Welcome to the new design! Please report any bugs or issues, thanks :)
Web Dev + WordPress + Security

Hacking WordPress: Nofollow Blacklist for Commentator Links

[ Image: Extreme close-up of an eye (send email  to purchase a full-size version) ] Previously, in our unofficial “WordPress dofollow upgrade” series, we dished several techniques for removing the antisocial nofollow attributes from default installations of WordPress. After an exhaustive review of available dofollow plugins, we explained how drop-dead easy it is to transform any WordPress blog into a well-standing member of the dofollow community without relying on a plugin to do the job. Our next article detailed a nofollow removal hack that selectively targets pingbacks, trackbacks, and commentator links. Then, we went off the deep end with a robust, threefold hack for sitewide nofollow removal. Now, in this article, we merge several of these methods to implement a definitive “nofollow blacklist” for trackback, pingback, and commentator links.

Why would you want to create a nofollow blacklist? There are several scenarios in which such a strategy would benefit a dofollow-friendly WordPress site. After upgrading to dofollow status, you should experience an increase in the number of comments left at your site. Although this is generally beneficial, there remain those gutless worms who would seek to game your generous link-love with hollow remarks, empty chatter, and other useless nonsense. Rather than waste pagerank and make a big stink, quietly blacklist offenders until they change their mindless ways. Simply put, a nofollow blacklist protects your dofollow site while reinforcing positive comments.

Of course, if you are using one of the many dofollow plugins available to remove the trecherous nofollow attributes from your comment links, there are several ways to blacklist users without hacking the WordPress core. However, if you enjoy learning new WordPress tricks or simply don’t need another plugin slowing down your site, then continue reading to see how easy it is to roll your own nofollow blacklist.

Hacking a WordPress nofollow Blacklist

Selectively serving nofollow links involves comparing comment authors against a predefined list of usernames. In a default installation, WordPress automatically modifies all comment-author links with nofollow attributes via the function get_comment_author_link(). After hacking our blacklist, WordPress will deliver dofollow links for every comment author that provides a URL unless their name is found on the blacklist, in which case a quiet nofollow link will be their fate.

Fortunately, hacking a blacklist for commentator links is a snap. First, locate the target function, get_comment_author_link(), which is found in wp-includes/comment-functions.php in WordPress 2.0 and wp-includes/comment-template.php in WordPress 2.1 and 2.2. In either case, the function is the same, and we see this fine piece of code:

function get_comment_author_link() {
	global $comment;
	$url    = get_comment_author_url();
	$author = get_comment_author();

	if ( empty( $url ) || 'http://' == $url )
		$return = $author;
	else
		$return = "<a href='$url' rel='external nofollow'>$author</a>";
	return apply_filters('get_comment_author_link', $return);
}

In this function, WordPress differentiates between linked comment signatures and unlinked (empty) comment signatures, formatting output accordingly. As you can see, when the comment author provides a URL, WordPress fashions a linked signature featuring the infamous external nofollow attribute. We need WordPress to further differentiate comment links based on whether or not the author is found on our blacklist. Sure enough, injecting a conditional elseif() statement does the trick:

// [ Nofollow Blacklist ] WordPress 2.0, 2.1, 2.2 >>
function get_comment_author_link() {
	global $comment;
	$url    = get_comment_author_url();
	$author = get_comment_author();

	if ( empty( $url ) || 'http://' == $url )
		$return = $author;
	elseif ( $author   == 'spammy username 1' 
			|| $author == 'spammy username 2' 
			|| $author == 'spammy username 3' 
			|| $author == 'spammy username 4' 
			|| $author == 'spammy username 5' 
		)
		$return = "<a href='$url' rel='external nofollow'>$author</a>";
	else
		$return = "<a href='$url' rel='external'>$author</a>";
	return apply_filters('get_comment_author_link', $return);
}

The new condition checks all comment authors against our author/username blacklist and serves a well-deserved nofollow link for each of them. Additionally, we ensure that everyone else receives a plump-n’-juicy dofollow link by simply removing the term “nofollow” in the final else condition. Thus, to blacklist some unsuspecting goofball, simply add and edit a new || $author == 'username' line for each target name. After that, kick back, relax, and enjoy the show!

Jeff Starr
About the Author
Jeff Starr = Fullstack Developer. Book Author. Teacher. Human Being.
WP Themes In Depth: Build and sell awesome WordPress themes.

3 responses to “Hacking WordPress: Nofollow Blacklist for Commentator Links”

  1. VFreshers 2008/10/07 8:08 pm

    Well I have been using no plugin to add DoFollow but still my page rank has fallen. I dont understand the reason for this PR Leak.

  2. Jeff Starr

    Remember that there is a lot more to the calculation of page rank than the mere presence or absence of nofollow or dofollow links. Perhaps only one of many quality signals that Google uses to determine the overall equity of a page.

  3. Freshers Jobs 2008/10/11 8:46 am

    Thanks for your reply.
    One issue that I could see that I had placed links to two of my other sites but those sites were not related to the current site’s niche. That could have had a impact on PR.
    I have taken off those links now. Lets see what happens in future.

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
The Tao of WordPress: Master the art of WordPress.
Thoughts
What's up with Plesk UI lately? Especially on Chrome it looks just awful, all kinds of broken. Come on Plesk devs get it together.
Things get stressful, I try to pray. Not always easy, but always helps to relax and regain focus.
Nice new speed checker at fastorslow.com.
Easy way to exclude certain tests from WP Site Health: Site Health Tool Manager
Excellent (and free) tool for getting tons of site SSL infos: whynopadlock.com
Everyone just stay home and hide forever. Brilliant idea.
Playing with Microsoft Edge browser on macOS. It's like 1998 all over again.