Comment spam (invalid string parties or links written in comments) is a very annoying problem if you have the comment function enabled in WordPress.
In this article, we will explain how to prevent spam written via robots (which automatically write comments) from HTACCESS files.

Automatic spam comment writing, how to prevent comments from being written by spambots

Please include the following code in your HTACCESS file.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !*mysite.com.* [OR].
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

*Please put the domain name of your site in the place of mysite.com

If the referrer (record of the previous page) of the visitor who is trying to post a comment is not your site’s domain, or if the user agent (containing information such as the browser version) is empty, this code will prevent the user from writing to the site. The code is designed to prevent the user from writing to your site.

Preventing users accessing via proxy from writing comments

Next, let’s try to prevent spammers from posting comments if they are accessing the site via a proxy (i.e., accessing the site through an intermediary server with a hidden IP address).
Please put the following code in your HTACCESS file.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^POST
RewriteCond %{HTTP:VIA} ! ^$ [OR].
RewriteCond %{HTTP:FORWARDED} ! ^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} ! ^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} ! ^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_HOST} ! ^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} ! ^$ [OR].
RewriteCond %{HTTP:XPROXY_CONNECTION} ! ^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} ! ^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} ! ^$
RewriteRule wp-comments-post\.php - [F].

This code here reads various attributes of the accessing user and blocks comment posting if the proxy contains a distinctive string.

We may be able to easily and dramatically reduce spam comments with these measures. Please try it.

WordPress Doctor security plugin that also has a spam blocking function
Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

Related Posts:

  1. 5 security measures that can be taken in WordPress just by writing HTACCESS
    Here are some security measures that can be taken simply by including the settings in HTACCESS....
  2. WordPress security, prevent SQL injection with HTACCESS
    We will explain how to prevent SQL injection to improve WordPress security....
  3. WordPress site defacement hacking for SEO purposes. what is SEO spam?
    The most common type of WordPress tampering these days is the hacking of WordPress sites for SEO purposes. We will explain this SEO spam....
  4. HTACCESS and Index.php files tampered with again in an instant in WordPress
    We would like to introduce a case of WordPress tampering in which the HTACCESS and Index.php files were instantly tampered with again, even after the malware was removed. Tampering that resurfaces even after deleting and deleting This malware is a backdoor that is planted in other websites on the server. Each time the site is accessed, the malware examines the...
  5. Powerful waf 6G firewall that can be done by simply writing in htaccess in wordpress
    Introducing the powerful waf (web application firewall) 6G firewall, which you can simply write into htaccess....
  6. What to do if you can no longer rewrite or delete HTACCESS due to wordpress tampering
    Here is what to do when you can no longer rewrite or delete HTACCESS due to WordPress malware infection (tampering)....