Support » Fixing WordPress » WordPress invites referrer spam?

  • Before I get flamed on this, let me make it clear that I love WP and don’t regret the migration from MT. But…

    In over two years of using MT I’ve gotten just a light smattering of referrer spam. In less than one week using WP, I’ve been “blessed” with thousands of such lovelies. 🙁

    Is there a connection? Seems strange it would suddenly explode, but perhaps that’s all it is…serendipity. I have to wonder, though, especially in light of my anticipated move to build quite a few client sites using WP as a CMS…am I opening Pandora’s box here unwillingly?

    As for combating the evil slime, blocking it from appearing in the logs is one thing, but apparently you can also deny it via various .htaccess methods (as I’m exploring here). Still, a lot of maintenance to keep up with, and that’s something I never had to do running MT sites.


    (PS: Want to mention *again* that I love WP before anyone misreads this post as a knock on WP…more that I want to understand if WP is an aphrodisiac to those-who-should-be-staked-and-tortured, otherwise known as referrer spammers. 🙂 )

Viewing 9 replies - 1 through 9 (of 9 total)
  • Moderator James Huff


    Halfelf Minion 🚀

    All sites get as much referrer spam as others, it just matters how high you are in Google’s search rankings. I know PHPNuke and Drupal sites which are getting more referrer spam than I’m getting now, and I get at least 25/day. For a good tutorial on blocking referrer spam, see this:

    True, but jumping from a few hundred a week to a few thousand *a day* seems a bit out of the ordinary. It is possible, of course, that WP is more effective at increasing my Google ranking, but I’m not sure why that’s the case. Or, since Google reindexed my site perhaps the spamslimes have a way of harvesting fresh meat?

    And, it is highly possible of course, that this week was just “my turn” on the dance floor… 🙁

    Read this thread for a possible solution –

    I don’t get referral spam anymore and neither do any of the blogs I manage. In fact, I don’t get any kind of spam. I’m probably opening the challenge door to spammers by stated that I don’t get any spam anymore.

    I started getting hit with major referral spam back when I was using ExpressionEngine. When I switched to WP, I also created a new domain for the site. I kept the old domain running as a means of letting people know of the change. I monitored my referrals afterwords, and found that my old domain started slowing down in referral spam and my new domain was getting a trickle, but not nearly the amount I was getting.

    I too have a way of dealing with referral spam that is actually fitting. I have a small .PHP file that when it sees a referrer that I have said is bad, redirects the referral back to that site. So when a referral spammer trys hitting my site, he’s just hitting his own instead. 🙂 Here’s a link to the article:

    I would guess that the recent explosion in popularity of blogging in general has just made the spammers focus their attention on the big publishing platforms. WordPress is the up-and-comer, and it is loved by Google. Spammers love Google. Google loves WordPress. Ergo we get spammed. Simple internet equation, really.

    Thanks for the suggestions (bounce-back script looks promising). So far I have a persistant one, with changing domain prefixes and rotating ips…which so far has gone right past the deny statements and referrer-deny-wildcard lines in the .htaccess. I’ve contacted my hoster about this, so we’ll see what they say.

    gvtexas, I’ll bet the domains all have the same IP or group of about 5 IPs. The link to the thread I gave you has php code that checks the “domains” IP and bounces it back to their own site(s). If you send me a list of the domains, I’ll check them for you since I’ve already found many that are leading to 5 IPs. You can send them to glo(at)

    Thanks, Glo, check your inbox. 🙂

    It seems they’ve stopped, hopefully because I corrected the wildcard syntax in the .htaccess file to address subdomains. But I’m going to try out the bounce-back script after a bit and see if that sates my revenge muse…

    There is a new tool to fight referrer spam called… Referrer Karma. By the same guy that did Spam Karma. It works perfectly.

    It will let false-positives into the site, but will strip the referral out of the picture so that it won’t show up in referral lists/logs.

    He even shows how you can use the blacklist the script creates inside your .htaccess file to block the spammers from even getting to the site.

    I’ve been using it for about a week now and it works great. It has a nice interface for changing blacklist entries into white and whitelist entries into black. Just incase Referrer Karma misses one.

    It’s easy to install, and works with any website, not just WP.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘WordPress invites referrer spam?’ is closed to new replies.