{"id":10477,"date":"2025-09-03T07:20:58","date_gmt":"2025-09-03T07:20:58","guid":{"rendered":"https:\/\/affinite.io\/cs\/?p=10477"},"modified":"2025-09-03T15:06:12","modified_gmt":"2025-09-03T15:06:12","slug":"komplexni-zabezpeceni-komentaru-ve-wordpressu","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/komplexni-zabezpeceni-komentaru-ve-wordpressu\/","title":{"rendered":"Komplexn\u00ed zabezpe\u010den\u00ed koment\u00e1\u0159\u016f ve WordPressu"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">\u00davod: Pro\u010d je zabezpe\u010den\u00ed koment\u00e1\u0159\u016f d\u016fle\u017eit\u00e9<\/h2>\n\n\n\n<p>WordPress koment\u00e1\u0159e jsou jedn\u00edm z nej\u010dast\u011bji napadan\u00fdch vektor\u016f na webov\u00fdch str\u00e1nk\u00e1ch. Podle statistik <a href=\"https:\/\/www.wordfence.com\/\" target=\"_blank\" rel=\"noopener\">Wordfence<\/a> tvo\u0159\u00ed \u00fatoky na koment\u00e1\u0159ov\u00e9 syst\u00e9my v\u00edce ne\u017e 35% v\u0161ech automatizovan\u00fdch \u00fatok\u016f na WordPress. Spam koment\u00e1\u0159e nejen zhor\u0161uj\u00ed u\u017eivatelskou zku\u0161enost, ale mohou tak\u00e9 negativn\u011b ovlivnit SEO hodnocen\u00ed a v extr\u00e9mn\u00edch p\u0159\u00edpadech v\u00e9st k blacklistingu dom\u00e9ny.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Jak funguj\u00ed \u00fatoky na koment\u00e1\u0159e<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Technick\u00e9 pozad\u00ed \u00fatok\u016f<\/h3>\n\n\n\n<p>Modern\u00ed spamovac\u00ed boti pou\u017e\u00edvaj\u00ed sofistikovan\u00e9 metody pro obch\u00e1zen\u00ed standardn\u00edch ochran:<\/p>\n\n\n\n<p><strong>1. P\u0159\u00edm\u00e9 HTTP po\u017eadavky<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Boti <strong>nepou\u017e\u00edvaj\u00ed webov\u00fd formul\u00e1\u0159<\/strong> na str\u00e1nce, ale pos\u00edlaj\u00ed p\u0159\u00edm\u00e9 POST po\u017eadavky<\/li>\n\n\n\n<li>Obch\u00e1zej\u00ed tak JavaScript validace, CSRF tokeny a jin\u00e9 klientsk\u00e9 ochrany<\/li>\n\n\n\n<li>Dok\u00e1\u017e\u00ed simulovat legitimn\u00ed user-agenty a HTTP hlavi\u010dky<\/li>\n<\/ul>\n\n\n\n<p><strong>2. C\u00edlen\u00e9 endpointy:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>wp-comments-post.php<\/code> &#8211; hlavn\u00ed endpoint pro zpracov\u00e1n\u00ed koment\u00e1\u0159\u016f<\/li>\n\n\n\n<li><code>\/wp-json\/wp\/v2\/comments<\/code> &#8211; REST API endpoint (WordPress 4.7+)<\/li>\n\n\n\n<li><code>xmlrpc.php<\/code> &#8211; XML-RPC metody pro pingbacky a trackbacky<\/li>\n\n\n\n<li><code>\/wp-json\/wp\/v2\/posts\/{id}\/comments<\/code> &#8211; specifick\u00e9 REST endpointy pro jednotliv\u00e9 p\u0159\u00edsp\u011bvky<\/li>\n<\/ul>\n\n\n\n<p><strong>3. Pokro\u010dil\u00e9 techniky:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Rate limiting evasion<\/strong> &#8211; rotace IP adres p\u0159es proxy s\u00edt\u011b<\/li>\n\n\n\n<li><strong>Fingerprint spoofing<\/strong> &#8211; napodobov\u00e1n\u00ed legit\u00edmn\u00edch browser\u016f<\/li>\n\n\n\n<li><strong>Content spinning<\/strong> &#8211; automatick\u00e9 generov\u00e1n\u00ed variac\u00ed text\u016f<\/li>\n\n\n\n<li><strong>Honeypot detection<\/strong> &#8211; rozpozn\u00e1v\u00e1n\u00ed a obch\u00e1zen\u00ed past pro boty<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Dopady \u00fasp\u011b\u0161n\u00fdch \u00fatok\u016f<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Typ dopadu<\/th><th>Popis<\/th><th>Z\u00e1va\u017enost<\/th><\/tr><\/thead><tbody><tr><td><strong>Performance<\/strong><\/td><td>P\u0159et\u00ed\u017een\u00ed datab\u00e1ze, zpomalen\u00ed webu<\/td><td>Vysok\u00e1<\/td><\/tr><tr><td><strong>SEO<\/strong><\/td><td>Spam odkazy, degradace v SERP<\/td><td>Vysok\u00e1<\/td><\/tr><tr><td><strong>Bezpe\u010dnost<\/strong><\/td><td>Potenci\u00e1ln\u00ed XSS, injection \u00fatoky<\/td><td>Kritick\u00e1<\/td><\/tr><tr><td><strong>N\u00e1klady<\/strong><\/td><td>Vy\u0161\u0161\u00ed server n\u00e1roky, \u010di\u0161t\u011bn\u00ed<\/td><td>St\u0159edn\u00ed<\/td><\/tr><tr><td><strong>Reputace<\/strong><\/td><td>Ztr\u00e1ta d\u016fv\u011bry n\u00e1v\u0161t\u011bvn\u00edk\u016f<\/td><td>St\u0159edn\u00ed<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Komplexn\u00ed zabezpe\u010den\u00ed &#8211; krok za krokem<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Z\u00e1kladn\u00ed nastaven\u00ed v administraci<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Diskuzn\u00ed nastaven\u00ed (wp-admin\/options-discussion.php)<\/h4>\n\n\n\n<p><strong>Kritick\u00e1 nastaven\u00ed:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Nastaven\u00ed \u2192 Diskuze\n<\/code><\/pre>\n\n\n\n<p><strong>Doporu\u010den\u00e1 konfigurace:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>V\u00fdchoz\u00ed nastaven\u00ed \u010dl\u00e1nk\u016f:<\/strong>\n<ul class=\"wp-block-list\">\n<li> Povolit n\u00e1v\u0161t\u011bvn\u00edk\u016fm webu p\u0159id\u00e1vat koment\u00e1\u0159e k nov\u00fdm p\u0159\u00edsp\u011bvk\u016fm<\/li>\n\n\n\n<li> P\u0159id\u00e1vat koment\u00e1\u0159e mohou pouze registrovan\u00ed a p\u0159ihl\u00e1\u0161en\u00ed u\u017eivatel\u00e9<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Dal\u0161\u00ed nastaven\u00ed koment\u00e1\u0159\u016f:<\/strong>\n<ul class=\"wp-block-list\">\n<li> Autor koment\u00e1\u0159e mus\u00ed vyplnit jm\u00e9no a e-mail<\/li>\n\n\n\n<li> U\u017eivatel\u00e9 mus\u00ed b\u00fdt registrov\u00e1ni a p\u0159ihl\u00e1\u0161eni pro p\u0159id\u00e1n\u00ed koment\u00e1\u0159e<\/li>\n\n\n\n<li> Automaticky uzav\u0159\u00edt koment\u00e1\u0159e u \u010dl\u00e1nk\u016f star\u0161\u00edch ne\u017e <strong>30 dn\u00ed<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Ozn\u00e1men\u00ed a moderace:<\/strong>\n<ul class=\"wp-block-list\">\n<li> Koment\u00e1\u0159 mus\u00ed b\u00fdt schv\u00e1len ru\u010dn\u011b<\/li>\n\n\n\n<li> Koment\u00e1\u0159 mus\u00ed b\u00fdt schv\u00e1len, pokud obsahuje 2 nebo v\u00edce odkaz\u016f<\/li>\n\n\n\n<li> Poslat e-mail p\u0159i ka\u017ed\u00e9m koment\u00e1\u0159i<\/li>\n\n\n\n<li> Poslat e-mail p\u0159i \u010dek\u00e1n\u00ed koment\u00e1\u0159e na schv\u00e1len\u00ed<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Blacklist nastaven\u00ed:<\/strong>\n<ul class=\"wp-block-list\">\n<li>P\u0159idat b\u011b\u017en\u00e1 spam slova do seznamu zak\u00e1zan\u00fdch v\u00fdraz\u016f<\/li>\n\n\n\n<li>Nastavit automatick\u00e9 ozna\u010den\u00ed koment\u00e1\u0159\u016f s podez\u0159el\u00fdmi kl\u00ed\u010dov\u00fdmi slovy<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\">Pokro\u010dil\u00e9 WordPress hooks<\/h4>\n\n\n\n<p><strong>Pre-comment validace:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ functions.php nebo MU plugin\nadd_action('pre_comment_on_post', 'custom_comment_security_check');\nfunction custom_comment_security_check($comment_post_id) {\n    \/\/ Kontrola, zda je u\u017eivatel p\u0159ihl\u00e1\u0161en\n    if (!is_user_logged_in()) {\n        wp_die(\n            'Koment\u00e1\u0159e jsou povoleny pouze p\u0159ihl\u00e1\u0161en\u00fdm u\u017eivatel\u016fm.', \n            'P\u0159\u00edstup zam\u00edtnut', \n            &#91;'response' =&gt; 403]\n        );\n    }\n    \n    \/\/ Kontrola rychlosti p\u0159id\u00e1v\u00e1n\u00ed koment\u00e1\u0159\u016f\n    $user_id = get_current_user_id();\n    $last_comment = get_transient('last_comment_time_' . $user_id);\n    \n    if ($last_comment &amp;&amp; (time() - $last_comment) &lt; 30) {\n        wp_die(\n            'P\u0159\u00edli\u0161 rychl\u00e9 p\u0159id\u00e1v\u00e1n\u00ed koment\u00e1\u0159\u016f. Zkuste to za chv\u00edli.', \n            'Rate limit exceeded', \n            &#91;'response' =&gt; 429]\n        );\n    }\n    \n    set_transient('last_comment_time_' . $user_id, time(), 3600);\n}\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">2. Technick\u00e9 zabezpe\u010den\u00ed endpoints<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">REST API ochrany<\/h4>\n\n\n\n<p><strong>Kompletn\u00ed blokace anonymn\u00edch koment\u00e1\u0159\u016f:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ Zak\u00e1\u017ee anonymn\u00ed koment\u00e1\u0159e p\u0159es REST API\nadd_filter('rest_allow_anonymous_comments', '__return_false');\n\n\/\/ P\u0159id\u00e1 dodate\u010dnou autentifikaci\nadd_filter('rest_pre_insert_comment', 'secure_rest_comments', 10, 2);\nfunction secure_rest_comments($prepared_comment, $request) {\n    if (!is_user_logged_in()) {\n        return new WP_Error(\n            'rest_comment_login_required',\n            'Pro p\u0159id\u00e1n\u00ed koment\u00e1\u0159e se mus\u00edte p\u0159ihl\u00e1sit.',\n            &#91;'status' =&gt; 401]\n        );\n    }\n    return $prepared_comment;\n}\n\n\/\/ Voliteln\u011b - odstran\u011bn\u00ed cel\u00e9ho comments endpointu\nadd_filter('rest_endpoints', 'remove_comments_endpoints');\nfunction remove_comments_endpoints($endpoints) {\n    if (isset($endpoints&#91;'\/wp\/v2\/comments'])) {\n        unset($endpoints&#91;'\/wp\/v2\/comments']);\n    }\n    if (isset($endpoints&#91;'\/wp\/v2\/comments\/(?P&lt;id&gt;&#91;\\d]+)'])) {\n        unset($endpoints&#91;'\/wp\/v2\/comments\/(?P&lt;id&gt;&#91;\\d]+)']);\n    }\n    return $endpoints;\n}\n<\/code><\/pre>\n\n\n\n<p><strong>Selective REST API protection:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ Pokro\u010dilej\u0161\u00ed ochrana s logov\u00e1n\u00edm\nadd_filter('rest_pre_dispatch', 'monitor_comments_api', 10, 3);\nfunction monitor_comments_api($result, $server, $request) {\n    $route = $request-&gt;get_route();\n    \n    if (strpos($route, '\/wp\/v2\/comments') !== false) {\n        \/\/ Logov\u00e1n\u00ed pokus\u016f o p\u0159\u00edstup\n        error_log(sprintf(\n            'Comments API access attempt - IP: %s, User-Agent: %s, Route: %s',\n            $_SERVER&#91;'REMOTE_ADDR'] ?? 'unknown',\n            $_SERVER&#91;'HTTP_USER_AGENT'] ?? 'unknown',\n            $route\n        ));\n        \n        \/\/ Blokace pro nep\u0159ihl\u00e1\u0161en\u00e9\n        if (!is_user_logged_in()) {\n            return new WP_Error(\n                'rest_comments_forbidden', \n                'Comments API access forbidden',\n                &#91;'status' =&gt; 403]\n            );\n        }\n    }\n    \n    return $result;\n}\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">XML-RPC zabezpe\u010den\u00ed<\/h4>\n\n\n\n<p>XML-RPC je \u010dast\u00fdm c\u00edlem \u00fatok\u016f, zejm\u00e9na pingback metody:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ Kompletn\u00ed vypnut\u00ed XML-RPC\nadd_filter('xmlrpc_enabled', '__return_false');\n\n\/\/ Nebo selektivn\u00ed blokace nebezpe\u010dn\u00fdch metod\nadd_filter('xmlrpc_methods', 'secure_xmlrpc_methods');\nfunction secure_xmlrpc_methods($methods) {\n    \/\/ Odstran\u011bn\u00ed nebezpe\u010dn\u00fdch metod\n    unset($methods&#91;'pingback.ping']);\n    unset($methods&#91;'pingback.extensions.getPingbacks']);\n    unset($methods&#91;'wp.newComment']);\n    \n    return $methods;\n}\n\n\/\/ Dodate\u010dn\u00e1 ochrana XML-RPC pomoc\u00ed .htaccess\n\/\/ P\u0159idat do .htaccess:\n\/*\n&lt;Files \"xmlrpc.php\"&gt;\n    Order Allow,Deny\n    Deny from all\n&lt;\/Files&gt;\n*\/\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">wp-comments-post.php zabezpe\u010den\u00ed<\/h4>\n\n\n\n<p><strong>PHP metoda (doporu\u010den\u00e1):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>add_action('init', 'secure_comments_post_endpoint');\nfunction secure_comments_post_endpoint() {\n    if (strpos($_SERVER&#91;'REQUEST_URI'], 'wp-comments-post.php') !== false) {\n        \/\/ Kontrola referer\n        if (!wp_verify_nonce($_POST&#91;'_wp_http_referer'] ?? '', 'comment_nonce')) {\n            \/\/ Logov\u00e1n\u00ed podez\u0159el\u00e9 aktivity\n            error_log(sprintf(\n                'Suspicious comment attempt - IP: %s, User-Agent: %s, Referer: %s',\n                $_SERVER&#91;'REMOTE_ADDR'] ?? 'unknown',\n                $_SERVER&#91;'HTTP_USER_AGENT'] ?? 'unknown',\n                $_SERVER&#91;'HTTP_REFERER'] ?? 'none'\n            ));\n        }\n        \n        if (!is_user_logged_in()) {\n            status_header(403);\n            wp_die('Koment\u00e1\u0159e jsou povoleny pouze p\u0159ihl\u00e1\u0161en\u00fdm u\u017eivatel\u016fm.');\n        }\n        \n        \/\/ Rate limiting\n        $ip = $_SERVER&#91;'REMOTE_ADDR'] ?? '';\n        $attempts = get_transient('comment_attempts_' . md5($ip));\n        \n        if ($attempts &amp;&amp; $attempts &gt; 5) {\n            status_header(429);\n            wp_die('P\u0159\u00edli\u0161 mnoho pokus\u016f. Zkuste to pozd\u011bji.');\n        }\n        \n        set_transient('comment_attempts_' . md5($ip), ($attempts + 1), 300);\n    }\n}\n<\/code><\/pre>\n\n\n\n<p><strong>.htaccess metoda (Apache):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;IfModule mod_rewrite.c&gt;\n    RewriteEngine On\n    \n    # Blokace wp-comments-post.php pro nep\u0159ihl\u00e1\u0161en\u00e9\n    RewriteCond %{REQUEST_URI} ^\/wp-comments-post\\.php$ &#91;NC]\n    RewriteCond %{HTTP_COOKIE} !wordpress_logged_in_ &#91;NC]\n    RewriteCond %{REQUEST_METHOD} POST &#91;NC]\n    RewriteRule .* - &#91;R=403,L]\n    \n    # Blokace podez\u0159el\u00fdch User-Agents\n    RewriteCond %{HTTP_USER_AGENT} ^$ &#91;NC,OR]\n    RewriteCond %{HTTP_USER_AGENT} (bot|crawler|spider) &#91;NC]\n    RewriteCond %{REQUEST_URI} wp-comments-post\\.php$ &#91;NC]\n    RewriteRule .