1282561 - Remove URL field from our Wordpress comments forms and templates

Status: RESOLVED FIXED

(Websites Graveyard :: blog.mozilla.org, defect)

Description

[:Atoll]

Per discussion with Craig Cook previously, let's disable/remove the URL field associated with comments in WordPress. It's used exclusively as a vehicle for spam and does not provide value in our comments.

Disabling the URL field on the input form should inhibit some of the blog spam from even being submitted (can't enter a URL into a field that's not present, so they'll move on to another site), and also allow us to detect scripted attacks that craft custom form submissions with a URL (when human-submitted comments cannot).

On the input form, hide or disable the URL field, so that human beings can't enter text into it.

On the display template, completely remove the URL field from the displayed comments. Note that hiding it with CSS isn't enough to prevent all search engines from indexing it and returning it in the search results. It's okay to hide the surrounding structures with CSS as long as the URL itself is removed.

Comment 1

[Craig Cook (:craigcook)]

I've removed comment fields from the One Mozilla theme (in use on most official blogs), Lizard Wrangler (Mitchell's blog), and Hacks. There are other blogs using off-the-shelf themes that likely still have URL fields in their comment forms, if they have comments enabled, but this covers the most visible and highly trafficked ones.

Comment 2

[Craig Cook (:craigcook)]

After looking around a bit more there are a few older themes of ours that still have URL fields for comments but I don't think any active blogs are using them (I could be wrong). I deleted a few I was certain aren't in use and shouldn't be used (the old addons theme, Gary's theme, etc). Marking this resolved since I think we're pretty well covered now.