james mckay dot net

Occasionally people report problems with Comment Timeout breaking the layout on their WordPress themes when comments are closed.

In these cases it is almost certainly the theme that is at fault rather than the plugin itself. It seems that some theme designers do not test their themes properly on posts where comments are closed.

You can verify that this is the case by manually turning off comments on an offending post:

1. Disable Comment Timeout.
2. Edit one of your old posts, uncheck the box under “Comments & Pings” that says “Allow Comments” and click save.
3. View the post you just edited in your browser again.

If the problem persists, you should contact your theme’s designer as it is the theme that is at fault.

If you are a theme designer and you receive a report of this fault, please check that you have balanced your <div> tags and <?php if (...) ?> statements in your theme. For example, this will be incorrect:

<div class="comments">
<?php if ('open' == $post->comment_status) : ?>
<div class="comments-inner">
<?php render_comments(); ?>
</div>
<?php else: ?>
<div class="no-comments">Sorry, comments are closed.</div>
</div>
<?php endif; ?>

This kind of mistake is very easy to miss if you do not indent your code correctly, as in the above sample. For reasons that completely befuddle me, some developers and web designers don’t indent their code at all — in fact, this was the case the first time I encountered this error, which is why I mention it here. Adding indentation shows it up clearly — lines 8 and 9 do not match lines 1 and 2 correctly and should be swapped:

<div class="comments">
  <?php if ('open' == $post->comment_status) : ?>
    <div class="comments-inner">
      <?php render_comments(); ?>
    </div>
  <?php else: ?>
    <div class="no-comments">Sorry, comments are closed.</div>
  </div>
<?php endif; ?>

Comments closed »

Posted at 23:51 on 28 July 2008.
Tagged: best practices, Comment Timeout, WordPress

Astute readers of my blog will note that I turned off my Comment Timeout plugin at the start of this year. I had begun to suspect that its effect on spam was minimal, while at the same time there were still some posts that, according to Google Analytics, attract a bit of attention — in particular, my posts about SharePoint seem to feature rather prominently in searches by people who find the subject even more confusing than I do.

Sooo… now you can even leave comments on my very first blog entry if you are that way inclined.

In the end, I found that turning it off did not result in a noticeable increase in spam comments. I am now using only three plugins to manage spam on my blog and together they put in a stellar performance. Akismet and Bad Behavior stop almost everything dead in its tracks, and beyond that, a blanket rejection of comments that contain BBCode or more than two hyperlinks keeps your spam queue short, makes it easy to check for false positives, and reduces the load that it places on Akismet and your bandwidth consumption. As far as I can tell, 80-90% of spam comments contain either BBCode, or three or more hyperlinks.

However, this raises a question: what is the future of Comment Timeout?

Unfortunately, I have had quite a lot on at work recently and I have other projects that I want to move on to that I simply haven’t had time for so far, so since I am no longer using Comment Timeout myself, maintaining it further now has a very low priority.

There are some things that could still be done on it, such as localisation, but as far as I can tell, it is stable, it works with any version of WordPress since 2.0, and pretty much all the bugs that have been brought to my attention have been ironed out. I haven’t tested it thoroughly against WordPress 2.5, but as far as I can tell it should work properly.

If anyone would like to develop it further, I have no objections. It’s dual licensed under both the GPL and the MIT/X11 licence, so you don’t even need to ask for permission, though it would obviously be nice to get a heads-up.

Comments closed (1) »

Posted at 13:06 on 5 April 2008.
Tagged: Comment Timeout, spam, WordPress

The latest version of Comment Timeout 2.0 is now available. It fixes a bug that was letting comments from spam bots through on older posts. If you are using version 2.0 alpha 1 you should upgrade.

Comments closed (1) »

Posted at 18:32 on 11 August 2007.
Tagged: Comment Timeout

The first alpha versions of my new WordPress comment plugins are now available for download.

Comment Timeout 2.0 closes comments on posts on your blog a certain time after they are posted. It has been rebuilt from the ground up to incorporate some new features:

• You can now override the default settings to allow certain posts to have the discussion kept open for a shorter or longer time, or even indefinitely.
• You can define a “popularity level” above which the discussion can be kept open for an even longer period of time if you so desire.
• You can have comments on older posts sent to the moderation queue instead of closing the discussion altogether.
• The comment form now indicates when the discussion for a particular post will close.

