I love WordPress as a platform, but one of its downfalls is that it is a big target for spammers and bots. Today I’m going to share a couple of tips with you on how to minimise if not eradicate spam comments and the potential weaknesses that are targeted by bots.

Register your site with Akismet

First things first, don’t forget to register your site with Akismet. This will give you a key for the plugin that should automatically be installed with WordPress. It’s there for a reason and is great at stopping widespread spam.

Using .htaccess to prevent spam bots accessing your comments file

One trick that spam bots use is posting directly to the wp-comments-post.php file of your WordPress theme. This allows them to post comments without loading the site potentially avoiding any front end security measures you have put in place.

We can stop this by blocking access to the file directly using the .htaccess file. This can be found at the root of your WordPress install. Open the .htaccess file and paste in the following code at the bottom. Don’t forget to replace ‘yourdomainname’ on line 5 with your websites domain name.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !.*yourdomainname.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>

Remove autolinks in comments

When a comment is posted that contains a url, wordpress changes this into a link by default. This is something that bots and spammers use to their advantage. We can stop this very simply by adding the following line of code into your themes functions.php file.

remove_filter(‘comment_text’, ‘make_clickable’, 9);

This will remove wordpress’s automatic linking function.

With these 3 simple tips, you will be well on your way to stopping spam comments and link injection.