Comment spam (invalid string parties or links written in comments) is a very annoying problem if you have the comment function enabled in WordPress.
In this article, we will explain how to prevent spam written via robots (which automatically write comments) from HTACCESS files.
Automatic spam comment writing, how to prevent comments from being written by spambots
Please include the following code in your HTACCESS file.
RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .wp-comments-post.php* RewriteCond %{HTTP_REFERER} !*mysite.com.* [OR]. RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
*Please put the domain name of your site in the place of mysite.com
If the referrer (record of the previous page) of the visitor who is trying to post a comment is not your site’s domain, or if the user agent (containing information such as the browser version) is empty, this code will prevent the user from writing to the site. The code is designed to prevent the user from writing to your site.
Preventing users accessing via proxy from writing comments
Next, let’s try to prevent spammers from posting comments if they are accessing the site via a proxy (i.e., accessing the site through an intermediary server with a hidden IP address).
Please put the following code in your HTACCESS file.
RewriteEngine On RewriteCond %{REQUEST_METHOD} ^POST RewriteCond %{HTTP:VIA} ! ^$ [OR]. RewriteCond %{HTTP:FORWARDED} ! ^$ [OR] RewriteCond %{HTTP:USERAGENT_VIA} ! ^$ [OR] RewriteCond %{HTTP:X_FORWARDED_FOR} ! ^$ [OR] RewriteCond %{HTTP:X_FORWARDED_HOST} ! ^$ [OR] RewriteCond %{HTTP:PROXY_CONNECTION} ! ^$ [OR]. RewriteCond %{HTTP:XPROXY_CONNECTION} ! ^$ [OR] RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} ! ^$ [OR] RewriteCond %{HTTP:HTTP_CLIENT_IP} ! ^$ RewriteRule wp-comments-post\.php - [F].
This code here reads various attributes of the accessing user and blocks comment posting if the proxy contains a distinctive string.
We may be able to easily and dramatically reduce spam comments with these measures. Please try it.
WordPress Doctor security plugin that also has a spam blocking function
Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].