Just deleted 250 spam comments manually one by one. Oh! it was hell of a job alright… Finally I figured it out that I have to add some plugin to stop spamming. I have tried some but some of those did not work and some I did not like. I have tried Captcha God Father, Cryptograph, mycaptcha, simple captcha, Spam Karma and yacaptcha. One of these was not generating image; one of these was generating image but was not validating it and was always giving error of wrong code and one of these was more then 1MB size with hell of instruction. Spam Karma was accepting every comment inspite of the fact that I have checked the option of always moderate a comment and it also approved a comment with three links when I have put limit of two comments. I figured it out that I will have to search more in this regard to find some captcha plugin. Easy to install and with less code from Wordpress Plugins directory.

One of the thing which I am noticing is that most of the comments are auto fired. I mean some kind of softwares or bots are firing rubbish comments with loads of rubbish links towards my wp-comments-post.php file which is putting these into my moderation queue.

Alright I will design my own captcha. Simple one. But for now I have a solution to cope with auto bots and spiders or nasty softwares which generate spam. Note starting <?php and ending ?> in file at your blog root named as wp-comments-post.php. This is the file which takes comments and ads it into your database. If we add some sort of check into it that only and only requests from the same domain at which your blog is will be processed further then I think we can get rid of auto mass spamming problem. Ok Follow the isntructions…

Open wp-comments-post.php in any editor.

After <?php add these lines

if ($_SERVER['HTTP_USER_AGENT'] == “” || $_SERVER['REQUEST_METHOD'] != “POST” || strstr(strtolower($_SERVER['HTTP_REFERER']), “http://www.yourdomainname.com”) == false)
{
echo “No spam please”;
exit();
}
else
{

:::: wp-comments-post.php file rest of code here ::::

And before ending ?> in this file add }

And you are done.

Full example

<?php
if ($_SERVER['HTTP_USER_AGENT'] == “” || $_SERVER['REQUEST_METHOD'] != “POST” || strstr(strtolower($_SERVER['HTTP_REFERER']), “http://www.yourdomainname.com”) == false)
{
echo “No spam please”;
exit();
}
else
{
:::: wp-comments-post.php file rest of code here ::::
}
?>Black code is mine, orange code is of file. But be careful and try this at your own risk. Backup the file first.
Try this and auto bot spamming will be blocked. I have applied it and now I can see no more auto comments from bots like with hundreds of URLs.

As soon as I get some free time I will write my own captcha and post it here. Till then stay safe.
O! and if you have any good captcha plugin then please do let me know.