wordpress comment spam

wordpress-comment-spamAre you fed up with the spam comments in your WordPress that is coming to you like non stop bomb from no where??. Are you affected by mass scale comment injection to your WordPress website, to slow down your website speed and loading?? Yes your unethical competitors may do that to you. Are you fed up with changing options from registered users to any one and anyone to registered users, so that you will be free from spam??. Installed word press spam plugins that will check captcha and still no luck??.

Ok this post may help you. (at least until the spammers find a new way)

WordPress comment spam Stopping

  1. Open wp-comments-post.php, by using notepad from your worldpress installation directory.
  2. Add the following code at starting of the file.  (You may need to know php little bit).  Done now you are safe from Bots trying to access you through back door. remember you will have to do this after each upgrade of wordpress.

(you have to manually add this to that file after each upgrade)

  1. you can post a comment to this post so that you can test it yourself.
  2. You can cut and paste this url in a new tab and you will see that our script is working (http://snydle.com/wp-comments-post.php)

When some body access this file this script checks the referrer URL with your domain name.  If does not find your domain name in referrer, it says “thanks for visiting me. Anyway no donuts for you now”. You can change the messages if you want or you can redirect to your home page by adding header. But I decided it is better not to redirect to index page as somebody can misuse it to overload our server.

Update: Hi all!!!. This is working. Yes. I did not have any spam comments for last one month. Regards

the above code will check up if the referring domain is the same domain. If the referrer is none or some other domain, the program will exit, thus preventing the bots from accessing your data base

History WordPress comment spam

I had tried lot of WordPress comment captcha plugin to stop spam comments. It worked for people coming through front door. In fact they were making sure that those people who is posting comments on your post is real humans. But it did not work for real spammers as they attack wp-comments-post.php directly. Their robots wish the front page Captcha a nice Hi and go directly to wp-comments-post.php. I found that all comment prevention plugins are standing in post page, looking for spam comments. But spammers were not coming through the post comment form, they were directly landing at wp-comments-post.php, bypassing the post page.

I tested this by deleting the wp-comments-post.php from my WP installation. And My WP commnets and spam commnets havve stopped. When this file disappeared the robots and spammers have no other way to post comments. But I love comments and I can not afford to run my sites without comments facility. So I decided to re install wp-comments-post.php after sanitizing it.

I found out that checking the referrer will solve the problem. Since comments are posted to our own post, the referrer should be same domain. Here is the code, that should be added at the top of the file named “wp-comments-post.php”. The file can be found at the main installation directory of word press.

I found out stopping the spam is the biggest problem in the word press. Everyday it appears in 100’s or 1000’s. You have to spend lot of time to maintain your wordpress installation clean and neat. There was also solutions available for this as plugins. Some will install captcha, or automatic maths etc etc. But it did not help me as instead of 1000 spam comments, it started getting 999 spam comments, as these plugins were only able to stop spammers who comes through post page. But the spammers were coming through back door. I was happy as these people reduced some spam, and I left it as it was. But it lasted only a couple of months.

One fine morning I got up with an email from my host telling that the server is too busy and overloaded, and they have to restrict the process to maintain the stability. That day was the Ramadan evening and I was ranking in the first page for “Ramadan wishes, Ramadan messages” etc etc. That made the things worst. Server was too busy to handle requests from Google and I was not even able to log into my dash board.  Some how I managed to login and I found that within one hour, somebody injected 35,000 comments to my WP installation and system has become too slow due to that. I started deleting the comments with 100 comments at a time and it added more load to the system. However I kept on with my work and as the comment volume is reduced the system picked up the speed and my job was getting more easier. Soon I realized that somebody deliberately done this, so that my first page position for Ramadan related key phrases will be affected.

how to stop word press spam

Anyway my first question was this? If he do the same in christmas and New Year what will be my situation?? I will be totally doomed. So I decided it should not happen again. One of the  solution was installing http://akismet.com/. But I did not like akismet policy. They make WordPress with comment loop hole and making money by selling Akismet to cover that loop hole. Which is not ethical. Especially when somebody is fighting with non ethical things like spam comments they should be ethical. Stopping spam comments in source code is not a rocket technology. But automattic never want to do it. So I ruled out that option.

