We know that there are great spam plugins like Akismet to prevent comment spam, but some user has reported that some genuine comments get filtered out by the plugin, and other plugins don’t do a good job at all. WordPress has provided a few tips on how to prevent spam in Combating Comment Spam. I will provide alternative and simple ways to stop spam.
In a quick note, I have implemented all of these solutions, don’t have any spam plugin installed and I have not had any spam for a long time.
Comment form nonce
If you are not going to implement all the solutions shown here, this is the single most important item that you want to implement in your blog.
One of the Security features that WordPress uses to protect forms in the administration area is the use of nonce fields. We are going to use this feature to protect our comment form also. If you want to learn more about nonces visit the WordPress website WordPress Nonces, wp_nonce_field .
Add this code to your functions.php file, the code will add the nonce field to your comments form and will check the value when the form is submitted.
function add_comment_form_nonce_field( ){ wp_nonce_field( 'anti_spam_nonce_field' ); } add_action( 'comment_form', 'add_comment_form_nonce_field' ); function check_comment_form_nonce_field(){ if( !wp_verify_nonce( $_REQUEST['_wpnonce'], 'anti_spam_nonce_field') ) die('Security check failed'); } add_action( 'pre_comment_on_post', 'check_comment_form_nonce_field');
Comment Blacklist and Moderation
Something that will take about a minute is to add a few words in your comment blacklist and moderation list located under setting > discussion. These are the most common words used by spammers, if you are not sure about some of the words used in the blacklist move them into moderation, unless you selling viagra, cell phones or jordan’s shoes you should be fine.
Moderation
iphone cellulite several web links topic
url= insurance useless traffic nofollow cellular phones article= bing.com/ yahoo.com/ google.com/ facebook.com/ moncler penis viagra .in/ Pinterest Posting Pinterest Friending Jordan shoes Jordan's anabolics steroids saclvuitton.com mesbags.com gfashionstyle.com akb48 Runescape gold couture uk Soccer Jersey phentermine buyprovigil buynolvadex buyeffexoronline buydoxycycline buysomaonline buydiazepam buytestosterone buyhydrocodone buyvaltrex buytramadolonline buyamoxicillin /buy 43yearold vicodin line/# tramadol louboutin louis vuitton gmbal.com/ nemw.org/ goowork.co.jp testosterone make money online make money from home ccfn.com alprazolam renom.com/ sweetspringsalmon.com/ concorso-dsga.it/ marcedeslewis.com/ westchestersquash.com/ theyflyblog.com/ anabolic steroids goldendolls.com/ kineticorept.com/ mths.org/ affiquetlingerie.com.br silvertoncustomhomes.com/ maywoodfinearts.org/ howtomakefriedrice-recipes.blogspot.com/ fashiononlinebuy.com/ duudder.com/ mulberrybagsxsalesonline. squidoo.com/ itbagonline.com/ notoverthehill.com/ naprzegladarkegry.blogspot.com/ china90ccatvgoggles.atvpartsbest.com/ heatherandheidi.com/ myteendating.com/ ccccccd.com wetoldtwofriends.com/ mortalpath.com/ reconquistar2.com/ parassuominetticasino.com/ minecraft Cigarettes fauccinia sheexiscehaxy free betting abercrombie Nike Free /converse-japan- /jimmychoo/ /lv-japanese- /chloe-jp- /rimowa-xr- /jimmychoo-yu- /louisvuitton- /nikeshoes- /jerseys- /chrome-japanese- /pradasale Nike Air Max Zapatillas KareemEi jp/chanel- cheap real jordans /menu/chanel nhl-jerseys /rolex/ グ ネ チ ャ ブ イ ザ ベ ル マ ラ -jersey michael-kors beats- jordan- -kensington
htaccess file
Restricting submission to the comment-post.php to requests coming from your domain, is another simple thing that you can do to stop spam. Login into your server and located the .htaccess file and add the following code. The code will work with your subdomains too. Replace YOURDOMAIN with your site’s domain.
RewriteEngine On RewriteCond %{REQUEST_URI} /(comments-post|setup)\.php$ RewriteCond %{HTTP_REFERER} !.*YOURDOMAIN.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
Cloudflare
Another feature that you can implement in your site to stop spam is Cloudflare . This is a bit more complicated to implement, because it requires to change your nameservers. Cloudflare has security services built-in like treat detection, SQL injection and DOS protection, and excessive robot crawling prevention plus it will improve your sites performance.
Your domain namesaevers will have to point to Cloudflare and you will manage your DNS using the Cloudflares administration interface. Implement only If you are comfortable working with DNS.
Comments
2 responses to “Block WordPress comment spam with no plugin”
Great post and simple solution, but will the addition of a nonce field interfere with a plugin solution, like Automattic’s IntenseDebate?
In you are using a plugin like IntenseDebate, it is already using nonce fields to validate submissions and you don’t need to add it. Other plugins are probably not using nonce fileds but if they are well written there should not be any conflicts.