Like all other WordPress blogs, this one attracts a good number of spam comments. I get usually 5-10 per day, but yesterday there were like 30. Almost all of them contain Cyrillic characters:
Since I specify that all comments are held until approved, that means I need to either approve or trash or spam every comment.
Enter ChatGPT
I use ChatGPT (specifically GPT 4) for a number of minor coding tasks. I find it helpful. It is not perfect. That doesn’t mean it isn’t useful. I decided to have it ponder this issue. I work with Python a lot at work and it’s typically my scripting language of choice. My initial request is as follows:
write a python script to log into a wordpress site as an admin, get the top 5 comments, see if there are any Cyrillic characters in them, and if there are, delete said comment
It was understandably unhappy about potentially being asked to “hack” a WordPress site, so I had to reassure it that I was the owner of said site:
yes, I have my own blog. I am the owner. I have the admin credentials. please proceed with how to delete those comments
It happily complied and spit out some very usable code:
After a bit more back and forth:
does this get comments in a pending state? I don't let them be published instantly because most of them are spam
I was informed there are 5 different comment states: approved, hold, spam, trash, unapproved.
perfect. can you please adjust the script to get the pending, unapproved, and hold comments. also make it top 20
It ran perfectly after copy + pasting the Python. Unfortunately I created an application password for my main login on this site and forgot to change the delete URL so it happily sent my application password and username to yourwebsite.com. After revoking that password and realizing there should be a base url:
please split out the site url (https://austinsnerdythings.com) from base_url for both retrieving the comments as well as deleting
I was left with a 100% functional script. This took 3-4 min of back and forth with ChatGPT 4.0. I definitely could’ve code this up myself with the basic structure in 15 minutes or so but I would’ve had to work out the json format for comments and all that. It is so much easier to just test out what ChatGPT provides and alter as necessary:
import requests
import json
import re
def has_cyrillic(text):
return bool(re.search('[\u0400-\u04FF]', text))
site_url = "https://austinsnerdythings.com"
base_url = f"{site_url}/wp-json/wp/v2/comments?per_page=20&status="
statuses = ['pending', 'hold', 'unapproved']
auth = ('yourusername', 'yourpassword')
for status in statuses:
url = base_url + status
response = requests.get(url, auth=auth)
comments = json.loads(response.text)
cyrillic_comments = []
for comment in comments:
if has_cyrillic(comment['content']['rendered']):
cyrillic_comments.append(comment)
# delete comments with Cyrillic characters
for comment in cyrillic_comments:
delete_url = f"{site_url}/wp-json/wp/v2/comments/" + str(comment['id'])
response = requests.delete(delete_url, auth=auth)
if response.status_code == 200:
print(f"Successfully deleted comment with id {comment['id']}")
else:
print(f"Failed to delete comment with id {comment['id']}. Response code: {response.status_code}")
Finishing touches
The other finishing touches I did were as follows:
- Created a user specific for comment moderation. I used the ‘Members’ plugin to create a very limited role (only permissions granted are the necessary ones: Moderate Comments, Read, Edit Posts, Edit Others’ Posts, Edit Published Posts) and assigned said user to it. This greatly limits the potential for abuse if the account password falls into the wrong hands.
- Copied the script to the web host running the blog
- Set it to be executed hourly via crontab
Now I have a fully automated script that deletes any blog comments with any Cyrillic characters!
You may be asking yourself why I don’t use Akismet or Recaptcha or anything like that. I found the speed tradeoff to not be worthwhile. They definitely slowed down my site for minimal benefit. It only took a couple minutes a day to delete the spam comments. But now it takes no time because it’s automated!
Here’s the link to the full ChatGPT conversation:
https://chat.openai.com/share/aad6a095-9b90-42c5-b1ca-de2a18828ba2
Results
I created a spam comment and ran the script (after adding a print line to show the comment). Here’s the output:
And the web logs showing the 3 status being retrieved via GET and the DELETE for the single spam comment:
I am quite satisfied with this basic solution. It took me far longer to type up this blog post than it did to get the script working.