Here’s what to do when spam comments don’t stop spamming URLs and links in WordPress.
Why and what is the purpose of WordPress spam comments that won’t stop?
By default, anyone can post comments on WordPress.
This means that hackers can use malicious programs from the outside to automatically post a large number of comments on large WordPress sites with links for SEO purposes or to direct people to malicious sites.
In some cases, the hacker may also want to send an email notification to the administrator of the site, who will be notified of the comment.
Spam comments can be written by anyone (even via malicious software) on sites where comments are enabled, so a large number of spam comments does not mean that the site has been hacked.
How can I control spam comments?
There are several comment-related settings on the WordPress site that can be set to disable comments or require administrator permission for comments to appear on the site.
These settings can be found in the WordPress administration page > Settings > Discussion.
However, even if the setting is set to require administrator permission, a large number of spam comments may be recorded in the comment list on the admin page.
Fundamentally stop unauthorized spam comments.
The following three measures can dramatically reduce the number of spam comments themselves.
1 Comment form capture
Attach a capture to the comment form, such as a calculation problem that only a human can solve. This capture has the effect of preventing spam comments from being written because the spam comment software used by hackers cannot solve it.
2 Prohibition of posting comments via proxy
A proxy is a mechanism that is often used to mediate access and hide the original source. Since spam comments are often written via proxy servers, the system judges comments made via proxy servers and prevents them from being written.
The following entry in the WordPress HTACCESS file will block access if a proxy server-specific string is included in the originating request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^POST
RewriteCond %{HTTP:VIA} ! ^$ [OR].
RewriteCond %{HTTP:FORWARDED} ! ^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} ! ^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} ! ^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_HOST} ! ^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} ! ^$ [OR].
RewriteCond %{HTTP:XPROXY_CONNECTION} ! ^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} ! ^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} ! ^$
RewriteRule wp-comments-post\.php - [F].
3 Prohibit comments on accesses without referrers
Referrer is the data from which page the user has navigated to the current page. Since software that writes spam often does not have this referrer, it is prohibited to write comments on accesses without a referrer.
You can prohibit comments from accesses without a referrer by writing the following in your WordPress HTACCESS file.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$
RewriteCond %{HTTP_REFERER} ! (^.*\:}{{{Http_REFERERRER}} [NC,OR])
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* http://127.0.0.1 [L]
*Please refer to the article below for how to delete a large amount of comment spam already!
WordPress WordPress How to delete a large number of spam comments in bulk and how to deal with spam comments.
Easily suppress comment spam with a plugin
You can easily take the above 3 measures by using [ Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
You can suppress comment spam by selecting the Malware Scan > Security tab > Advanced radio button (or Security Level: Medium or higher) in the plugin.
