Spammer Prevention

I’ve had a rash of spam comments from a specific IP address. To solve this I’m using three things.

  1. Comment Blacklist. This is a function of Worpress that filters comments and marks them as spam. It’s in Discussion under Settings in the WordPress Admin section. Just add an unwanted IP address or a word you want to block, like “viagra” or something without quotes. One entry per line.
  2. .htaccess This is a great way to keep people out of things. Instead of getting my Spam folder clogged with 50+ messages from this bot I just put his IP address in a .htaccess in the main directory of my site.
  3. PHP code in wp-comments-post.php

Code and instructions for .htaccess files after the jump. Along with my first spammer’s IP address. I plan on creating a list of any spammers I get on this entry so check back from time to time.

    .htaccess Method

To make a .htaccess open a text editor and create a new file. Save it as All Files and name it .htaccess

Once you edit this file upload it to the directory you want to protect. For each IP you want to block on a new line write deny from XX.XX.XXX.XXX

Here’s the code:

order allow,deny
deny from
allow from all

    PHP Method

Create a text file in your WordPress directory called “commentblocklist.txt” and add each IP you want to ban on its own line. Paste this code into your wp-comments-post.php file after the opening

The following is just the code for blocking the IP addresses in the commentblocklist.txt file:

$file_handle = file_get_contents("commentblocklist.txt");

$block = explode("\n", $file_handle);

if (in_array ($_SERVER['REMOTE_ADDR'], $block)) {


This code includes a logging functionality:

$file_handle = file_get_contents("commentblocklist.txt");
$block = explode("\n", $file_handle);
if (in_array ($_SERVER['REMOTE_ADDR'], $block)) {
	$v_ip =$_SERVER['REMOTE_ADDR'];
	$v_date = date("l d F H:i:s");
	$fp = fopen("ips.txt", "a");
	fputs($fp, "IP: $v_ip - DATE: $v_date\n");


Or click here to download the complete file as a .txt then rename it with a .php extension and upload it to your server.

This reads the list, creates the array ‘$block’ and redirects banned users to Google. This is the most reliable and efficient way to block spam.

Here’s the list of spammer IPs:

This entry was posted in Site Development, Tips and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *