Here’s a simple recipe to cut down on comment spam in WordPress. I assume you have basic understanding of Unix commands or can translate them to windows.
Make a directory in the root of your WordPress file system called
Create a file in the directory called
index.phpwith the following contents:
< ?php include("../wp-comments-post.php"); ?>
Modify the form
comments.phpin your theme to point to
Add the following RewriteRule to your “.htaccess” files to block “wp-comments-post.php”:
RewriteRule ^/wp-comments-post.php - [F,L]
Is this a perfect solution? No, it isn’t; spammers will work around it, using scripts that read your blog posts first to get the correct page to post to. But it does slow down a spammer. To a spammer, time is money, so a mass-spammer will be less likely use it. For an unpopular blog like my own, it isn’t worth it for a spammer to work around this problem (or even notice it is a problem). However, if you own a super popular blog, this won’t add much protection because the reward to the spammer is high enough that the extra cost is worthwhile.
I hope this helps you. :-)
BTW: If you use the
Permalink-Redirect plugin, then
you can change that
RewriteRule ^/(wp-comments-post|wp-trackback).php - [F,L]
Why? Because nobody parsing your HTML will ever get a link to
So, the downside to this is that you need to add exceptions for things like wp-amazon (ttancm version).
In addition, if you have rewrite rules for using wp-admin-ssl, you’ll have to modify them so that wp-content/plugins/wp-admin.php is accessible via https.
Finally, there is a thread on the wp-hackers mailing list about the idea of hiding /wp-content files. Specifically, Otto has several good reasons why hiding wp-contents makes no difference, since it hackers won’t scan for a plugins, they scan for vulnerabilities.
Except for inactive plugins, it doesn’t matter if someone can scan for a plugin.