Stop Spammers Accessing your wp-comments-post.php File

Spammers use some bots/software to post comments on our wordpress blog. I know there are many methods are available to fight against spammers. But most of the time all those methods fails or they are not really that efficient. Here is one of the .htaccess method where we are going to block spammers IP address for accessing wp-comments-post.php file.

These days I was receiving almost 40+ spam comments with same IP address. I was searching for a solution to fix this problem. But most of those guide which I have found are not that efficient. Because, some guides suggest blocking spammers IP address to stop accessing your  wordpress blog itself. I don’t think this is an efficient method. Why because, these spammers don’t use their original IP address, they use proxies to do these spam work.

If you block some spammer IP address today, tomorrow the same IP address maybe used by genuine user to visit your blog. Because you have blocked that IP address to prevent spam, now you’re also blocking genuine users as well. So this is really not an efficient method. We are loosing our visitors by our foolish steps.

Instead of that, here is an another method. How about blocking only comments function? Yes, this works. I was receiving 40+ spam comments for almost one week daily with the same IP address. I followed this method, and from the next day itself I stopped receiving all those spam comments.

Block wp-comments-post.php for Spammers IP address:

block comment spammers by .htaccess on wordpress

To block spammers leaving comments, open you .htaccess file and paste the below code on it and save that file.

# protect wp-comments-post.php
<files wp-comments-post.php>
order allow,deny
deny from
deny from
deny from

Don’t forget to replace the above IP address with spammers IP address who are leaving spam comments on your blog.

What this code will do is, it blocks users from posting comments on your wordpress blog with the IP address that you have added. By this way users can access content, but he cannot able to post a comment.

This method really works if you are receiving spam comments only from the same IP address.

I usually remove those IP address after 1 or 2 months. Because by that time spammer might removed your blog form his list. By this way we don’t block any genuine commenters as well.

Click Here to Leave a Comment Below 2 comments
Munna Hossain - August 18, 2016

I am looking for this article. Because I want to secure my site from spammers. Thanks you very much.

Rudolf - April 11, 2017

You have a point there regarding blocking IPs but if you use a firewall plugin, offender’s IP addresses are blocked for a period of time.
This is much more convenient then manually block/unblock IPs via .ht access.


Leave a Reply: