I just received a query from one of my readers about how I implemented the comment password that’s used on the site to prevent spam. Since this is the third such query in the past month, I figured I’d post the explanation here for others who might be curious. It’s not particularly complicated, but the following instructions will nonetheless probably only make sense to programmers.

  1. In content/themes/default/comments.php, look for the author/email/url input boxes. Cut and paste one for the password, giving it a unique name/id/label (I use “cheese” for hysterical reasons) and tabindex. For convenience, you can add it as a hidden form element instead in the registered-user case, thus:
    <input type="hidden" name="cheese" value="maple" />
  2. In wp-comments-post.php, look for the “please type a comment” error message. Immediately afterward, check the value:
    if ($cheese != "maple") { die("<p>blah blah</p>"); }

That’s basically it. There’s nothing super-secret about any of it (it’s just supposed to stop machines, not people) so here are comments.php and wp-comments-post.php as I’ve modified them from WP 1.5. I haven’t gotten around to upgrading yet, but I imagine it would be equally straightforward for WP 2.0.