Disable comments feed(s) to protect a secret category

  • I’m trying to create a ‘members only’ category for a WP site. I’ve found various ways to hide this category from most of the common WP functions; and some (eg monthly archives) I’ve just decided not to use at all.

    But members will be able to comment on those private posts; and those comments will appear in the site-wide comments feed: revealing the existence of the private area, the title of posts within it, and the actual comments.

    There’s also a risk of people guessing the post IDs for ‘hidden’ posts, and using query string-based URLs. Whilst I can stop them seeing the content by putting if(is_user_logged_in) at the top of single.php, I can’t stop them seeing the comments on those hidden posts by using a query string like /?p=1&feed=rss2

    Some ideas I’ve tried:

    • Advanced Category Excluder would let me disable the comments feeds for individual posts in the secret category, but it doesn’t stop those comments appearing in /comments/feed (as far as I can tell)
    • I can use htaccess to do a RewriteMatch on /comments/feed or/wp-commentsrss2.php, and send people somewhere else, but I haven’t been able to do the same for query string based URLs (whatever they are?).

    On balance, I’m guessing the easiest thing is simply to disable comment feeds across the entire site. I don’t think the users will mind.

    Can anyone suggest anything, which is straightforward and future-proof? Preferably, I’d be looking to include it in the theme’s functions.php file. Using htaccess is also possible, but less desirable. Altering core files is a no-no for obvious reasons.

Viewing 3 replies - 1 through 3 (of 3 total)

  • what mechanism are you using to protect the members only area?

    Thread Starter Simon Dickson

    (@s1m0nd)

    This has done the trick for most contexts, added into functions.php for the theme in question (where 3 is the category ID for the ‘secret’ category, obviously):

    function catFilter($query) {
if (!(is_user_logged_in())) {
$query->set('cat','-3');
}
return $query;
}
add_filter('pre_get_posts','catFilter');

    I’ll put if(is_user_logged_in()) at the top of single.php and page.php, to prevent direct access to the posts/pages in question.

    Obviously that doesn’t cover us for absolutely everything; most of the rest I can live without.

    At the moment, though, the better solution seems to be use Huddle or Basecamp: ‘properly’ secure, and optimised for the purpose. A seamless WP-based solution would be great, but $20-something/month is increasingly sounding like a small price to pay.

    Let’s just say that was a little more painful to work out than expected, and a few blind alleys were involved. Paste this into your functions.php file. You’ll need to add any category IDs you want to exclude into the $exclude_cats array. This should ensure that any comments on posts which belong to excluded categories are never shown in the comments feed.

    I’ll get on with your other stuff now. ??

    add_filter( 'comment_feed_where', 'sw_block_cat_cwhere' );

function sw_block_cat_cwhere( & $cwhere )
{
	$exclude_cats = array( 3, 5 );
	$exclude_cats_list = implode( ',', $exclude_cats );
	$cwhere .= " AND comment_post_id NOT IN ( ";
	$cwhere .= " SELECT object_id ";
	$cwhere .= " FROM wp_term_relationships ";
	$cwhere .= " WHERE term_taxonomy_id IN ( $exclude_cats_list ) ";
	$cwhere .= " ) ";
	error_log( '-------------------' );
	error_log( $cwhere );
	return $cwhere;
}
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Disable comments feed(s) to protect a secret category’ is closed to new replies.