Something that’s been really grinding my gears lately is the amount of comment spam that I’ve been seeing in my moderation queue. Despite the fact that I use the very wonderful Akismet for WordPress, sometimes it can’t keep up with the flood coming down the proverbial tubes.
Something’s that’s really helped is a little bit of .htaccess magic that one of my coworkers sent me. What it does is keep people from hitting your wp-comments-post.php unless they’re submitting the request from your server. Of course headers can be forged, but it’s really proven to be quite useful to me. Because of this, I thought I’d be a nice guy share it with y’all. Peep this…
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
Naturally, you’re going to want to replace “yourdomain.com” with your actual domain — but other than that, it’s ready to go. Since I spend a lot of my day helping folks troubleshoot their WordPress installs and .htaccess rules, I’d really dig it if you’d refrain from asking questions. That’s right, this spot of code is supplied “as is”, kids.
Enjoy!