Title: wp-postratings script Last modified: August 30, 2016 --- # wp-postratings script * Resolved [tukis7](https://wordpress.org/support/users/tukis7/) * (@tukis7) * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-postratings-script/) * Hello, * I have a problem. many of my post are being rated of 1 star by the same ip adress 127.0.0.1 / localhost.localdomain, and it must be a script of some sort. What could be the problem it this plugin that allows this thing to happen ? And what can i do to restore previous ratings before those 1 star rating that were spamed. I tried deleting these ratings, but overall rating remains the same as these bad ratings havent been deleted in the first place. * Thank you for your help. * [https://wordpress.org/plugins/wp-postratings/](https://wordpress.org/plugins/wp-postratings/) Viewing 10 replies - 1 through 10 (of 10 total) * Plugin Author [Lester Chan](https://wordpress.org/support/users/gamerz/) * (@gamerz) * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-postratings-script/#post-6689487) * I am not too sure of the localdomain part. * The plugin only stores accumulated ratings in the post meta under ratings_users, ratings_average and ratings_score. Deleting the logs doesn’t change anything. You have to manually edit the above stated meta_keys for the post. You can find those fields under the Custom Fields of the Edit Post screen. * Thread Starter [tukis7](https://wordpress.org/support/users/tukis7/) * (@tukis7) * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-postratings-script/#post-6689537) * But my gues is that there is a hole in the plug in itself, because that ip found it and now is using script of some sort to rate all posts with 1 star 😕 * Plugin Author [Lester Chan](https://wordpress.org/support/users/gamerz/) * (@gamerz) * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-postratings-script/#post-6689606) * Hmm if you can reproduce it let me know, because I haven’t get any reports of it yet. * Even if you can rate for 127.0.0.1, it will only allow one rating per post. There is WP security token as well to verify the request. So even if the IP is allowed to rate, he will not be allowed to rate after the token expires (defaults to 1 hour) via a script. * Thread Starter [tukis7](https://wordpress.org/support/users/tukis7/) * (@tukis7) * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-postratings-script/#post-6689626) * Hmm, well i will take a look, * thank you so much for your help. * Thread Starter [tukis7](https://wordpress.org/support/users/tukis7/) * (@tukis7) * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-postratings-script/#post-6689628) * and by the way, that manual custom field editing doesnt work and that someone does 4 or 5 clicls in one minute… Here is the screenshot of what is happening [http://imgur.com/XPTQXKs](http://imgur.com/XPTQXKs) * Plugin Author [Lester Chan](https://wordpress.org/support/users/gamerz/) * (@gamerz) * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-postratings-script/#post-6689633) * Looks like a script. He is ratting only 5 post every minute to prevent the security token from expiring. Your best bet is to banned the guy if you can the real IP or restricted ratings to registered users. * Thread Starter [tukis7](https://wordpress.org/support/users/tukis7/) * (@tukis7) * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-postratings-script/#post-6689638) * but my main raters ar unregistered users, so i cant do the only registered. maybe there is a hole in a plugin it self, you should update it maybe… or something * Thread Starter [tukis7](https://wordpress.org/support/users/tukis7/) * (@tukis7) * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-postratings-script/#post-6689640) * or add option to remove selected ratings from selected users directly from plygin admin panel, make it more flexible and controllable. * Plugin Author [Lester Chan](https://wordpress.org/support/users/gamerz/) * (@gamerz) * [10 years, 7 months ago](https://wordpress.org/support/topic/wp-postratings-script/#post-6689662) * Right now I have no plans to do that because I have a full time job. So unlikely I will change it soon. If I have time, my next immediate thing is to rewrite it to use CSS rather than images as rating. * Allow deleting of ratings is in my thoughts but not in the immediate future. * Thread Starter [tukis7](https://wordpress.org/support/users/tukis7/) * (@tukis7) * [10 years, 5 months ago](https://wordpress.org/support/topic/wp-postratings-script/#post-6689820) * Hello, i would like to renew this topic, because my ratings ar still being hacked… someone keeps rating all my posts to 1 star using scripts and i dont know what to do exactly, is there any way to not allow this plugin to be hacked using scripts? Thank You. Viewing 10 replies - 1 through 10 (of 10 total) The topic ‘wp-postratings script’ is closed to new replies. * ![](https://ps.w.org/wp-postratings/assets/icon.svg?rev=978014) * [WP-PostRatings](https://wordpress.org/plugins/wp-postratings/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-postratings/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-postratings/) * [Active Topics](https://wordpress.org/support/plugin/wp-postratings/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-postratings/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-postratings/reviews/) * 10 replies * 2 participants * Last reply from: [tukis7](https://wordpress.org/support/users/tukis7/) * Last activity: [10 years, 5 months ago](https://wordpress.org/support/topic/wp-postratings-script/#post-6689820) * Status: resolved