Save 10% on our Pro WordPress plugins with discount code: 10PERCENT
Web Dev + WordPress + Security

Another Mystery Solved..

Recently, after researching comment links for an upcoming article, I realized that my default <input> values were being submitted as the URL for all comments left without associated website information. During the most recent site redesign, I made the mistake of doing this in comments.php:

...

<input class="input" name="url" id="url" value="[website]" onfocus="this.select();" type="text" tabindex="3" size="44" maxlength="133" alt="website" />

...

Notice the value="[website]" attribute? It seemed like a good idea at the time — I even threw in a nice onfocus auto-highlighting snippet for good measure. I ran the form with this in place for around eight weeks before finally noticing multiple comments using this for their site URL:

http://website

Hmmm. Not so good. For one, that’s not very search-engine friendly. For two, it’s sloppy. For three it’s wrong. What was I thinking? Who cares. The point is, if you are using predefined values in your comment form, they are submitted as user-input data whenever a “real” value is not provided. Thus, all of those visitors leaving comments without bothering to include their site URL have been filling your site with “dead” links. Weak, dude (said pointing to myself). Another important point is that auto-clearing JavaScript will not actually “clear” anything before the comment is submitted.

Having learned this important lesson, I immediately restructured the comment form, replacing all predefined value attributes with blank values (value=""). Then, with all future occurrences prevented, it was time to clean up the mess. And for that, there are two possibilities:

  • Scour the comments section via the admin and edit each URL link manually

..or..

  • Crack open the database for a two-second batch-edit via SQL update, aka “find and replace”

Fortunately, there were fewer than twenty links erroneously referencing http://website, so manually editing all of them would not have taken longer than fifteen minutes at the most. Even so, there are far better ways to spend those fifteen minutes, so I chose the direct approach:

UPDATE wp_comments SET comment_author_url = replace( comment_author_url, 'http://website', '' ) ;

And with that, everything was corrected and returned to normal. Mystery solved, lesson learned. Thanks for listening.

Jeff Starr
About the Author
Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
GA Pro: Add Google Analytics to WordPress like a pro.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
WP Themes In Depth: Build and sell awesome WordPress themes.
Thoughts
Working on a new book :)
LinkedIn decided to replace my highly rated video course on WP security. For a limited time the course is still available to *logged-in* users via direct URL.
I enjoy listening to original Star Trek and NG episodes while working online. After a while it feels like I’m working on the ship as part of the crew, going on adventures.
New version (2.6) of my shapeSpace starter theme now available! Always free & open source for everyone :)
Finished updating all of my books! As always, book owners can download the latest versions for FREE :)
W3C.org has a very thorough list of accessibility tools.
The more you wake up, the more you realize you are still asleep.
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.