* - &#91;R=403,L]\n&lt;\/IfModule&gt;\n<\/code><\/pre>\n\n\n\n<p><strong>Nginx varianta:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>location = \/wp-comments-post.php {\n    # Kontrola p\u0159ihl\u00e1\u0161en\u00ed p\u0159es cookie\n    if ($http_cookie !~* \"wordpress_logged_in_\") {\n        return 403;\n    }\n    \n    # Rate limiting\n    limit_req zone=comments burst=2 nodelay;\n    \n    # Blokace pr\u00e1zdn\u00fdch User-Agent\u016f\n    if ($http_user_agent = \"\") {\n        return 403;\n    }\n    \n    try_files $uri =404;\n    fastcgi_pass php;\n}\n\n# Rate limiting definice (p\u0159idat do http bloku)\nlimit_req_zone $binary_remote_addr zone=comments:10m rate=1r\/m;\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">3. Pokro\u010dil\u00e1 ochrana proti spamu<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Anti-spam pluginy &#8211; srovn\u00e1n\u00ed<\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Plugin<\/th><th>Cena<\/th><th>Metody detekce<\/th><th>V\u00fdhody<\/th><th>Nev\u00fdhody<\/th><\/tr><\/thead><tbody><tr><td><strong>Akismet<\/strong><\/td><td>$5-50\/m\u011bs<\/td><td>AI, blacklisty, community<\/td><td>Ofici\u00e1ln\u00ed, p\u0159esn\u00fd<\/td><td>Placen\u00fd pro komer\u010dn\u00ed<\/td><\/tr><tr><td><strong>Antispam Bee<\/strong><\/td><td>Zdarma<\/td><td>Honeypot, geolokace<\/td><td>Zdarma, GDPR compliant<\/td><td>M\u00e9n\u011b funkc\u00ed<\/td><\/tr><tr><td><strong>CleanTalk<\/strong><\/td><td>$8\/rok<\/td><td>AI, behavior analysis<\/td><td>Pokro\u010dil\u00e9 funkce<\/td><td>Z\u00e1vislost na API<\/td><\/tr><tr><td><strong>WP Armour<\/strong><\/td><td>Zdarma<\/td><td>reCAPTCHA, honeypot<\/td><td>Jednoduch\u00e9<\/td><td>Z\u00e1kladn\u00ed funkce<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Vlastn\u00ed antispam \u0159e\u0161en\u00ed<\/h4>\n\n\n\n<p><strong>Honeypot implementace:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ P\u0159id\u00e1n\u00ed honeypot pole do comment formu\nadd_action('comment_form_after_fields', 'add_honeypot_field');\nfunction add_honeypot_field() {\n    echo '&lt;p style=\"display:none;\"&gt;\n        &lt;label for=\"url-extra\"&gt;Leave this field empty:&lt;\/label&gt;\n        &lt;input type=\"text\" name=\"url-extra\" id=\"url-extra\" value=\"\" \/&gt;\n    &lt;\/p&gt;';\n}\n\n\/\/ Kontrola honeypot p\u0159i submit\nadd_action('pre_comment_on_post', 'check_honeypot');\nfunction check_honeypot() {\n    if (!empty($_POST&#91;'url-extra'])) {\n        wp_die('Spam detected.', 'Error', &#91;'response' =&gt; 403]);\n    }\n}\n<\/code><\/pre>\n\n\n\n<p><strong>Behavioral analysis:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ Anal\u00fdza \u010dasu vypln\u011bn\u00ed formul\u00e1\u0159e\nadd_action('comment_form', 'add_timing_check');\nfunction add_timing_check() {\n    echo '&lt;input type=\"hidden\" name=\"comment_timestamp\" value=\"' . time() . '\" \/&gt;';\n}\n\nadd_filter('pre_comment_approved', 'timing_spam_check', 99, 2);\nfunction timing_spam_check($approved, $commentdata) {\n    $timestamp = $_POST&#91;'comment_timestamp'] ?? 0;\n    $time_spent = time() - $timestamp;\n    \n    \/\/ P\u0159\u00edli\u0161 rychl\u00e9 vypln\u011bn\u00ed (bot) nebo p\u0159\u00edli\u0161 pomal\u00e9 (opu\u0161t\u011bn\u00fd formul\u00e1\u0159)\n    if ($time_spent &lt; 5 || $time_spent &gt; 3600) {\n        return 'spam';\n    }\n    \n    return $approved;\n}\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">CAPTCHA implementace<\/h4>\n\n\n\n<p><strong>Google reCAPTCHA v3:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ P\u0159id\u00e1n\u00ed reCAPTCHA do comment formu\nadd_action('comment_form_after_fields', 'add_recaptcha_v3');\nfunction add_recaptcha_v3() {\n    $site_key = 'YOUR_RECAPTCHA_SITE_KEY';\n    \n    echo '&lt;script src=\"https:\/\/www.google.com\/recaptcha\/api.js?render=' . $site_key . '\"&gt;&lt;\/script&gt;';\n    echo '&lt;script&gt;\n        grecaptcha.ready(function() {\n            grecaptcha.execute(\"' . $site_key . '\", {action: \"comment\"}).then(function(token) {\n                document.getElementById(\"g-recaptcha-response\").value = token;\n            });\n        });\n    &lt;\/script&gt;';\n    echo '&lt;input type=\"hidden\" id=\"g-recaptcha-response\" name=\"g-recaptcha-response\" \/&gt;';\n}\n\n\/\/ Validace reCAPTCHA\nadd_filter('pre_comment_approved', 