I debugged the issue using the good old “print debug messages all over the place” method – crude but effective. I started in xmlrpc.php and discovered that it was stopping at this line:

$comment_ID = wp_new_comment($commentdata);

This meant it was getting as far as trying to post the comment. It was then that I had a lightbulb moment. What would be stopping comments being posted? My captcha to stop comment spam (has it really been three years since I set that up?), that’s what!

My colleague has been using a numerical captcha-style plugin called Math Comment Spam Protection (MCSP) instead. I did a quick comparison between it and the SecureImage plugin and fairly quickly found the difference. This is from the MCSP plugin:

if (  ( !isset($user_ID) ) && ( $comment_data['comment_type'] == '' ) ) {

// Do not check if the user is registered & do not check trackbacks/pingbacks

By comparison, the SecureImage plugin only checked if the user is registered:

// If the user is not logged in check the security code

if ( !$user_ID ) {

The fix looks simple. But, given the lack of updates for SecureImage I decided it was time to move on. So now I have the MCSP plugin instead, and pingbacks are once again working.

I just have one request to make. Can anyone who’s linked to me in the last three years please try again?

Related posts:

1. An end to comment spam
2. WordPress plugin recommendations
3. Comment spam :-(