So the only option is left for me is to find out why it is happening. So first thing what I have done is removed one file from WordPress installation, that is positing the comments in our data base. I have googled and checked my source code to make sure that is the file. I have waited about one month to make sure this file is culprit. Yes after that there is not even one comment appeared. (Spam or no spam)

The file is “wp-comments-post.php”

(If you do not want anybody to post any comments, (like business websites), then it is a good idea to remove that file. remember after each upgrade you have to delete that file).

WordPress and Me History

Note: This website is running on WordPress

I started my web publishing by my own php code, as that time I did not know that there is content management solutions existed. Later I found out that there is lot of content management solutions. I have tried lot of article management scripts, directory scripts etc. I Have tried WordPress before and I did not like very much as it was a so dull software at that time was suitable only for bloggers.

Later around 3 years I have found out that WordPress is advanced lot and positioned itself as most popular content management software available in the world. I have switched some of my website to WordPress and it was really a wonderful. SO I have changed lot of my installations to wordpress.

Add Captcha to comment form

Adding Captcha to give further security. there are lot of plugins are available. I am using google recaptcha. Since I need to solve the wordpress comment spam 100% I inplimented this code manually. This is to make sure that bugs in captcha plugin will not effect and I can get a realistic result. As far as my spam problem has solved 99.9%. The wordpress captcha plugin is available at


————————-Manual Step. How I implimented—————————-

Now you can install some captcha plugin so that spam comments that is coming after filling up the front page form automatically. To do this install some available plugines. However I have decided to install google Captcha. It is little bit hard and you will have to do it after each installation upgrade. However you can follow the steps below. you must know php coding and should be able to find out bugs and errors

  1. Visit Google captcha site. http://www.google.com/recaptcha/captcha
  2. click on get a captcha from left menu.
  3. click on signup now
  4. Give your domain name and create the key
  5. Now go tho this url https://developers.google.com/recaptcha/docs/php?csw=1 you will find the php code for your pages. Not not forget to change the public key and private key to yours.
  6. download recaptcha libery from https://code.google.com/p/recaptcha/downloads/list?q=label:phplib-Latest and upload to your root directoy of your site
  7. open this file” comment-template.php” from wordpress located at “wp-includes/” folder and add   (change public_key)
      $publickey = "your_public_key"; // you got this from the signup page
      echo recaptcha_get_html($publickey);
  8. Just before
    <input name="submit" type="submit" id="<?php echo esc_attr( $args['id_submit'] ); ?>" value="<?php echo esc_attr( $args['label_submit'] ); ?>" />
     <?php comment_id_fields( $post_id ); ?>
     <?php do_action( 'comment_form', $post_id ); ?>
  9. Upload recaptcaptcha libary from https://code.google.com/p/recaptcha/downloads/list?q=label:phplib-Latest to this folder
  10. Open file “wp-comments-post.php” from main folder and add the the following code just after the “require( dirname(__FILE__) . ‘/wp-load.php’ );” (change private key)
      $privatekey = "your_private_key";
      $resp = recaptcha_check_answer ($privatekey,
      if (!$resp->is_valid) {
        // What happens when the CAPTCHA was entered incorrectly
        die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
             "(reCAPTCHA said: " . $resp->error . ")");
      } else {
        // Your code here to handle a successful verification
  11. The above code must be inside <?php ?> or otherwise it may create error. You can add your <?php ?> or place it where I have specified.Yes you have done. Google captch will work for you. Remember you will have to do this after each upgrade




About Prasad 38 Articles
Hello I am from Melbourne. Thanks for visiting us