Ban IP to Stop WordPress Comment Spam Forever

By Posted 2008 Updated   BloggingSecurityTutorialsWordPress

WordPress spam comments is a big problem, but how can we stop, ban, block spam comments before they hit our WordPress blogs. A simple plugin can ban IP addresses of spammers and significantly reduce spam comments on your blog.

WordPress Anti Spam Tools

WordPress Spam Blocking Plugins: Most wordpress blogs use an amazing anti-comment spam tool called Akismet, but it is smart at identifying spam comments and moving them to the Spam Comments folder (it has blocked over a million spam comments here and you can’t even think of turning Akismet off). But what if you have to manually fish out any valid comments among hundreds of spam comments?

WordPress Comment Moderation: If you navigate to the WordPress Admin > Settings > Discussion, you will find 2 options

  1. Comment Moderation will hold a comment in the queue if it contains X (you decide, I keep it at 1) or more links. (A common characteristic of comment spam is a large number of hyperlinks.) So when a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be held in the moderation queue. 
  2. Comment Blacklist – When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be marked as spam. You can read more about these WordPress spam combating options.

So you block IP addresses via the blacklist, it will move all such comments to the spam queue, but that still means work for bloggers to screen for valid comments (unless you prefer to click “Delete all Spam”, which will also delete any useful comments, and invite query from readers as to why you deleted their comments). Did you know many valid comments are often blocked by Akismet and affected commentators can request Akismet to despam your valid comments.

Of course you can edit your .htaccess file to block some IPs, but how many times can you keep doing that manually?

Ban Spam IP: Stop Comment Spam

Welcome to WP-Ban, a very powerful wordpress plugin which helps you easily ban users by IP, IP Range, host name and referrer url from visiting your WordPress’s blog and prevent spam from ever reaching your comments. It will display a custom ban message when the banned IP, IP range, host name or referrer url tries to visit your blog.

The Ban Stats can reveal valuable info about spam attempts –
ip ban

Ever since I have enabled this plugin, my spam comments are nearly zero and I can now easily screen and approve any comment wrongly labelled as spam.

But there is a word of caution, do NOT block your own IP. Do NOT use wild cards to block a large number of IPs or domains carelessly or you could be blocking thousands of your own readers and search engine bots. If you simply block the IPs which occur too frequently in your spam comments, ban those IPs and see your spam reduce in minutes.


33 comments on “Ban IP to Stop WordPress Comment Spam Forever

  1. Tinh says:

    Thanks. I did read this in john chow blog

  2. Jacob Share from Group Writing Projects says:

    Here’s an example to illustrate why this is a bad idea.

    A spammer has tried to post the exact same comment on my site over 20 times in the past 2 weeks. Different articles most of the time, and SpamKarma2 says that *the captcha was filled in”. Best part? Each comment was from a different IP address.

    Many spammers use trojans to spread their garbage. By blocking those IPs, you’re blocking potential visitors as well.

    The best solution is to use plugins like Akismet, SK2, Wp-Spamfree, etc. that analyze incoming information based on many criteria and automatically decide how to treat it. Then tweak as you go.

    • QuickOnlineTips says:

      I only block IP addresses from which at least 10 definite spam comments come. That way I am sure I am not blocking my readers, and only a few most troublesome IPs are blocked. I let Akismet handle the rest.

  3. Mojo says:

    Hi,

    Sorry, but this is a truly terrible course of action to recommend. Spammers just don’t use IP’s that belong to them, so all you will block, at best, is compromised machines. Which means, if we are talking about Windows machines, an enormous number of them.

    The only thing that I can think of that is a worse idea than IP banning is banning entire countries based on IP ranges.

    Use Askimet, or Defensio, and if you are not happy with those, add recaptcha or similar.

    They’ll do the trick.

    • QuickOnlineTips says:

      Regular readers and commentators hate captchas. We then tried a maths plugin, which would just not accept the right total. When you get thousands of spam comments, you need a more aggressive tool.

  4. Susan says:

    This appears to be quite a handy plugin that many webmasters/blog owners should implement.

  5. Kalle says:

    I find it very ironic that immediately after scanning the headline of this post I clicked on the newest article and received an abrupt You Are Banned message for no apparent reason.

    Do you think that alienating a reader now and then is an acceptable downside to these spam protection measures?

    • QuickOnlineTips says:

      Thats strange. Since you accessed the first page from a particular IP, then accessed the new page from the same IP, why should it ban you. As far as I can tell, I have not banned your IP on our site. I need to investigate further.

  6. Lorelle says:

    I’m afraid most of these folks are right, and not right. Bad Behavior was a master at cleaning up comment spammers before they got to your blog, but that soon had many problems and couldn’t keep up with all the tricks comment spammers do.

    The best usage for the WordPress blacklist and Plugins like this is to specific deflect a troll or some individual you are having a problem with. Not for comment spam. Unfortunately, the web has some trolls so this is more common than you might realize.

    But for comment spammers slamming your site, this isn’t a good idea. It’s a giant time waster as they switch IPs and play a lot of games automatically where you have to do it manually. It’s a lot of work to maintain.

