Blog Comments Bot Spamming Protection – Easy Solution
Just deleted 250 spam comments manually one by one. Oh! it was hell of a job alright… Finally I figured it out that I have to add some plugin to stop spamming. I have tried some but some of those did not work and some I did not like. I have tried Captcha God Father, Cryptograph, mycaptcha, simple captcha, Spam Karma and yacaptcha. One of these was not generating image; one of these was generating image but was not validating it and was always giving error of wrong code and one of these was more then 1MB size with hell of instruction. Spam Karma was accepting every comment in spite of the fact that I have checked the option of always moderate a comment and it also approved a comment with three links when I have put limit of two comments. I figured it out that I will have to search more in this regard to find some Captcha Plugin. Easy to install and with less code from WordPress Plugins directory.
One of the thing which I am noticing is that most of the comments are auto fired. I mean some kind of softwares or bots are firing rubbish comments with loads of rubbish links towards my wp-comments-post.php file which is putting these into my moderation queue.
Alright I will design my own captcha. Simple one. But for now I have a solution to cope with auto bots and spiders or nasty softwares which generate spam. Note starting <?php and ending ?> in file at your blog root named as wp-comments-post.php. This is the file which takes comments and ads it into your database. If we add some sort of check into it that only and only requests from the same domain at which your blog is will be processed further then I think we can get rid of auto mass spamming problem. Ok Follow the isntructions…
Open wp-comments-post.php in any editor. Modify it accordingly
wp comments post.php File modification
Be careful and try this at your own risk. Backup the file first. Try this and auto bot spamming will be blocked. I have applied it and now I can see no more auto comments from bots like with hundreds of URLs. What this code does, it checks the referrer, if the request is coming from the same domain (in case the form was posted) then it will allow the file to execute its rest of the code otherwise it will simply exit.