'validate_recaptcha', 10, 2);\nfunction validate_recaptcha($approved, $commentdata) {\n    $secret_key = 'YOUR_RECAPTCHA_SECRET_KEY';\n    $response = $_POST&#91;'g-recaptcha-response'] ?? '';\n    \n    if (empty($response)) {\n        return new WP_Error('recaptcha_required', 'reCAPTCHA verification required.');\n    }\n    \n    $verify = wp_remote_post('https:\/\/www.google.com\/recaptcha\/api\/siteverify', &#91;\n        'body' =&gt; &#91;\n            'secret' =&gt; $secret_key,\n            'response' =&gt; $response,\n            'remoteip' =&gt; $_SERVER&#91;'REMOTE_ADDR']\n        ]\n    ]);\n    \n    $verify_body = wp_remote_retrieve_body($verify);\n    $result = json_decode($verify_body, true);\n    \n    if (!$result&#91;'success'] || $result&#91;'score'] &lt; 0.5) {\n        return 'spam';\n    }\n    \n    return $approved;\n}\n<\/code><\/pre>\n\n\n\n<p><strong>Cloudflare Turnstile (alternativa k reCAPTCHA):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ Cloudflare Turnstile implementace\nadd_action('comment_form_after_fields', 'add_turnstile');\nfunction add_turnstile() {\n    echo '&lt;script src=\"https:\/\/challenges.cloudflare.com\/turnstile\/v0\/api.js\" async defer&gt;&lt;\/script&gt;';\n    echo '&lt;div class=\"cf-turnstile\" data-sitekey=\"YOUR_TURNSTILE_SITE_KEY\"&gt;&lt;\/div&gt;';\n}\n\nadd_filter('pre_comment_approved', 'validate_turnstile', 10, 2);\nfunction validate_turnstile($approved, $commentdata) {\n    $secret = 'YOUR_TURNSTILE_SECRET_KEY';\n    $token = $_POST&#91;'cf-turnstile-response'] ?? '';\n    \n    if (empty($token)) {\n        return new WP_Error('turnstile_required', 'Turnstile verification required.');\n    }\n    \n    $response = wp_remote_post('https:\/\/challenges.cloudflare.com\/turnstile\/v0\/siteverify', &#91;\n        'body' =&gt; &#91;\n            'secret' =&gt; $secret,\n            'response' =&gt; $token,\n            'remoteip' =&gt; $_SERVER&#91;'REMOTE_ADDR']\n        ]\n    ]);\n    \n    $body = json_decode(wp_remote_retrieve_body($response), true);\n    \n    if (!$body&#91;'success']) {\n        return 'spam';\n    }\n    \n    return $approved;\n}\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">4. Monitoring a forensn\u00ed anal\u00fdza<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Logov\u00e1n\u00ed pokus\u016f o spam<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ Komplexn\u00ed logov\u00e1n\u00ed comment aktivit\nadd_action('wp_insert_comment', 'log_comment_activity', 10, 2);\nfunction log_comment_activity($id, $comment) {\n    $log_data = &#91;\n        'comment_id' =&gt; $id,\n        'post_id' =&gt; $comment-&gt;comment_post_ID,\n        'author_ip' =&gt; $comment-&gt;comment_author_IP,\n        'user_agent' =&gt; $_SERVER&#91;'HTTP_USER_AGENT'] ?? '',\n        'referer' =&gt; $_SERVER&#91;'HTTP_REFERER'] ?? '',\n        'timestamp' =&gt; current_time('mysql'),\n        'status' =&gt; $comment-&gt;comment_approved\n    ];\n    \n    \/\/ Ukl\u00e1d\u00e1n\u00ed do custom log tabulky nebo file\n    error_log('COMMENT_LOG: ' . json_encode($log_data));\n    \n    \/\/ Detekce podez\u0159el\u00fdch vzor\u016f\n    if (is_comment_suspicious($comment)) {\n        \/\/ Posl\u00e1n\u00ed alertu administr\u00e1tor\u016fm\n        wp_mail(\n            get_option('admin_email'),\n            'Suspicious comment detected',\n            sprintf('Suspicious comment detected from IP %s on post %d', \n                $comment-&gt;comment_author_IP, \n                $comment-&gt;comment_post_ID\n            )\n        );\n    }\n}\n\nfunction is_comment_suspicious($comment) {\n    \/\/ Kontrola na zn\u00e1m\u00e9 spam patterns\n    $spam_indicators = &#91;\n        strlen($comment-&gt;comment_content) &lt; 5, \/\/ P\u0159\u00edli\u0161 kr\u00e1tk\u00fd\n        preg_match('\/https?:\\\/\\\/\/', $comment-&gt;comment_content) &gt; 2, \/\/ Mnoho link\u016f\n        preg_match('\/\\&#91;url=|\\&#91;link=\/', $comment-&gt;comment_content), \/\/ BBcode linky\n        empty($comment-&gt;comment_author_email), \/\/ Bez emailu\n    ];\n    \n    return array_sum($spam_indicators) &gt;= 2;\n}\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Datab\u00e1zov\u00e1 anal\u00fdza spamu<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ Funkce pro anal\u00fdzu spam koment\u00e1\u0159\u016f\nfunction analyze_comment_patterns() {\n    global $wpdb;\n    \n    \/\/ Top IP adresy s