Some features were added to version 1.3 but have now been spun off into two separate plugins:

Three Strikes and You’re Out examines your Bad Behavior logs and your spam queue and closes comments across the board on your blog when you are visited from any IP addresses that have been repeatedly misbehaving (the default settings are three times in a week). It also defines a couple of hooks and adds a new logging table to the database, so other plugins can register naughty events (e.g. failed captcha tests) or override the counting mechanism (e.g. to implement whitelists or blacklists).

Link Limits rejects comments which contain BBCode or more than two normal hyperlinks. I’ve found that this blocks approximately 80% of spam, yet genuine comments exceeding these limits are almost non-existent. It informs your commenters that this restriction is in place. It also logs any violations to Three Strikes And You’re Out, but it works perfectly well if you do not have Three Strikes And You’re Out installed.

I’ve marked them all as “alpha 1″ status, which means use at your own risk, though I am dogfooding them on my own blog. If you have any problems with them, I’ve written a post on how to report problems with WordPress plugins — please read it before giving me a shout, though I do welcome feedback and suggestions of course.

Starting with these plugins, I have changed the licensing terms. Whereas the old versions were GPL, these ones are available under the MIT X11 licence. It is GPL compatible but doesn’t have the “copyleft” element. This means that if you wanted to, you could adapt it for use with another, non-GPL, CMS or blog program.

Comments closed (5) »

Posted at 23:28 on 3 June 2007.
Tagged: Comment Timeout, Link Limits, Three Strikes and You're Out, WordPress

A colleague of mine mentioned to me the other day that I ought to read The Mythical Man-Month by Fred Brooks. I haven’t done so yet, but I was interested to see from the various reviews that it talks about the “second-system effect” — that the second version of a system that you design will tend to be over-engineered, since it has all the features that you thought about for the first version but didn’t implement due to time constraints. It means going from a small, elegant, successful system to something large, feature-laden and bloated. Scope creep, in other words.

I’ve been thinking about this as far as the next version of my Comment Timeout plugin is concerned. The original idea was quite simple: to close comments on your blog entries after a certain length of time. The current version has extended well beyond that remit, with a whole bunch of other features that, while useful and maybe related from a technical perspective, aren’t really related from the end user’s point of view to what the plugin is ostensibly trying to do. I wonder if this is probably a bit confusing for users and making it a bit difficult to determine whether issues are due to bugs in the code itself or people misunderstanding what it’s supposed to be doing.

I think the answer is probably to separate it out into different plugins, each of which concentrates on doing a single thing and doing it well. At the moment, I’m thinking of separating it into three different plugins, perhaps something along these lines:

• Comment Timeout 2.0: a trimmed-down version, which concentrates solely on the job of closing comments on old posts after a certain length of time.
• The Black Hole: the functionality to nuke comments altogether if they contain BBCode, too many hyperlinks, or certain keywords, so they don’t even make it as far as your spam queue.
• Three Strikes and You’re Out: the bit that examines your Bad Behavior logs and spam queue and closes comments to IP addresses that are persistently causing trouble.

I’d be interested to know what people think of this idea. Would it make it easier to understand, or would it just make things a bit more confusing? Leave me a comment and let me know what you think.

Comments closed (6) »

Posted at 08:15 on 26 April 2007.
Tagged: Comment Timeout, Link Limits, second system effect, The Mythical Man Month, Three Strikes and You're Out

The latest version of Comment Timeout is now available for immediate download. This fixes several bugs:

1. The plugin no longer raises a warning when installed on a server where allow_call_time_pass_reference is turned off in your php.ini file.

2. It is now possible to disallow hyperlinks in comments entirely, by setting the maximum number of hyperlinks to zero.

3. Hyperlinks that contain line breaks are now counted correctly.

One important note: If you are upgrading from an earlier version, and had set it to allow unlimited hyperlinks in your comments, it will now reject all comments containing any hyperlinks at all. To fix this, go to the options page and uncheck the box that says “Reject all comments containing more than 0 hyperlinks” — or alternatively, you can change the zero to some larger number of your choice.

