WordPress Plugin to Block Spam Comments

I don’t receive many real comments from actual humans on my posts, but I do receive a lot of annoying spam comments each day. It’s a nuisance to regularly empty the spam folder, but I prefer to leave the option to post comments open for the rare occasion when someone has a follow-up question or comment. There are many WordPress plugins available to block spam, however, they are typically overkill for a small site like mine. I wrote this plugin to provide a simpler solution to block the majority of spam comments. It is not meant to block every possible method that spammers have for generating comments, but it will block the vast majority. The intent was also to avoid employing user obstacles such as CAPTCHAs and other challenge-response tests.

I’ve had this plugin running on my site for several months and I have not had any spam comments.

Add the below code to a .php file and upload it to your plugin directory. Once uploaded, activate the plugin from your dashboard and it will begin blocking spam comments for your site.

The plugin uses three methods to filter spam comments:

  • Timestamp Method: If a comment is submitted in less than 15 seconds after viewing the page or after more than an hour, then the comment will be rejected as spam. The time thresholds should be adjusted to meet your individual needs. I’ve noticed that most spam comments are submitted within 5 seconds after viewing the page.
  • Honeypot Method: Many automated tools for generating spam comments will blindly add data to every available field in a form. The honeypot method adds a non-visible field to the comment form that will cause a comment to be rejected as spam if any information is submitted in the field.
  • Link Counter Method: If a comment includes 2 or more URLs in the comment body, then the comment will be rejected as spam. The number of allowed URLs in a comment should be adjusted to meet your individual needs. Spam comments generally have multiple URLs included in the comment body.

Blocking Referrer Links Through htaccess

In recent months, I’ve noticed a lot of incoming links from undesirable sites. I suppose any traffic is good traffic, but I would prefer to not have my content found through these spam sites. While I can’t prevent other sites from including a link to my site or copying my content, I can prevent them from directly linking to my images (hotlinking) or having users directed to my site from these other sites. With a little regular expression magic and my htaccess file, I can force an error to be returned or redirect the links somewhere else.

The first line instructs Apache to enable the runtime rewriting engine which allows it to process the subsequent rewrite conditions and rules.

This first section will block any requests where the originating site or referral site matches the established rewrite conditions. In this example, the conditions block requests from any site in the .cc, .eu and .ru top-level domains. The second condition line blocks requests from specific domains. The RewriteRule forces a 403 forbidden header to be returned to the originator.

This next section handles image hotlinking by redirecting any requests for .jpg, .jpeg, .gif or .png files where the originating request is not from my site. The RewriteRule forces a 403 forbidden header to be returned to the originator.

With everything together, the htaccess file should include the following in addition to any site specific htaccess code: