Prior to identifying that the reason why my site was so slow, I contacted a couple of WordPress experts to try and find out what was causing the problem.
Once I told Viper007Bond what was causing the problem, he gave me what is probably the simplest and best way to stop comment spam before it even hits your chosen spam filter (I’m using SK2, rather than Akismet at the moment as it gives me more control).
Viper007Bond’s tip was to change the name of the comment submission page:
You can actually rename wp-comments-post.php or whatever it’s called to something else and then edit your theme’s comments.php to point at the new file. I don’t believe it’ll cause any problems and it’ll result in bots that are hard coded to POST being blocked
I decided to give it a go and it worked perfectly and my 350 spam messages a minute has gone down to nearly 0 per hour!
Here’s what I did:
- I made a copy of my wp-comments-post.php file, which is in the the root of all WordPress installations
- I renamed this file wp-nospamcomments-post.php and uploaded it to the WordPress root directory
- I then removed all the content from wp-comments-post.php and left a message for spammers
- I then opened comments.php in my theme folder (wp-content/THEME FOLDER) and changed the following line:
< form id=”commentform” method=”post” action=”/wp-comments-post.php”>
< form id=”commentform” method=”post” action=”/wp-nospamcomments-post.php”>
Now, robots, which are responsible to about 95% of spam, that are setup to automatically post spam messages to ‘wp-comments-post.php’ are failing!
This has allowed me to dispense with using Bad Behaviour, which is good news, as I’m not a big fan of spam solutions that don’t allow mistakes to be rectified in real-time. Bad Behaviour may have been blocking a lot of spam, but it was also blocking genuine commentators (I’d already had two people contact me with problems). My spam solution now consists of:
- Firewall rules on my server: – Blocks IP addresses of known spammers
- Math Protection Spam Plugin: – Checks to see if commentators are human (and whether they can add up!)
- Changed The name of Comment Submission Form: – Stops robots coded to use wp-comments-post.php
- SK2: – Great spam protection plugin
- Me: – Last line of defence correcting any errors
I recommend that all WordPress users give this method a go. If you do, don’t forget to come back and let me know how you get on. Also, please choose a random name for your new post file, otherwise if everyone uses the same name, then all the spammers will have to do is point their robots at the new name.
Update: I want to do the same for wp-trackback.php to change the link for my trackbacks but I can’t find all references to wp-trackback.php. So far I’ve found the following, but I must still be missing one:
- One reference to wp-trackback.php in comment-functions.php
- Two references in wp-include/template-loader.php