Save 15% on our Pro WordPress plugins with discount code: LAUNCH2021
Web Dev + WordPress + Security

Hacking WordPress: Nofollow Blacklist for Commentator Links

[ Image: Extreme close-up of an eye (send email  to purchase a full-size version) ] Previously, in our unofficial “WordPress dofollow upgrade” series, we dished several techniques for removing the antisocial nofollow attributes from default installations of WordPress. After an exhaustive review of available dofollow plugins, we explained how drop-dead easy it is to transform any WordPress blog into a well-standing member of the dofollow community without relying on a plugin to do the job. Our next article detailed a nofollow removal hack that selectively targets pingbacks, trackbacks, and commentator links. Then, we went off the deep end with a robust, threefold hack for sitewide nofollow removal. Now, in this article, we merge several of these methods to implement a definitive “nofollow blacklist” for trackback, pingback, and commentator links.

Why would you want to create a nofollow blacklist? There are several scenarios in which such a strategy would benefit a dofollow-friendly WordPress site. After upgrading to dofollow status, you should experience an increase in the number of comments left at your site. Although this is generally beneficial, there remain those gutless worms who would seek to game your generous link-love with hollow remarks, empty chatter, and other useless nonsense. Rather than waste pagerank and make a big stink, quietly blacklist offenders until they change their mindless ways. Simply put, a nofollow blacklist protects your dofollow site while reinforcing positive comments.

Of course, if you are using one of the many dofollow plugins available to remove the trecherous nofollow attributes from your comment links, there are several ways to blacklist users without hacking the WordPress core. However, if you enjoy learning new WordPress tricks or simply don’t need another plugin slowing down your site, then continue reading to see how easy it is to roll your own nofollow blacklist.

Hacking a WordPress nofollow Blacklist

Selectively serving nofollow links involves comparing comment authors against a predefined list of usernames. In a default installation, WordPress automatically modifies all comment-author links with nofollow attributes via the function get_comment_author_link(). After hacking our blacklist, WordPress will deliver dofollow links for every comment author that provides a URL unless their name is found on the blacklist, in which case a quiet nofollow link will be their fate.

Fortunately, hacking a blacklist for commentator links is a snap. First, locate the target function, get_comment_author_link(), which is found in wp-includes/comment-functions.php in WordPress 2.0 and wp-includes/comment-template.php in WordPress 2.1 and 2.2. In either case, the function is the same, and we see this fine piece of code:

function get_comment_author_link() {
	global $comment;
	$url    = get_comment_author_url();
	$author = get_comment_author();

	if ( empty( $url ) || 'http://' == $url )
		$return = $author;
		$return = "<a href='$url' rel='external nofollow'>$author</a>";
	return apply_filters('get_comment_author_link', $return);

In this function, WordPress differentiates between linked comment signatures and unlinked (empty) comment signatures, formatting output accordingly. As you can see, when the comment author provides a URL, WordPress fashions a linked signature featuring the infamous external nofollow attribute. We need WordPress to further differentiate comment links based on whether or not the author is found on our blacklist. Sure enough, injecting a conditional elseif() statement does the trick:

// [ Nofollow Blacklist ] WordPress 2.0, 2.1, 2.2 >>
function get_comment_author_link() {
	global $comment;
	$url    = get_comment_author_url();
	$author = get_comment_author();

	if ( empty( $url ) || 'http://' == $url )
		$return = $author;
	elseif ( $author   == 'spammy username 1' 
			|| $author == 'spammy username 2' 
			|| $author == 'spammy username 3' 
			|| $author == 'spammy username 4' 
			|| $author == 'spammy username 5' 
		$return = "<a href='$url' rel='external nofollow'>$author</a>";
		$return = "<a href='$url' rel='external'>$author</a>";
	return apply_filters('get_comment_author_link', $return);

The new condition checks all comment authors against our author/username blacklist and serves a well-deserved nofollow link for each of them. Additionally, we ensure that everyone else receives a plump-n’-juicy dofollow link by simply removing the term “nofollow” in the final else condition. Thus, to blacklist some unsuspecting goofball, simply add and edit a new || $author == 'username' line for each target name. After that, kick back, relax, and enjoy the show!

Jeff Starr
About the Author
Jeff Starr = Fullstack Developer. Book Author. Teacher. Human Being.
GA Pro: Add Google Analytics to WordPress like a pro.

3 responses to “Hacking WordPress: Nofollow Blacklist for Commentator Links”

  1. VFreshers 2008/10/07 8:08 pm

    Well I have been using no plugin to add DoFollow but still my page rank has fallen. I dont understand the reason for this PR Leak.

  2. Jeff Starr

    Remember that there is a lot more to the calculation of page rank than the mere presence or absence of nofollow or dofollow links. Perhaps only one of many quality signals that Google uses to determine the overall equity of a page.

  3. Freshers Jobs 2008/10/11 8:46 am

    Thanks for your reply.
    One issue that I could see that I had placed links to two of my other sites but those sites were not related to the current site’s niche. That could have had a impact on PR.
    I have taken off those links now. Lets see what happens in future.

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
BBQ Pro: The fastest firewall to protect your WordPress.
WP 5.8 Gutenberg/Block Widgets is breaking many sites. Fortunately Disable Gutenberg makes it easy to restore Classic Widgets with a click.
Easily the most common exploit scan for WordPress is /{path}/wp-login.php.
Pushing 110+ ℉ for several days now, expected for at least another week or so.
After 12 intense weeks the Plugin Planet redesign is now live. Much work still happening behind the scenes.
June, July, August historically are slow months on the Web. Perfect time to get some real work done (think projects).
Redesigning Plugin Planet is one the most challenging things I’ve done online. Almost there, about another two weeks ’til launch.
I could listen to Mouse Rat all day.
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.