If you’re a WordPress user, then you’re probably upset with the amount of daily spam comments. Sure, there’s akismet, but here’s a little .htaccess trick to prevent spammers posting on your blog.
To achieve this recipe, simple paste the following code on your .htaccess file, located at the root of your WordPress install. Don't forget to specify your blog url on line 4.
Remember to ALWAYS create a backup when editing the .htaccess file.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
The above code looks for the referer (The url from where the page has been called) when the wp-comments-post.php file is accessed. If a referer exists, and if it is your blog url, the comment is allowed. Otherwise, the sapm bot is redirected and the comment will not be posted.
If you enjoyed this article, please consider sharing it!
Leave a Comment
- ModThemessave 15% off your purchase […]
- Zidalgo Themessave 20% on your order […]
- WooThemessave 20% on your purchase […]
- Autobloggedsave $40 on multi-site licence […]
- Kreative Themessave 50% on your purchase […]
- Smarter Themesave $5 on your order […]
- Classipress Themesave 20% on your purchase […]
- ReviewAZONsave $15 on your order […]
- Headway Themeget 20% off your licence […]
- Gorilla Themesget 10%off any theme […]
On Twitter : I should write a new tutorial "How to type and work with a cat on your knees"
Theme & content : Copyright © 2008 - 2010 Jean-Baptiste Jung. Graphic art by GreenBubbles.org.ua, all right reserved.
73 Responses
>the spam bot is redirected
So is reader that came from link in RSS or email. Or is using ad-blocker that clears referrers when moving between sites. etc
One more bad idea to deal with spam, don’t we have plenty already?
@Rarst: If the reader came from rss reader or email, he’ll comme to the post, and then left a comment.
The above code only blocks people or bots who directly access the wp-comments-post.php file, not everyone not comming from your blog.
Or, if you can’t access your .htaccess but CAN access your functions.php, add the following:
function check_referrer() {
if (!isset($_SERVER['HTTP_REFERER']) || $_SERVER['HTTP_REFERER'] == “”) {
wp_die( __(‘Please enable referrers in your browser, or, if you\’re a spammer, bugger off!’) );
}
}
add_action(‘check_comment_flood’, ‘check_referrer’);
@jbj
Thanks for clarifying.
I am no expert on how bots interact with page.
Still I am against using methods without control and ability to restore spammed comment.
@Joost de Valk: Thanks a lot for that brilliant php function! I’ll probably write a recipe with that one later.
@Rarst: No problem! Anyways Akismet blocks 99% of spams, but this recipe may be useful to some people I think.
>Anyways Akismet blocks 99% of spams
…and plenty of perfectly good comments. If my comments don’t get through at some blogs it’s almost always Akismet’s fault. And sometimes of that dumb “please enable cookies” plugin.
@Rarst: you have cookies disabled by default then? Why?
@Rarst: Yes, sometimes Akismet flags real comments as spam. Personally, I always checks Akismet queue before emptying it, to ensure that I’ll not delete a legitimate comment.
Browsing the web without cookies enabled by default might be hard, due to the large amount of sites who uses it. I know a guy who disable Javascript by default for security reasons (althought he’s using Firefox 3), and he have to manually allow the JS code…
@Joost de Valk
I have them enabled. But that dumb plugin often has another opinion.
Would this affect pingbacks and trackbacks?
@archshrk: I don’t think so, but I might do more test about it before I can give a 100% sure answer. Maybe someone here knows the answer?
Those are using trackback.php, WP Codex suggests to delete that file to disable them.
I really like the Function property!
Might have to check that out on my girls blog..
I think I’ll just stick with Akismet.. It’s better to inconvenience yourself than your visitors.
- Brad
That’s right, Brad!
This one is useful against spammers who use bots and software… but then again there are those who have their own scripts / techniques
I hate working on my htaccess, I don’t want to see another 500 error popping up, anyways, thanks for this recipe, my test site (which receives awful lot of spam as well) will use this for the mean time to see what happens.
This method does help ALOT, I actually blogged about a number of htaccess methods that help prevent spam about a month ago: http://thenexus.tk/htaccess-reviewed/
and also found this plugin by ‘ask apache’ (http://www.askapache.com/htaccess/htaccess-plugin-blocks-spam-hackers-and-password-protects-blog.html)
This is useful for people who are not htaccess tweaking happy but can use wordpress.
Nothing seems to be easier than seeing someone whom you can help but not helping.
I suggest we start giving it a try. Give love to the ones that need it.
God will appreciate it.
This is a pretty dumb idea, with good intentions. It doesn’t account for (loyal) RSS referrals.
Thanks for that.On one of my WP blogs a receive more then 50 spamm comments every day!
Excellent option. If you have to replace the names of fields in form – an end to spam in your blogs.
Hello to All the Guests and Members,
My computer worked not correctly, many errors. Help me, please to fix errors on my computer.
I used Win Vista.
Thanks,
Desimmege
Trackbacks: