Thursday, August 17, 2017
728x90 V3

Stop WordPress bot spam comments

The main motive of all the spam comments i get backlinkg or free trafics for spammer website. Spam comments really big headache for administrators today. Most administrators want to improve the quality of their sites bearing comments in real time. If you do not use methods of preventing spam, your articles will be converted into a graveyard spam.

The most spams todey is sent usging same software as xrumer or scrapebox. That software making generic content for spam, usually not contextually connected with your post.

What spam bot doing?

Spam bot not open your site and find places to post comment. Spam bot post directly on your wordpress php file wp-comments-post.php

Disabling Direct Access to wp-comments-post.php apache and nginx.

If you are disable direct access to wp-comments-post.php, only commet who come from yout site will be posted.


<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !.*yourdomainname.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L] </IfModule>


location ~* (wp-comments-post|wp-login)\.php$ {
valid_referers *;
if ($invalid_referer) {
return 403;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
fastcgi_pass unix:/var/run/php5-fpm.sock;

restart nginx

Now allow comments post without moderation.

wordpress comments without moderation
wordpress comments without moderation

Same spammers have right refferal and simulate to your server that is your real visitors. To prevent smart spammers I’m using cookie check. If you are using Google analytics, good option is to test wp-comment-post.php visitor cookie. If real visitor who open your site they will be have Google analytics cookie. Add one line for apache .htacces
RewriteCond %{HTTP_COOKIE} !^.*_gat.*$ [NC]
or nginx

if ($http_cookie !~* "_gat"){
return 405;

Now your site is ready. Go to Comment Blacklist and Comment Moderation filed and enter keyword to prevent swearing. Add swearing words form your language.

About misho

Check Also

How to replace media in WordPress

You have got only one picture and you want to change it, you want to ...

Leave a Reply

Your email address will not be published. Required fields are marked *