docwhat's avatardocwhat's blog

WordPress anti-spam recipe

Here’s a simple recipe to cut down on comment spam in WordPress. I assume you have basic understanding of Unix commands or can translate them to windows.

  1. Make a directory in the root of your WordPress file system called post.

  2. Create a file in the directory called index.php with the following contents:

    < ?php
    include("../wp-comments-post.php");
    ?>
  3. Modify the form comments.php in your theme to point to /post/ instead of /wp-comments-post.php

  4. Add the following RewriteRule to your “.htaccess” files to block “wp-comments-post.php”:

    RewriteRule ^/wp-comments-post.php - [F,L]

Is this a perfect solution? No, it isn’t; spammers will work around it, using scripts that read your blog posts first to get the correct page to post to. But it does slow down a spammer. To a spammer, time is money, so a mass-spammer will be less likely use it. For an unpopular blog like my own, it isn’t worth it for a spammer to work around this problem (or even notice it is a problem). However, if you own a super popular blog, this won’t add much protection because the reward to the spammer is high enough that the extra cost is worthwhile.

I hope this helps you. :-)

BTW: If you use the Permalink-Redirect plugin, then you can change that RewriteRule to:

RewriteRule ^/(wp-comments-post|wp-trackback).php - [F,L]

Why? Because nobody parsing your HTML will ever get a link to /wp-trackback.php!

Ciao!

Edit on GitHub