gRegor Morrill gRegor Morrill on gregorlove.com:
One of the known issues with webmentions in WordPress is that they are often flagged as spam by default. There is a workaround snippet of code on the wiki to automatically approve them. That got me thinking about the core feature of approving comments only from previously-approved commenters. It seemed there should be a way to leverage that core feature for webmentions as well.

I found the WordPress code that pre-approves those type of comments. The main issue is that it requires both the comment author name and email. I wrote a filter function that instead checks the name and webmention source URL against previously-approved webmentions.

Here is the code: https://gist.github.com/gRegorLove/8215cb9c9584b364aaf4ef2999416f56

I put it in the theme’s functions.php file and it worked!

Further improvements would be to:

Add a conditional check for the WordPress option comment_whitelist so it only does this when that option is enabled
Use the wp_commentmeta table, webmention_source_url instead of the comment_author_url
Only use the source URL, not author name and source URL

I’ve updated this code snippet so it abides by your Discussion settings for the checkbox “Comment author must have a previously approved comment.”

I’ve also updated it to use the webmention_source_url which is part of the comment meta data passed into the filter.

If you have that box checked and approve a webmention from a post on example.com, subsequent webmentions from example.com will be automatically approved. If that box is not checked, this automatic approval code won’t run.

This does override the other spam checks like maximum number of links and comment blacklist keywords. Generally, I think this is acceptable since the approval of a webmention from a source domain is a stronger signal than the approval of a name and email that was entered in a comment form.