WordPress Step-by-Step Guide to Stop Automated Comment Spamming


Spam is a four-letter word. The kind of four-letter word that leaves people wrinkling their noses with offense. It clogs inboxes and has found its way into the comment sections of favorite periodicals. Spam taints the user experience. Worst of all, it doesn’t even require a human being to troll pages one-by-one. Automated bots can disrupt your reputable website without even visiting your page. These obviously automated comments, known as No Referrer Spam, will slow your bandwidth and server resources while also diminishing the quality of your site.

What exactly is No Referrer Spam?

No Referrer Spam (also called log spam, referrer bombing, or referral spam) is a common WordPress infection when spam is robotically scripted directly into your comment section without actually visiting the site. The entire purpose of spam bots of this nature is to target search engines through your site to boost traffic to their own site. These scripts are often URLs in attempts to redirect your site visitors under the guise of genuine reference. If a spammer never even visits the site these unwelcome deposits are sometimes called Ghost Spam. No Referrer Spam can also affect third-party analytics, making it harder for you to determine genuine site successes. If your Google Analytics account gets infected by this type of spam, it can affect your rankings in multiple search engines.

The robotic spam movement is becoming a more prevalent problem, affecting sites of all calibers. It is important to protect your site, if nothing more than for the sake of your visiting customers and your sanity. No referrer spam also jams up your analytics, you can’t get an accurate reading of activity on your site. Furthermore, a slew of no referral spam will clog up your server, slowing down your load rate. In the age on instantaneous results, your customers will not appreciate coming across this issue.

If you aren’t sure how to identify this type of spam (though it is usually pretty obviously), you can check your referrals report on your account dashboard to compare bounce rates. Sort your report in descending order to reveal which accounts have the highest bounces. These most likely are your culprits.

referral report

What are the Benefits to Blocking No Referrer Spam?

If the reasons above aren’t enough to convince you no referrer spam is bad news, consider the respectability and reputation of your business and website. If you want to maintain a strong and legitimate web presence, you need to cultivate quality content. Too many bad links, and you will decrease your credibility. The size of your internet platform determines how much spam you can get away with ignoring. An internet powerhouse like Amazon can ignore copious amounts with no harm done, but a small, local business is going to suffer if more than a few referrer links make it through.

So how do you prevent this No Referrer Spam from affecting your site? Here are a few simple steps to follow to keep your WordPress site from falling prey to these automated attacks.

Before you start doing anything, it is highly recommended to back-up your website or use a test site.

How to Protect Your WordPress Site

There are a few ways you can guard your site against no referrer spam, but the method we are focusing on here is a preventive measure. The best way to protect your WordPress site is to insert special coding into your .htaccess file. This code will block any incoming referrer spam by inhibiting the offending URL from gaining access to your comment section, and all it takes is four easy steps.

  1. First, using an FTP client, navigate to your root folder.
  2. Then, open the .htaccess file in this folder of your version of WordPress.
  3. Copy the blow code and paste this it in your version of WordPress before any other coding.
  4. Save and load to your server.

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_REFERER} !example.com [NC]
RewriteCond %{REQUEST_URL} /wp-comments-post\.php [NC]
RewriteRule .* – [F,L]

You will need to make one small change, however, if using this provided code. Make sure you change “example.com” to reflect your sites domain name.

Testing the Results

After posting and saving this coding addition, the final thing to do is go back to your demo site to ensure everything translated over correctly and will thoroughly protect your comment section. To do this, copy the URL of your comment section.

For example: example.com/wordpress/wp-comments-post.php

Run this URL through a request maker site, such as www.requestmaker.com. Before running your URL through the request maker, you will want to select ‘Post’ from the drop-down selections. This is the process spammers go through to post commentary to your WordPress site. To fully test your new protective code, make a test comment in the comment section and select ‘Submit.’ If your code implemented successfully, it should return a 403 Forbidden response.

This will stop scammers from dumping shady commentary or fictitious referrals into your comment section. Once this step is complete you are ready to apply this fix to your real site.

Your New and Improved Protected Comment Section

Four simple steps are all it takes to ensure your WordPress site comment section is protecting from the scripting trying to spam your site. This protection keeps your bandwidth open, server resources directed towards more productive tasks, and provides an additional level of security for your website. You will also better ensure your visitors are genuine, quality visitors, rather than the dreaded Ghost Spam which
confuses your analytics.

A process that takes you five minutes can save you hours of clean-up and attempting to reestablish a respectable internet presence. You don’t want spam to affect your Google and other search engine rankings or frustrate your customers. Take the time to efficiently and effectively block robots from linking to unaffiliated sites, and rest easy knowing your website is operating on a whole new level of security. When you protect your site, you can better direct your resources and guarantee an optimized user experience for all your visitors.

WordPress Step-by-Step Guide to Stop Automated Comment Spamming
Scroll to top