Title: Comment hack
Last modified: August 19, 2016

---

# Comment hack

 *  Resolved [johnw1116](https://wordpress.org/support/users/johnw1116/)
 * (@johnw1116)
 * [15 years, 11 months ago](https://wordpress.org/support/topic/comment-hack/)
 * We are currently using wordpress as an information tool, with no form for making
   comments. Somehow, someone was able to post 2 comments, that were luckily held
   for approval. I have since unchecked allow comments for our posts, but would 
   like to know how this was possible. I want to be sure I have stopped this from
   happening again, and to do that I have to first understand how they did it.

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Moderator [James Huff](https://wordpress.org/support/users/macmanx/)
 * (@macmanx)
 * [15 years, 11 months ago](https://wordpress.org/support/topic/comment-hack/#post-1583686)
 * It’s possible that a bot directly accessed the `wp-comments-post.php` file, which
   is a common tactic amongst spammers. Go to Settings/Discussion in your admin 
   panel and ucheck “Allow people to post comments on new articles” and “Allow link
   notifications from other blogs (pingbacks and trackbacks.)”
 * You may also need to edit each existing page and post and uncheck “Allow comments.”
   and “Allow trackbacks and pingbacks on this page.” under the “Discussion” section.
 *  Thread Starter [johnw1116](https://wordpress.org/support/users/johnw1116/)
 * (@johnw1116)
 * [15 years, 11 months ago](https://wordpress.org/support/topic/comment-hack/#post-1583705)
 * Thank you MacMan. I will change those settings. It’s good to know the enemies
   tactics. I can better prepare for them.
 *  Moderator [James Huff](https://wordpress.org/support/users/macmanx/)
 * (@macmanx)
 * [15 years, 11 months ago](https://wordpress.org/support/topic/comment-hack/#post-1583712)
 * You’re welcome!
 *  Thread Starter [johnw1116](https://wordpress.org/support/users/johnw1116/)
 * (@johnw1116)
 * [15 years, 11 months ago](https://wordpress.org/support/topic/comment-hack/#post-1583885)
 * BTW I also changed the attributes of “wp-comments-post.php” to read only. That
   should add a little more protection. I don’t think will cause any problems, seeings
   how we aren’t using it, but will keep you posted if it does. Hope this helps 
   someone.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Comment hack’ is closed to new replies.

## Tags

 * [comment](https://wordpress.org/support/topic-tag/comment/)

 * 4 replies
 * 2 participants
 * Last reply from: [johnw1116](https://wordpress.org/support/users/johnw1116/)
 * Last activity: [15 years, 11 months ago](https://wordpress.org/support/topic/comment-hack/#post-1583885)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics