Top Commentator Fix Available
The Top Commentator plugin is a neat WordPress plugin since it allows a good way to reward frequent commentators on your site with a site-wide, followed, link. Unfortunately, there is a problem with it that allows a different visitor to your site to essentially hijack a link by a trust commentator. Because of this, I had previously set the links generated by this widget to nofollow until I could take the time to delve deeper in the the PHP and MySQL code behind this widget. I got around to doing this today and found that the fix to it should be quite simple.
The Fix
This may bore/confuse some of you non-programmer types but here’s what the problem was in the plugin. In a function called “ns_get_user_url” the URL for each person on the Top Commentator list is retrieved. The MySQL statement that delivers this information looks like this:
SELECT comment_author_url FROM $wpdb->comments WHERE comment_author = '".addslashes($user)."' AND comment_author_url != 'http://' $ns_options[filter_urls] ORDER BY comment_date DESC LIMIT 1
The problem with this query was two fold. First of all, it allowed a visitor to switch their URL with every new comment. This allowed them to change their URL from one you approved of to one you did not. Secondly, it allowed a different visitor who used the same name to essentially hijack the Top Commentator spot with their own URL. Plus, it could even do this if the comment wasn’t approved or even sent to the Akismet filter!
To remedy this situation, I changed the code for the MySQL statement as follows:
SELECT comment_author_url FROM $wpdb->comments WHERE comment_author = '".addslashes($user)."' AND comment_author_url != 'http://' $ns_options[filter_urls] AND comment_approved = '1' ORDER BY comment_date ASC LIMIT 1
As you can see here, I simply added a check to only retrieve URL’s for approved comments and to get the URL for the first comment submitted rather than the last one. This should prevent unwanted gaming of the widget.
The Download
Here’s the download link for the updated plugin: Top Commentator Fix
To install it simply unzip the download file and FTP the file, show_top_commentators.php ,to your /[your website root directory name here]/wp-content/plugins/show_top_commentators folder, overwriting the current version of the plugin’s PHP file that’s already there.
If you run into any problems and have any questions about it, please let me know in a comment here.
- Other Interesting OpTempo Posts Include...
- 2 Holes-In-One in the Same Round of Golf
- United States Marine Corps 232nd Birthday
- Blog Review: TechnoMoney
- You Might Be A Redneck If...
- Online Music Choices Expanding
I had just heard about the hijacking issue with the top commenter plug-in. So I stopped adding it to my new blogs (not that I get many comments anyway) But if all goes well with Vics contest I hope to finally learn how to get traffic to my blogs, henses getting more comments.
I will be trying your plug-in and let you know for sure if I have any issues.
Thanks
Denise
Hi Denise,
Let me know if you run into any problems with it.
I will be implementing this…. thanks for pointing out this fix… My blog isn’t big enough yet for people to even be attempting to hijack my top commenters…
Hi Link Building,
The main thing that I was surprised to find out from this was that a post that got Akismet’ed could change the Top Commentator URL.
People go after newer and lower traffic blogs too, especially if they have PR. It’s all about getting that followed link, you know.
I saw this URL hijack happening in my blog and so wanted a fix for that! Commentators with more than 20 comments see their name linked to some other websites, its just odd.
Thanks for the fix.
You’re welcome Chetan. I hope it helps.