odm\u00edtnut\u00fdmi koment\u00e1\u0159i\n    $spam_ips = $wpdb-&gt;get_results(\"\n        SELECT comment_author_IP, COUNT(*) as count \n        FROM {$wpdb-&gt;comments} \n        WHERE comment_approved = 'spam' \n        AND comment_date &gt; DATE_SUB(NOW(), INTERVAL 30 DAY)\n        GROUP BY comment_author_IP \n        ORDER BY count DESC \n        LIMIT 20\n    \");\n    \n    \/\/ \u010casov\u00e9 vzory \u00fatok\u016f\n    $time_patterns = $wpdb-&gt;get_results(\"\n        SELECT HOUR(comment_date) as hour, COUNT(*) as count\n        FROM {$wpdb-&gt;comments} \n        WHERE comment_approved = 'spam'\n        AND comment_date &gt; DATE_SUB(NOW(), INTERVAL 7 DAY)\n        GROUP BY HOUR(comment_date)\n        ORDER BY count DESC\n    \");\n    \n    return &#91;\n        'spam_ips' =&gt; $spam_ips,\n        'time_patterns' =&gt; $time_patterns\n    ];\n}\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">5. \u00dapln\u00e9 vypnut\u00ed koment\u00e1\u0159\u016f<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Plugin Disable Comments<\/h4>\n\n\n\n<p>Nejjednodu\u0161\u0161\u00ed zp\u016fsob je pou\u017eit\u00ed pluginu <a href=\"https:\/\/wordpress.org\/plugins\/disable-comments\/\" target=\"_blank\" rel=\"noopener\">Disable Comments<\/a>:<\/p>\n\n\n\n<p><strong>Funkce:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kompletn\u00ed odstran\u011bn\u00ed UI pro koment\u00e1\u0159e<\/li>\n\n\n\n<li>Blokace v\u0161ech koment\u00e1\u0159ov\u00fdch endpoints<\/li>\n\n\n\n<li>\u010ci\u0161t\u011bn\u00ed existuj\u00edc\u00edch koment\u00e1\u0159\u016f<\/li>\n\n\n\n<li>Podpora pro custom post types<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Manu\u00e1ln\u00ed vypnut\u00ed<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ Kompletn\u00ed odstran\u011bn\u00ed comment syst\u00e9mu\nadd_action('admin_init', 'disable_comments_admin');\nfunction disable_comments_admin() {\n    \/\/ Odstran\u011bn\u00ed menu items\n    remove_menu_page('edit-comments.php');\n    remove_submenu_page('options-general.php', 'options-discussion.php');\n}\n\nadd_action('init', 'disable_comments_frontend');\nfunction disable_comments_frontend() {\n    \/\/ Odstran\u011bn\u00ed podpory pro koment\u00e1\u0159e ze v\u0161ech post types\n    $post_types = get_post_types();\n    foreach ($post_types as $post_type) {\n        if (post_type_supports($post_type, 'comments')) {\n            remove_post_type_support($post_type, 'comments');\n            remove_post_type_support($post_type, 'trackbacks');\n        }\n    }\n}\n\n\/\/ Blokace wp-comments-post.php\nadd_action('wp_loaded', 'block_comments_completely');\nfunction block_comments_completely() {\n    if (strpos($_SERVER&#91;'REQUEST_URI'], 'wp-comments-post.php') !== false) {\n        wp_die('Comments are completely disabled.', 'Comments Disabled', 410);\n    }\n}\n\n\/\/ Odstran\u011bn\u00ed z feeds\nadd_filter('comments_open', '__return_false', 20, 2);\nadd_filter('pings_open', '__return_false', 20, 2);\nadd_filter('comments_array', '__return_empty_array', 10, 2);\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">6. Optimalizace performance<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Datab\u00e1zov\u00e9 optimalizace<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>-- Vy\u010di\u0161t\u011bn\u00ed spam koment\u00e1\u0159\u016f star\u0161\u00edch ne\u017e 30 dn\u00ed\nDELETE FROM wp_comments \nWHERE comment_approved = 'spam' \nAND comment_date &lt; DATE_SUB(NOW(), INTERVAL 30 DAY);\n\n-- Optimalizace comment meta tabulky\nOPTIMIZE TABLE wp_commentmeta;\n\n-- Index pro rychlej\u0161\u00ed dotazy\nCREATE INDEX idx_comment_approved_date ON wp_comments(comment_approved, comment_date);\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Caching considerations<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ Invalidace cache p\u0159i nov\u00fdch koment\u00e1\u0159\u00edch\nadd_action('comment_post', 'clear_comment_cache');\nfunction clear_comment_cache($comment_id) {\n    $comment = get_comment($comment_id);\n    \n    \/\/ Vy\u010di\u0161t\u011bn\u00ed page cache\n    if (function_exists('wp_cache_flush')) {\n        wp_cache_flush();\n    }\n    \n    \/\/ LiteSpeed Cache\n    if (class_exists('LiteSpeed_Cache_API')) {\n        LiteSpeed_Cache_API::purge_post($comment-&gt;comment_post_ID);\n    }\n    \n    \/\/ W3 Total Cache\n    if (function_exists('w3tc_flush_post')) {\n        w3tc_flush_post($comment-&gt;comment_post_ID);\n    }\n}\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">7. Bezpe\u010dnostn\u00ed monitoring<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Server-level monitoring<\/h4>\n\n\n\n<p><strong>.htaccess advanced rules:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;IfModule mod_security.c&gt;\n    # Blokace spole\u010dn\u00fdch spam patterns v koment\u00e1\u0159\u00edch\n    SecRule ARGS:comment \"@detectSQLi\" \\\n        \"id:1001,phase:2,block,msg:'SQL Injection in comment'\"\n    \n    SecRule ARGS:comment \"@detectXSS\" \\\n        \"id:1002,phase:2,block,msg:'XSS in comment'\"\n    \n    # Rate limiting pro comment submissions\n    SecRule IP:comment_rate \"@gt 5\" \\\n        \"id:1003,phase:2,deny,status:429\"\n    \n    SecAction \"id:1004,phase:2,setvar:IP.comment_rate=+1,expirevar:IP.comment_rate=60\"\n&lt;\/IfModule&gt;\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Fail2Ban konfigurace<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code># \/etc\/fail2ban\/jail.local<\/code><\/pre>\n\n\n<p>[wordpress-comment-spam]<\/p>\n\n\n\n<p>enabled = true filter = wordpress-comment-spam action = iptables-multiport[name=wp-comment, port=&#8220;http,https&#8220;] logpath = \/var\/log\/apache2\/access.log maxretry = 5 bantime = 3600 findtime = 300 # Filter: \/etc\/fail2ban\/filter.d\/wordpress-comment-spam.conf [Definition] failregex = ^&lt;HOST&gt; .* &#8222;POST .*wp-comments-post\\.php.*&#8220; 403 ^&lt;HOST&gt; .* &#8222;POST .*\/wp-json\/wp\/v2\/comments.*&#8220; 40[13]<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Bezpe\u010dnostn\u00ed checklist<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"> Z\u00e1kladn\u00ed ochrana (must-have)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>[ ] Koment\u00e1\u0159e pouze pro p\u0159ihl\u00e1\u0161en\u00e9 u\u017eivatele<\/li>\n\n\n\n<li>[ ] Vypnut\u00ed pingbacks a trackbacks<\/li>\n\n\n\n<li>[ ] XML-RPC vypnuto nebo omezeno<\/li>\n\n\n\n<li>[ ] Antispam plugin (Akismet\/Antispam Bee)<\/li>\n\n\n\n<li>[ ] Automatick\u00e9 zav\u0159en\u00ed star\u00fdch koment\u00e1\u0159\u016f<\/li>\n\n\n\n<li>[ ] Moderace nov\u00fdch koment\u00e1\u0159\u016f<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pokro\u010dil\u00e1 ochrana (recommended)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>[ ] REST API endpoints zabezpe\u010den\u00e9<\/li>\n\n\n\n<li>[ ] wp-comments-post.php chr\u00e1n\u011bno<\/li>\n\n\n\n<li>[ ] CAPTCHA\/Turnstile implementov\u00e1no<\/li>\n\n\n\n<li>[ ] Rate limiting nastaveno<\/li>\n\n\n\n<li>[ ] Honeypot pole p\u0159id\u00e1na<\/li>\n\n\n\n<li>[ ] Behavioral analysis aktivn\u00ed<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Expert level (optional)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>[ ] Server-level filtering (.htaccess\/Nginx)<\/li>\n\n\n\n<li>[ ] Fail2Ban konfigurace<\/li>\n\n\n\n<li>[ ] Custom logging implementov\u00e1no<\/li>\n\n\n\n<li>[ ] Database optimization provedena<\/li>\n\n\n\n<li>[ ] Performance monitoring nastaveno<\/li>\n\n\n\n<li>[ ] Security headers konfigurov\u00e1ny<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Z\u00e1v\u011br a doporu\u010den\u00ed<\/h2>\n\n\n\n<p>Zabezpe\u010den\u00ed WordPress koment\u00e1\u0159\u016f vy\u017eaduje v\u00edcevrstv\u00fd p\u0159\u00edstup kombinuj\u00edc\u00ed spr\u00e1vn\u00e9 nastaven\u00ed administrace, technick\u00e9 ochrany a aktivn\u00ed monitoring. Nejefektivn\u011bj\u0161\u00ed je za\u010d\u00edt se z\u00e1kladn\u00edmi opat\u0159en\u00edmi a postupn\u011b p\u0159id\u00e1vat pokro\u010dilej\u0161\u00ed funkce podle pot\u0159eb konkr\u00e9tn\u00edho webu.<\/p>\n\n\n\n<p><strong>Kl\u00ed\u010dov\u00e9 body:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Prevention over cleanup<\/strong> &#8211; lep\u0161\u00ed zabr\u00e1nit spamu ne\u017e ho pozd\u011bji odstra\u0148ovat<\/li>\n\n\n\n<li><strong>Layered security<\/strong> &#8211; kombinace v\u00edce obrann\u00fdch mechanism\u016f<\/li>\n\n\n\n<li><strong>Regular monitoring<\/strong> &#8211; aktivn\u00ed sledov\u00e1n\u00ed a vyhodnocov\u00e1n\u00ed \u00fatok\u016f<\/li>\n\n\n\n<li><strong>Performance impact<\/strong> &#8211; v\u017edy zv\u00e1\u017eit dopad na rychlost webu<\/li>\n<\/ol>\n\n\n\n<p>Pro v\u011bt\u0161inu web\u016f posta\u010d\u00ed kombinace spr\u00e1vn\u00e9ho nastaven\u00ed v administraci, kvalitn\u00edho antispam pluginu a z\u00e1kladn\u00ed technick\u00e9 ochrany. Pokro\u010dilej\u0161\u00ed metody jsou vhodn\u00e9 pro weby s vysok\u00fdm provozem nebo specifick\u00fdmi bezpe\u010dnostn\u00edmi po\u017eadavky.