Per discussion with Craig Cook previously, let's disable/remove the URL field associated with comments in WordPress. It's used exclusively as a vehicle for spam and does not provide value in our comments. Disabling the URL field on the input form should inhibit some of the blog spam from even being submitted (can't enter a URL into a field that's not present, so they'll move on to another site), and also allow us to detect scripted attacks that craft custom form submissions with a URL (when human-submitted comments cannot). On the input form, hide or disable the URL field, so that human beings can't enter text into it. On the display template, completely remove the URL field from the displayed comments. Note that hiding it with CSS isn't enough to prevent all search engines from indexing it and returning it in the search results. It's okay to hide the surrounding structures with CSS as long as the URL itself is removed.
I've removed comment fields from the One Mozilla theme (in use on most official blogs), Lizard Wrangler (Mitchell's blog), and Hacks. There are other blogs using off-the-shelf themes that likely still have URL fields in their comment forms, if they have comments enabled, but this covers the most visible and highly trafficked ones.
After looking around a bit more there are a few older themes of ours that still have URL fields for comments but I don't think any active blogs are using them (I could be wrong). I deleted a few I was certain aren't in use and shouldn't be used (the old addons theme, Gary's theme, etc). Marking this resolved since I think we're pretty well covered now.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.