WordPress Icon Logo

Written by me@grafxflow

12 Jan, 2014



Block spam comments with the htaccess

As all WordPress administrators know the constant issue with new spam and having to block spam comments can become irritating on a daily basis. Most plugins you find will actually just add a captcha code (random generated code) to the comment form or other similar options. But the real issue is that automated spam usually bypass this altogether and goto the following file on the server - 'wp-comments-post.php'. As long as a post has the option to leave comments then that's all they need.

Now the following is not guaranteed to block spam full-stop. That will never happen but it should make a big difference.

In the home directory of the server there is a '.htaccess' file, simply add this bit of code making sure to change the domain name with your own - where is says your-domain.com below. Remember that I put ADD not REPLACE. Plus I will add that you must be careful when editing this file since it can affect your website and server.

# Stop spam comments
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.*your-domain.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

So what is this doing... well from my understanding it is checking that all calls to the 'wp-comments-post.php' file are actually from pages on your own website, not remotely via automated spam robots.

Add comment

Smart Search

132 Following


Hull, United Kingdom

I am a Full-stack Developer who also started delving into the world of UX/UI Design a few years back. I blog and tweet to hopefully share a little bit of knowledge that can help others around the web. Thanks for stopping by!