<\/p>\n\n\n\n<p><strong>U\u017eite\u010dn\u00e9 extern\u00ed zdroje:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/codex.wordpress.org\/Comment_Spam\" target=\"_blank\" rel=\"noopener\">WordPress Codex &#8211; Comment Security<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/owasp.org\/www-project-web-security-testing-guide\/latest\/4-Web_Application_Security_Testing\/11-Client_Side_Testing\/11-Testing_for_Reflected_Cross_site_scripting\" target=\"_blank\" rel=\"noopener\">OWASP WordPress Security Guidelines<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.wordfence.com\/blog\/\" target=\"_blank\" rel=\"noopener\">Wordfence Security Blog<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/wordpress.org\/about\/security\/\" target=\"_blank\" rel=\"noopener\">WordPress Security White Paper<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u00davod: Pro\u010d je zabezpe\u010den\u00ed koment\u00e1\u0159\u016f d\u016fle\u017eit\u00e9 WordPress koment\u00e1\u0159e jsou jedn\u00edm z nej\u010dast\u011bji napadan\u00fdch vektor\u016f na webov\u00fdch str\u00e1nk\u00e1ch. Podle statistik Wordfence tvo\u0159\u00ed \u00fatoky na koment\u00e1\u0159ov\u00e9 syst\u00e9my v\u00edce ne\u017e 35% v\u0161ech automatizovan\u00fdch \u00fatok\u016f na WordPress. Spam koment\u00e1\u0159e nejen zhor\u0161uj\u00ed u\u017eivatelskou zku\u0161enost, ale mohou tak\u00e9 negativn\u011b ovlivnit SEO hodnocen\u00ed a v extr\u00e9mn\u00edch p\u0159\u00edpadech v\u00e9st k blacklistingu dom\u00e9ny. Jak<\/p>\n","protected":false},"author":1,"featured_media":8987,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_uag_custom_page_level_css":"","footnotes":""},"categories":[6,12,21],"tags":[],"class_list":["post-10477","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu","category-navody","category-stredne-pokrocily"],"acf":[],"uagb_featured_image_src":{"full":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2024\/04\/cyber-security-3400657_1280.jpg",1280,768,false],"thumbnail":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2024\/04\/cyber-security-3400657_1280-150x150.jpg",150,150,true],"medium":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2024\/04\/cyber-security-3400657_1280-300x180.jpg",300,180,true],"medium_large":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2024\/04\/cyber-security-3400657_1280-768x461.jpg",640,384,true],"large":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2024\/04\/cyber-security-3400657_1280-1024x614.jpg",640,384,true],"1536x1536":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2024\/04\/cyber-security-3400657_1280.jpg",1280,768,false],"2048x2048":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2024\/04\/cyber-security-3400657_1280.jpg",1280,768,false],"archive-list":["https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2024\/04\/cyber-security-3400657_1280-400x265.jpg",400,265,true]},"uagb_author_info":{"display_name":"Affinite","author_link":"https:\/\/affinite.io\/cs\/author\/affinite\/"},"uagb_comment_info":0,"uagb_excerpt":"\u00davod: Pro\u010d je zabezpe\u010den\u00ed koment\u00e1\u0159\u016f d\u016fle\u017eit\u00e9 WordPress koment\u00e1\u0159e jsou jedn\u00edm z nej\u010dast\u011bji napadan\u00fdch vektor\u016f na webov\u00fdch str\u00e1nk\u00e1ch. Podle statistik Wordfence tvo\u0159\u00ed \u00fatoky na koment\u00e1\u0159ov\u00e9 syst\u00e9my v\u00edce ne\u017e 35% v\u0161ech automatizovan\u00fdch \u00fatok\u016f na WordPress. Spam koment\u00e1\u0159e nejen zhor\u0161uj\u00ed u\u017eivatelskou zku\u0161enost, ale mohou tak\u00e9 negativn\u011b ovlivnit SEO hodnocen\u00ed a v extr\u00e9mn\u00edch p\u0159\u00edpadech v\u00e9st k blacklistingu dom\u00e9ny. Jak","_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/10477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=10477"}],"version-history":[{"count":2,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/10477\/revisions"}],"predecessor-version":[{"id":10482,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/10477\/revisions\/10482"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/8987"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=10477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=10477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=10477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}