Never Get Any More Spam Comment on WordPress

Why Askimet is not enough?

Askimet is a powerful spam filter managed by the Automattic Team and whose efficiency is not to prove any more. The plugin gets its accuracy by analyzing millions of comments on blogs & websites.
With this huge data, Askimet makes a very good job at recognizing spams but from time to time it may let some of them pass through its filters. On the other way, it may also have some false positives, it means that a non-spammy comment could be considered as such mistakenly, it’s very rare but can still happen.

It’s no big deal, what’s so wrong then?
You may know that blogs are, along with forums, a preferred target of spammers and as a blog owner you will then get a lot of spams as long as you do not disable comments and I would definitely recommend you not to do that.
The other solution could be to require your visitors to log in to comment but this is in my opinion a impulsivity killer, and commenting is an impulsive act, a quick reaction to the content above… It has to be easy and fast or you won’t get much engagement for sure.

So you keep the comments opened and now you need to check your spam list from time to time, just to monitor… You’ll see that it’s really a pain. Good luck if you start to browse the comments, you’ll have to review dozens, maybe hundreds of messages that all look quite similar, you’ll end up by deleting them in batch, it’s not that serious but you may miss some legit comments.

Now you’re wondering what you can do avoid that I suppose, that’s good because I have your answer.

The best solution, edit your htaccess file (it’s a little technical)

By adding the following lines in your htaccess file, you can prevent most robots to submit comments to your blog. It simply checks that “someone” commenting comes from your website and from nowhere else, it’s basic but very efficient to simply ignore most bots & spamming softwares.

To find your htaccess file, you need to connect to the FTP server and go to the root of your blog/website. If you have enabled a custom URL structure for your permalinks it will be there, download it. Its content will be something like this:

1
2
3
4
5
6
7
8
9
10
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

If not create a file called .htaccess (on Windows it’s needed to put a file name, like a.htaccess). You will later upload it and rename it “.htaccess” once on the server, then you’ll have to change its chmod (access permissions) to “666″.

Open it with a text editor of your choice and add the code below, just before “”, and upload it back to the server:

1
2
3
4
5
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [L]

Replace “yourdomain.com” by your actual domain name on line 3.

You can also use plugins

If you don’t want to mess with the files, here are the two plugins I’ve selected, do not hesitate to comment my choice and to propose your alternatives.

Spam Free WordPress, I did not try this one but it looks promising and I would have given it a try if I did not use the method above which is largely enough. They announce zero false positive, if it’s true that’s definitely worse trying, it’s hard to confirm actually but let’s give its author the benefit of the doubt about this.

The captcha plugin… You guessed it, adds a captcha to your comment forms. It’s definitely not the best method around but in combination with Askimet it does a pretty good job, it’s what I’ve used before actually.

If you want to use the htaccess protection but don’t know how to implement it, contact me and I’ll be happy to help.

© Credit Photo: Hand with Anti-Spam sign by Brightdawn.