Block WordPress spam comment with .htaccess

Block WordPress spam comment with .htaccess


If you have self hosted WordPress and always got lots of spam comments and getting frustrated by trashing them each day, you may actually block or reduce them through your .htaccess Apache configuration file.

Most spammer attack your comment box not through the blog post but they actually access through your wp-comments-post.php file. Here is how you can stop them from attacking your blog with spam and at the same time stopping the unnecessary server load.

You can find the .htaccess file  in your root of WordPress installation folder have a basic setting written and there’s no existing security configuration on it.

Just add the rules as below.

# Protect from spam comments
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*xyz.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>

.xyz is referring to your blog root or best put your domain name by the way.

Make sure you have make a backup of your original .htaccess rules before apply the spam blocking rules to prevent unnecessary mess ups.

About the Author

12 thoughts on “Block WordPress spam comment with .htaccess

  1. TechStation BG - June 27, 2011 at 1:10 pm

    After the last Akismet update my blogs didn’t receive a single spam comment. So I guess it does a pretty good job too, but it never hurts to get one more way to immune your precious blogs from spammers. Has anyone tried this method already?

  2. Bogart - June 28, 2011 at 3:58 pm

    I tried your tutorial but it doesnt work. I think its working only from Apache based site. Right? Anyway great work sir, this would prevent automated SEO softwares for commenting.

  3. Evon
    Mick Genie - June 28, 2011 at 10:22 pm

    @TechStation BG It’s another way to prevent spam 😀

    @Bogart Yes, these is applied for Apache based, IIS 6.0 ISAPI rewrite and IIS7 APE sites. Not for other web services. 🙂

  4. Tutspress - July 5, 2011 at 11:33 am

    Wow very simple method.. Thanks for sharing. The spammers will be die lol.

  5. Ajnabii - February 23, 2012 at 8:56 am

    Thanks for nice post, i will try this then i will post here with results.

    keep writting good articles!

Share your thoughts with the community