Improve Your Wordpress Comment SPAM Protection
A client contacted me a few days ago and requested that I add a few additional SPAM impediments to his Wordpress blog. These improvements were based on a post over at Shoe Money that has some excellent pointers.
Based on my quick investigation, it seems that suggestions 5 and 1 offer the most promise and the least complication.
Suggestion #5 is to block No Referrer Requests. Depending on your server configuration, you may need to play with the suggested .htaccess rule. I changed it from the original:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*shoemoney.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://whereyouwanttosendthem.com/$ [R=301,L]
The following rule is my modification, because the whereyouwanttosendthem.com url was not working correctly … simply appending to the end of the blog url instead of redirecting the page.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*myblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://www.myblog.com [R=301,L]
Suggestion #1 is excellent and simple. Rename your wp-comments-post.php file to anything you choose. Change the links that refer to this file in your comments.php template file and away you go. If you’ve implemented suggestion #5, you’ll need to change your .htaccess rule to reflect the new wp-comments-post.php file.
This is an excellent post by Shoe Money and the whole thing is worth a read!
October 3rd, 2006
