Reduce wordpress comment spam with .htaccess rules

I get quite a lot of spam comments on my wordpress blog, and even with things like akismet to try and detect and block spam I still get a lot. Some people have suggested using a mod_rewrite rule in apache to detect very obvious attempts to post unsolicited comments. The basic idea is that if anyone tries to submit a comment and they have not set a referrer in the HTTP headers of your site, then they probably aren’t doing anything near normal browsing. Also, a blank user agent is also only common if you have gone to the effort of not setting one.

Based on the mod_rewrite hack from, I have my own slightly different version

<IfModule mod_rewrite.c>
  RewriteEngine On

  RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
  RewriteCond %{HTTP_REFERER} !.*YOURSITE\.COM.* [OR]
  RewriteCond %{HTTP_USER_AGENT} ^$
  RewriteRule .* / [R=301,L]

This basically rewrites the url back to / (edit the last line if you want to set it to somewhere else). The rule only works if the request is a POST request and for the wp-comments-post.php file, and either the referrer url was not your site or the user agent is empty. I can’t think of anything that sends blank user agents, so this should be pretty safe. All browsers should also send the referrer url, so again this should be pretty safe.

Don’t forget to change “YOURSITE\.COM” to your domain name

Related posts

About Anton Piatek

Professional bit herder, amateur photographer. Linux and tech geek
This entry was posted in Misc. Bookmark the permalink.

1 Response to Reduce wordpress comment spam with .htaccess rules

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.