Join Jeff Starr for an in-depth discussion in this video Stop automated spam, part of WordPress: Developing Secure Sites .
- [Narrator] In this video, we use the htaccess file to prevent a common type of spam known as No Referrer spam. No Referrer spam happens when spammers target the WordPress comment script directly without actually visiting your website like a human being. Preventing this type of spam helps to save bandwidth and other server resources and also keeps your site looking clean and professional. Here we see the files and directories that are included in a default installation of WordPress. To protect against No Referrer spam, first open the htaccess-code snippet from the exercise files, copy the code and then open the htaccess file located in the root directory of your WordPress installation.
If an htaccess file doesn't exist, you can add the one that's included in the exercise files for this tutorial. Once you have the htaccess file in place go ahead and paste the snippet anywhere near the top of the file before any WordPress related code. The only thing we need to edit is this line right here. We want to change the example.com to match our own domain name. The domain name for our demo site is perishablepress.net so we just make that quick change and we're all set.
Next save and upload the file to your server. And once that's done we return to our demo site and check that everything is working properly. Everything looks good. So now let's check that the code is actually working and doing what it's supposed to do. Here is the URL of the comments post file that we are protecting. Let's copy the URL and then visit this extremely awesome request maker. Here we can enter the URL of our comments post file and up at the top here there is a drop down menu to set the request method, which we want to set as post because that's what spammers will be doing when requesting the file.
So let's pretend we're a spammer and click the Submit button to send our scummy spam comment. Excellent, as expected the post request returns a 403 forbidden response, which is perfect for stopping spammers from posting their garbage directly via the comment script and that's all there is to it. In this video we learn how to use the htaccess file to protect our site against spam. This helps from a security perspective and from a performance perspective.
No more leeching of resources means a better experience for our valued site visitors.
- Backing up and restoring your site
- Setting up strong passwords
- Understanding users and roles
- Choosing trusted plugins and themes
- Changing and recovering passwords
- Configuring authentication keys
- Securing the login page
- Fighting spam in the comments
- Blocking access and detecting hacks
- Building a firewall for WordPress
- Detecting and blocking bots
- Auditing your WordPress security