The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

Fight to Comment Spam & Malicious Scripts (1 post)

  1. Soccerwidow
    Posted 4 years ago #

    I was trying to improve my security in order to reduce on comment spam by inserting following codes:


    # Protect from spam bots
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.domain1.com.* [NC]
    RewriteCond %{HTTP_REFERER} !.domain2.com.* [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]


    function check_referrer() {
    if (!isset($_SERVER['HTTP_REFERER']) || $_SERVER['HTTP_REFERER'] == "") {
    wp_die( __('Sorry we think that you are a spammer. If you are not a spammer try
    commenting again and if the problem continues contact us') );
    add_action('check_comment_flood', 'check_referrer');

    Further I removed the URL feature from the comment form.

    Unfortunately, the comment spam flood has not really changed since the introduction of these WordPress tweaks. I’m still getting approx. 50 spam comments daily. This spam is removed by Akismet, but still land in the spam queue for manual review, which is time-consuming and annoying

    Is there anything else what can be done? May I have a malicious script hidden on my website? How would I identify and find this?

    Thanks in advance for your suggestions, guys.

Topic Closed

This topic has been closed to new replies.

About this Topic