spend those fifteen minutes, so I chose the direct approach:

UPDATE wp_comments SET comment_author_url = replace( comment_author_url, 'http://website', '' ) ;

And with that, everything was corrected and returned to normal. Mystery solved, lesson learned. Thanks for listening.

Jeff Starr
About the Author
Jeff Starr = Web Developer. Book Author. Secretly Important.
WP Themes In Depth: Deep dive into WP theme development.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
USP Pro: Unlimited front-end forms for user-submitted posts and more.
Thoughts
What's up with Plesk UI lately? Especially on Chrome it looks just awful, all kinds of broken. Come on Plesk devs get it together.
Things get stressful, I try to pray. Not always easy, but always helps to relax and regain focus.
Nice new speed checker at fastorslow.com.
Easy way to exclude certain tests from WP Site Health: Site Health Tool Manager
Excellent (and free) tool for getting tons of site SSL infos: whynopadlock.com
Everyone just stay home and hide forever. Brilliant idea.
Playing with Microsoft Edge browser on macOS. It's like 1998 all over again.