    There are some changes coming this year, there has to be, to make this flood of nasty on our blogs easier to handle, and seriously penalize the abusers. I’m so proud you are not using CAPTCHAs which absolutely do not work, but this technique has been tried repeatedly and found to be only temporary if anything.

    The warning, however, not to block your own IP or use a wild card in the WordPress blacklist and moderation list is very serious. I’ve seen people make a sweeping decision to block all XXX IP addresses or any URL ending in .RU and causing themselves a lot of headaches from users. That’s a good tip.

  7. Javi says:

    The best plugin i ever installed!!!!

    BRAVO for the author!!!!

    My spam is OVER now!!!

  8. Broman says:

    glad I can block ips now these spammers won’t stop

  9. AskYourPC says:

    Nice plugin. I installed it before I got spammed!

  10. Bob Firestone says:

    This is the plugin that I have been looking for. My WP site has been getting bombarded by comment spam from a know spambot with clearly identified IP’s.
    This isn’t a cure all for spam and should be used only in extreme cases. From 6 IP addresses I received 600 spam comments in the last week. This is the type of situation wp-ban should be used for.

    It is a tool to use in addition to other spam measures.

  11. Bob Firestone says:

    In the first 30 minutes after installing wp-ban it has already stopped the spambot 6 times. SWEET!!!

  12. Multi-Monitor says:

    I’ll have to try this out. It should make things a lot easier. I hate it when legitimate commenters get blocked. It’s bad for business!

  13. Bob Campbell says:

    You know folks, you can’t please everyone.. that sounds like the liberal way of doing things.. you get no results without positive action.. spammers use ip’s that are accessable to them.. if these ip’s get blocked by the server (httpd.conf or .htaccess) it just shortens the list of bad servers that are spamming and helps your server to work less. Why even accept an incoming BOT, email or comment when your server can stop them in their tracks. Sure, you may lose a few visitors, but you get to sleep at night not waking up to WordPress emails that have 50 website addresses in them..

    Cheers,
    Bob

  14. p1nk g33k says:

    Jacob Share hit the nail on the head. That’s exactly what I was thinking.

    The blog owner said that adding the IP address to the .htaccess file takes a long time, but you still have to do something similar with WP-Ban. So, I’d rather just mark comments as spam or delete them once I actually *see* the comment than just block certain IP addresses from posting to my site, when the abuser may be using a shared IP address from their ISP (or happen to be using the same proxy for whatever reason).

  15. JS says:

    I am using IP banning from my .htacceess file. I feel that this is the best option I have. It is the safer.

  16. Patrick says:

    Thanks, you know a place where i can get a huge list of IP’s? im setting up a code where you need a php include and all the IP’s are banned :D

    Super post though!

  17. Martin says:

    I read all comments and I think this is a great tool anyway. I understand that by blocking IP you may block other innocent users as well, mainly when sharing IP address, but when I started my blog I had a few spams a week and it was easy to manage through Akismet, now I have two blogs and the first is receiving circa 20 spams a day and the second one about 5 – 10 spams a day. About 60% are from the same IP address and I really got tired manually reviewing Akismet list and deleting all the scrap in there, so I wanted something, which would block these addresses at all without me bothering myself by manual deletion of it.

    I am also going to create an e-mail form and allow blocked user to send me a message that I am blocking him/her. If I will see in the stats that some blocked IP address has only one or two attempts in a month or so I will release it back, while heavy spammers remain on the black list.

    I was really tired of spending my time browsing and deleting all the crap manually. Thanks for this plugin.

  18. Mr.Carrot98 says:

    Putting results to work in therapy. ,

  19. bee says:

    Can U help me to BAN this Spammers IP (213.5.71.12) with Wp-Ban..??

    thnks.

  20. Adrian says:

    Nothing can stop 213.5.71.12 from spamming. I’ve tried everything. He’s the devil. IP Ban doesn’t work. Neither does .htaccess restriction.

  21. Kamal Hasa says:

    Well it’s good as long as the spammer is using the same ip address!

  22. henk says:

    If you don’t block spammers through htaccess but through filters, they will STILL come and visit your website and eat bandwith by autofilling forms and autopress buttons.

  23. henk says:

    How can we stop them for sending data, although they won’t get through with their messages?

  24. kensfi says:

    the question is: How do you determine the IP of the spammer? Is there any way so you can know at any time the IP? Is there a WP plugin or something?

    • QuickOnlineTips says:

      IP is listed beside every wordpress comments in the wordpress comment moderation screen.

      • kensfi says:

        That’s not the real IP, that’s the IP of the server. To prove it, every comment I receive has the same IP.

        • QuickOnlineTips says:

          When we find 100 spam comments with the same IP, we block it. Spam stops.

  25. customized name tags says:

    Comfortably, the article is in reality the greatest on this noteworthy topic. I concur with your conclusions and will thirstily look forward to your upcoming updates

  26. Surawung Tech says:

    Spot on with this write-up, I seriously feel this web site needs far more attention. I’ll probably be returning to read more, thanks for the info!

Leave a Reply

Your email address will not be published. Required fields are marked *




Next Article »
css.php