Overcoming Comment Spamming on WordPress

The problem of spam comments can become a serious problem at times. WordPress blogs and websites can be customized to deny any access to comment spammers. This can be done through a simple process. When a comment is sent to your weblog, the IP address is included in the packet of information that travels with that comment across the internet. However, since spammers are notorious for hijacking IP addresses, so it is possible that the IP address attached to a spam item is, in fact, “stolen” from a legitimate internet-connected device.

IP addresses usually have a slight variation in the complete address, for example,, and are three separate IP addresses. You can add the IP addresses to be blocked without having to type a complete IP address and dropping the last subscript. For example, 192.168 would screen any IP address that starts with192.168. It saves you having to type in lots of individual numbers.

The .htaccess file – which also controls your permalinks – can be used to completely block an IP from even seeing your site. You can place this either in your site root, or the directory where your blog is.  Following the example of .htaccess that is present in the root directory of a website.

The actions taken are as follows:

Deny from

Access is denied to that IP alone

Deny from 156.156.156.*

Access is denied to ALL users whose IPs start with 156.156.156

Deny from 189.189.*.*

Again, anyone at all with an IP that starts 189.189 is blocked.

So a total of 256*256 unique IP addresses are blocked. The blocked visitors won’t see your web page; instead they would see 403 error page.

In a similar way, access can also be denied to no referrer requests. The mechanism for no referrer requests is that when your readers comment, the wp-comments-post.php file is accessed, does its thing, and creates the post. The user’s browser will send a “referral” line about this. When a spam-bot comes in, it hits the file directly and usually does not leave a referrer. This allows for some nifty detection and action direct from the server. If you are not familiar with Apache directives, then write the following in your root directory .htaccess file:

The above mechanism would detect when a post is being made, and check to see if it is on wp-comments-post.php. Then it would check if the referrer is in your domain or not. If not, it would send the spam-bot back to its originating server’s IP address. So what it does is to deflect the spam-bot back to the address which originated it.

Through above simple steps, you can pretty much get rid of the annoying problems of spamming and useless referrer requests.

Looking for a quality hosting service? here are a few I suggest.
BlueHost | HostGator | Media Temple
Ali has been an entrepreneur in web, video and related technologies. Having worked with many business across the globe, Ali stands truly a great pillar in the business working with him.