Reduce wordpress comment spam with .htaccess rules

I get quite a lot of spam comments on my wordpress blog, and even with things like akismet to try and detect and block spam I still get a lot. Some people have suggested using a mod_rewrite rule in apache to detect very obvious attempts to post unsolicited comments. The basic idea is that if anyone tries to submit a comment and they have not set a referrer in the HTTP headers of your site, then they probably aren’t doing anything near normal browsing. Also, a blank user agent is also only common if you have gone to the effort of not setting one.

Based on the mod_rewrite hack from http://www.wprecipes.com/reduce-spam-on-your-wordpress-blog-by-using-htaccess, I have my own slightly different version

<IfModule mod_rewrite.c>
  RewriteEngine On

  RewriteCond %{REQUEST_METHOD} POST
  RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
  RewriteCond %{HTTP_REFERER} !.*YOURSITE\.COM.* [OR]
  RewriteCond %{HTTP_USER_AGENT} ^$
  RewriteRule .* / [R=301,L]
</IfModule>

This basically rewrites the url back to / (edit the last line if you want to set it to somewhere else). The rule only works if the request is a POST request and for the wp-comments-post.php file, and either the referrer url was not your site or the user agent is empty. I can’t think of anything that sends blank user agents, so this should be pretty safe. All browsers should also send the referrer url, so again this should be pretty safe.

Don’t forget to change “YOURSITE\.COM” to your domain name

Related posts

About Anton Piatek

I am a Software Developer working for IBM, but a bit of a Ubuntu addict. I love cool tech toys, and am slightly obsessed by photography
This entry was posted in Misc. Bookmark the permalink.

One Response to Reduce wordpress comment spam with .htaccess rules

  1. Graham White says:

    Nice idea, I’d be tempted to redirect them to a “friendly off” page instead of / though ;-)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>