{"id":223,"date":"2015-10-06T20:35:40","date_gmt":"2015-10-06T20:35:40","guid":{"rendered":"http:\/\/www.ahosting.net\/blog\/?p=223"},"modified":"2025-10-20T10:26:40","modified_gmt":"2025-10-20T10:26:40","slug":"five-ways-you-can-keep-your-wordpress-site-spam-free","status":"publish","type":"post","link":"https:\/\/www.ahosting.net\/blog\/five-ways-you-can-keep-your-wordpress-site-spam-free\/","title":{"rendered":"Five Ways You Can Keep Your WordPress Site Spam-Free"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">WordPress and spam go together like highways and traffic jams. Everyone agrees that the former is indispensable, but desperately wishes it could exist without the latter. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">The good news is that unlike with gridlock, there IS something you can do about WordPress spam. Quite a bit, actually. And that\u2019s where we come in.<\/span><!--more--><\/p>\n<h2><span style=\"font-weight: 400;\">First, Install An Antispam Solution<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The most obvious solution to our problem is to take a look at one of the many anti-spam plugins available for WordPress, as installing one will deal with a lot of the more obnoxious bots that target WordPress sites. As for which one you should install? <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Honestly, it\u2019s really a matter of preference. <\/span><a href=\"https:\/\/wordpress.org\/plugins\/wp-spam-fighter\/\"><span style=\"font-weight: 400;\">WP Spam Fighter<\/span><\/a><span style=\"font-weight: 400;\"> is a pretty decent choice, though <\/span><a href=\"https:\/\/wordpress.org\/plugins\/akismet\/\"><span style=\"font-weight: 400;\">Akismet<\/span><\/a><span style=\"font-weight: 400;\"> is largely held to be the best tool on the market. <\/span><span style=\"font-weight: 400;\">There are others<\/span><span style=\"font-weight: 400;\">, of course<\/span><span style=\"font-weight: 400;\"> &#8211; the best advice I can give here is to do a bit of research, and see which one catches your fancy.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Second, Tweak Your Comment Settings<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">If your anti-spam plugin doesn\u2019t seem to be stopping EVERY spammer (or you just want to make absolutely certain your WordPress blog has ironclad protection) then your next step is to modify your comment settings. You\u2019re going to want to do the following: <\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Hold comments for moderation (optional): Most anti-spam plugins are made to block bots. Holding comments for moderation will let you pick out human spammers, as well. <\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Close down comments on older posts: This will reduce the volume of spam comments you have to sift through and delete, in addition to giving spammers fewer avenues through which they can attack your site. <\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Only allow comments from registered users: Not surprisingly, most spambots don\u2019t have WordPress accounts. <\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">Third, Ban Spam IP Addresses<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Next up, install a plugin like <\/span><a href=\"http:\/\/lesterchan.net\/wordpress\/readme\/wp-ban.html\"><span style=\"font-weight: 400;\">WP-Ban<\/span><\/a><span style=\"font-weight: 400;\">. This utility can be used to ban any IP address that tries to spam your blog. Over time, this will allow you to create a blacklist of spammers and reduce the volume of bots targeting your site. You can also do this manually, if you really want to, but I wouldn\u2019t recommend it &#8211; especially on larger sites, it can get overwhelming.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">One word of caution here, <\/span><a href=\"https:\/\/www.maketecheasier.com\/5-ways-to-reduce-comment-spam-on-wordpress-blogs\/\"><span style=\"font-weight: 400;\">as noted by Soumen Halder of Make Tech Easier<\/span><\/a><span style=\"font-weight: 400;\">, is that you shouldn\u2019t get too generous with your bans. Remember that banning an IP means that every visitor from that particular hostname is unable to access your blog. It\u2019s therefore recommended that you only focus on banning repeat offenders. <\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Fourth, Use .htaccess To Block Bots<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Our fourth tip, <\/span><span style=\"font-weight: 400;\">courtesy of Mastermind Blogger<\/span><span style=\"font-weight: 400;\">, is to modify your core WordPress files to tighten your blog\u2019s security. By adding a few lines of code, you\u2019ll automatically deny access to anything that visits your site without a referrer. Bots, in other words.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Write the following into your .htaccess file, replacing yourwebsite.com with your actual URL:<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\"># Protect from spam bots<\/span><\/i><\/p>\n<p><i><span style=\"font-weight: 400;\">&lt;IfModule mod_rewrite.c&gt;<\/span><\/i><\/p>\n<p><i><span style=\"font-weight: 400;\">RewriteEngine On<\/span><\/i><\/p>\n<p><i><span style=\"font-weight: 400;\">RewriteCond %{REQUEST_METHOD} POST<\/span><\/i><\/p>\n<p><i><span style=\"font-weight: 400;\">RewriteCond %{REQUEST_URI} .wp-comments-post\\.php*<\/span><\/i><\/p>\n<p><i><span style=\"font-weight: 400;\">RewriteCond %{HTTP_REFERER} !.yourwebsite.com.* [OR]<\/span><\/i><\/p>\n<p><i><span style=\"font-weight: 400;\">RewriteCond %{HTTP_USER_AGENT} ^$<\/span><\/i><\/p>\n<p><i><span style=\"font-weight: 400;\">RewriteRule (.