Comments closed (19) »

Posted at 21:48 on 6 March 2007.
Tagged: Comment Timeout

For those of you who know a bit about PHP and WordPress internals and are interested, here is a brief technical overview of the details behind the bug in the original version of Comment Timeout.

I was originally tweaking the comment status of the posts at the start of the loop. The way I was doing it was admittedly a hack, but it worked — in PHP 5 at any rate, which has pass-by-reference semantics. However, it fell over in PHP 4, where variables are all passed by value rather than by reference.

It actually turns out that there is a non-hack way of achieving this. This evening I discovered that WordPress provides a filter, the_posts, which gives you a much better way of doing it. It passes an array containing all the posts returned by a query to your filter; your plugin modifies the array as appropriate — in this case, setting the comment status on some of the posts to “closed” — and returns it. The latest version (1.3 alpha 2) now adopts this approach.

Unfortunately, a lot of the WordPress API documentation is somewhat incomplete and sketchy, especially on the more technical side, which is probably why I missed this the first time round. Perhaps as plugin authors we ought to chip in and spend a bit of time polishing it up as we go? It is a wiki after all, so we’ve only ourselves to blame if it’s not up to scratch.

Comments closed (4) »

Posted at 23:05 on 7 February 2007.
Tagged: Comment Timeout, PHP 4

Following a recent flood of comment spam last week, I’ve decided to tighten up on my blog commenting policy. I’m now limiting comments to two hyperlinks each, which must not be in BBCode format. WordPress doesn’t use BBCode anyway, and I’ve never seen a genuine comment on anybody’s blog which contains more than one hyperlink, so I don’t think this is going to be a problem.

I’m also going to close comments and trackbacks right across the board to any IP address which has three comments pending moderation in my spam queue or which gets trapped by Bad Behavior three times in a week. In practice, it’s not likely to affect you unless you are running a spam bot on your computer or network.

If you want to do something similar on your own blog, it’s handled by the the latest version (1.3) of Comment Timeout. Note that this is still in alpha, so use it at your own risk. It’s configurable as before, so you can set it to allow three — or more — hyperlinks if you prefer.

Comments closed (2) »

Posted at 22:50 on 4 February 2007.
Tagged: Comment Timeout, spam

If you are a responsible blogger, your blog will not contain any spam comments older than a certain age. You will usually delete the occasional one that slips past Akismet within at most a month, so anything older than that will have a 100% chance of being ham rather than spam.

So while it’s right and proper to include rel="nofollow" on all hyperlinks in new comments, one would think it’s usually safe to remove it from older ones, and give constructive, bona fide comments on your blog some Google juice after a while. New comments should, of course, have the nofollow tag added.

I’m experimenting with this in the next version of Comment Timeout, which you can download and try out for yourself. The option is disabled by default, in which case all the comments on your website will, of course, be marked as nofollow, but you can of course turn it on if you want.

Another new feature is the option to indicate to your visitors how long comments will remain open on your blog.

Version 1.2 is currently in alpha, so it’s a case of “use at your own risk”, but I’m dogfooding it on my own blog, removing the nofollow on comments after 21 days. (NB: I make no guarantees that I won’t change the settings!) I’d be interested to know if anyone makes any use of it, or whether or not you think it’s a good idea. Let me know what you think by leaving a comment.

The current stable version is still 1.0 release candidate 2.

Update: I’ve released alpha 2, adding a bit more granularity to the nofollow options.

Comments closed (2) »

Posted at 18:52 on 30 January 2007.
Tagged: Comment Timeout

I’ve released an update to Comment Timeout this weekend to fix a couple of critical bugs. (Did I say it was still in beta?) It was not working on PHP 4, though it was fine on PHP 5, and it was not closing comments correctly if you turned off the option to keep ongoing discussions open. Both these bugs have now been fixed.

Thanks to Heather (http://www.ohmystinkinheck.com/) for the heads-up and feedback. The latest version is release candidate 2 (because the second bug only came to light a few hours after I released a fix for the first one as release candidate 1).

Comments closed (1) »

Posted at 10:42 on 27 January 2007.
Tagged: Comment Timeout