Support » Fixing WordPress » Fight to Comment Spam & Malicious Scripts

  • I was trying to improve my security in order to reduce on comment spam by inserting following codes:

    .htaccess

    # Protect from spam bots
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.domain1.com.* [NC]
    RewriteCond %{HTTP_REFERER} !.domain2.com.* [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
    </IfModule>

    function.php

    function check_referrer() {
    if (!isset($_SERVER[‘HTTP_REFERER’]) || $_SERVER[‘HTTP_REFERER’] == “”) {
    wp_die( __(‘Sorry we think that you are a spammer. If you are not a spammer try
    commenting again and if the problem continues contact us’) );
    }}
    add_action(‘check_comment_flood’, ‘check_referrer’);

    Further I removed the URL feature from the comment form.

    Unfortunately, the comment spam flood has not really changed since the introduction of these WordPress tweaks. I’m still getting approx. 50 spam comments daily. This spam is removed by Akismet, but still land in the spam queue for manual review, which is time-consuming and annoying

    Is there anything else what can be done? May I have a malicious script hidden on my website? How would I identify and find this?

    Thanks in advance for your suggestions, guys.

  • The topic ‘Fight to Comment Spam & Malicious Scripts’ is closed to new replies.