*) ^http:\/\/%{REMOTE_ADDR}\/$ [R=301,L]<\/span><\/i><\/p>\n<p><i><span style=\"font-weight: 400;\">&lt;\/IfModule&gt;<\/span><\/i><\/p>\n<h2><span style=\"font-weight: 400;\">Lastly, Try A Bit Of PHP Magic<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Our last tip <\/span><a href=\"http:\/\/davidwalsh.name\/about-david-walsh\"><span style=\"font-weight: 400;\">comes to us courtesy of Mozilla\u2019s senior web developer, David Walsh<\/span><\/a><span style=\"font-weight: 400;\">. And it\u2019s definitely a doozy. According to Walsh, there was a time when his blog was receiving over 8,000 spam comments a day, and nothing was working to prevent them. He tried every single tip in the book save for locking comments behind CAPTCHA. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Eventually, he grew frustrated and took matters into his own hands. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201c<\/span><span style=\"font-weight: 400;\">My solution was allowing the generic anti-spam solution: adding an INPUT to the form which should remain empty during the submission process,\u201d writes Walsh. \u201cEmpty in value but present via key: \u00a0the premise is that bots that read form inputs would populate the form field values with rubbish just to make sure submissions weren&#8217;t rejected based on empty values.\u201d <\/span><\/p>\n<p><span style=\"font-weight: 400;\">At this point, <\/span><a href=\"http:\/\/php.net\/manual\/en\/function.isset.php\"><span style=\"font-weight: 400;\">he added the following isset check<\/span><\/a><span style=\"font-weight: 400;\"> to his site\u2019s PHP: <\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">function preprocess_new_comment($commentdata) {<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i> <i><span style=\"font-weight: 400;\">if(!isset($_POST[&#8216;is_legit&#8217;])) {<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i> <i><span style=\"font-weight: 400;\">die(&#8216;You are bullshit&#8217;);<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i> <i><span style=\"font-weight: 400;\">}<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i> <i><span style=\"font-weight: 400;\">return $commentdata;<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i><i><span style=\"font-weight: 400;\">}<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i><i><span style=\"font-weight: 400;\">if(function_exists(&#8216;add_action&#8217;)) {<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i> <i><span style=\"font-weight: 400;\">add_action(&#8216;preprocess_comment&#8217;, &#8216;preprocess_new_comment&#8217;);<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i><i><span style=\"font-weight: 400;\">}<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">Comments that fail that check are automatically rejected. Now, he admitted that this means users without JavaScript support are unable to comment. In the interest of addressing that issue, he also included the following JavaScript code, configured to execute upon comment submission: <\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">var form = $(&#8216;comment-form&#8217;);<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i><i><span style=\"font-weight: 400;\">new Request({<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i><i><span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0url: form.action,<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i><i><span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0method: &#8216;post&#8217;,<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i><i><span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0onRequest: function() {},<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i><i><span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0onSuccess: function(content) {},<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i><i><span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0onComplete: function() {}<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/i><i><span style=\"font-weight: 400;\">}).send(form.toQueryString() + &#8216;&amp;is_legit=1&#8217;);<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">According to Walsh, in the two weeks since he implemented his solution, he received no spam comments whatsoever. <\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Closing Thoughts<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Spam is an unavoidable fact of hosting a website on WordPress. It doesn\u2019t need to adversely affect your users, though. Thankfully, there\u2019s no limit to the range of available tools and tactics with which you can moderate it.<\/span><\/p>\n<p>Image: Flickr\/<a href=\"https:\/\/www.flickr.com\/photos\/63056612@N00\/155554663\/sizes\/z\/\">freezelight<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress and spam go together like highways and traffic jams. Everyone agrees that the former is indispensable, but desperately wishes it could exist without the latter. The good news is that unlike with gridlock, there IS something you can do about WordPress spam. Quite a bit, actually. And that\u2019s where we come in.<\/p>\n","protected":false},"author":2,"featured_media":224,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-223","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts\/223","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/comments?post=223"}],"version-history":[{"count":4,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts\/223\/revisions"}],"predecessor-version":[{"id":275,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts\/223\/revisions\/275"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/media\/224"}],"wp:attachment":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/media?parent=223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/categories?post=223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/tags?post=223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}