Plugin Sale! Save 15% on pro plugins with discount code: FALL2020
Web Dev + WordPress + Security

Another Mystery Solved..

Recently, after researching comment links for an upcoming article, I realized that my default <input> values were being submitted as the URL for all comments left without associated website information. During the most recent site redesign, I made the mistake of doing this in comments.php:

...

<input class="input" name="url" id="url" value="[website]" onfocus="this.select();" type="text" tabindex="3" size="44" maxlength="133" alt="website" />

...

Notice the value="[website]" attribute? It seemed like a good idea at the time — I even threw in a nice onfocus auto-highlighting snippet for good measure. I ran the form with this in place for around eight weeks before finally noticing multiple comments using this for their site URL:

http://website

Hmmm. Not so good. For one, that’s not very search-engine friendly. For two, it’s sloppy. For three it’s wrong. What was I thinking? Who cares. The point is, if you are using predefined values in your comment form, they are submitted as user-input data whenever a “real” value is not provided. Thus, all of those visitors leaving comments without bothering to include their site URL have been filling your site with “dead” links. Weak, dude (said pointing to myself). Another important point is that auto-clearing JavaScript will not actually “clear” anything before the comment is submitted.

Having learned this important lesson, I immediately restructured the comment form, replacing all predefined value attributes with blank values (value=""). Then, with all future occurrences prevented, it was time to clean up the mess. And for that, there are two possibilities:

  • Scour the comments section via the admin and edit each URL link manually

..or..

  • Crack open the database for a two-second batch-edit via SQL update, aka “find and replace”

Fortunately, there were fewer than twenty links erroneously referencing http://website, so manually editing all of them would not have taken longer than fifteen minutes at the most. Even so, there are far better ways to spend those fifteen minutes, so I chose the direct approach:

UPDATE wp_comments SET comment_author_url = replace( comment_author_url, 'http://website', '' ) ;

And with that, everything was corrected and returned to normal. Mystery solved, lesson learned. Thanks for listening.

Jeff Starr
About the Author
Jeff Starr = Web Developer. Book Author. Secretly Important.
Blackhole Pro: Trap bad bots in a virtual black hole.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
USP Pro: Unlimited front-end forms for user-submitted posts and more.
Thoughts
Air finally clearing here in WA. Feeling grateful to breathe again. #oxygenmatters
Past week here in WA state has been hellish. So much smoke, like living in a chimney.
Now in September, I’m where I wanted to be in March.
Spent some time updating my article on unsafe characters, once again current with latest IETF specification.
Just realized that “Neo” is an anagram for “One”. As in, “he is the One” (The Matrix).
To get VLC app to load all songs (including subfolders), go to Preferences ▸ Show All ▸ Playlist ▸ Subdirectory behavior ▸ Expand.
Switching from PhotoShop to Affinity Photo is one of the most liberating work-related things I've done in 20 years.
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.