How to combat WordPress TrackBack Spam
At the end of last year BloggingTips was getting a lot of comment spam. Comment spam has thankfully reduced since then however in the last few weeks I have seen a big increase in the amount of trackback spam here (more than 30+ a day!). Trackback spam is a little more difficult to control than regular comment spam. Most are created automatically via bots and the links they use to promote their sex or prescription drugs website usually has offensive language in it so it’s important to delete it if you want to keep trackbacks on your blog (which I do).
From what I have gathered so far, the best way to do this is to rename your wp-comments-post.php file to something else as this is the file which most bots are programmed to look for. There are one or two good trackback spam plugins available, most notably Software Guides Simple Trackback Validation Plugin, however manually changing the name of your comments post file is the quickest, easiest and most effective way of dealing with this problem.
Thankfully, Everton Blair from Connected Internet wrote a very good guide on this a year or so ago. Here is what Everton did :
- He made a copy of my wp-comments-post.php file, which is in the the root of all Wordpress installations
- He renamed this file wp-nospamcomments-post.php and uploaded it to the Wordpress root directory
- He then removed all the content from wp-comments-post.php and left a message for spammers
- He then opened comments.php in my theme folder (wp-content/THEME FOLDER) and changed the following line:
< form id=”commentform” method=”post” action=”/wp-comments-post.php”>
to:
< form id=”commentform” method=”post” action=”/wp-nospamcomments-post.php”>
Everton decided to leave a message to spammers who try and use the original wp-comments-post.php file however I don’t think this is necessary as the bots are automated so no one will ever see the message. All I did was rename my wp-comments-post.php to something else and then change the reference to it in my comments.php template.
If your blog is getting a lot of trackback spam then I recommend doing this. Just remember that you will need to rename the wp-comments-post.php again when you update your blog to the latest version of WordPress.
* Thanks to Everton at Connected Internet for his step by step guide on resolving this.
David Hobson | July 22nd, 2008 at 12:36 pm #
Thanks for the tip. Trackback spam seems to trebled in recent weeks.
Sarah | July 22nd, 2008 at 4:13 pm #
I first changed the name of my wp-comments-post.php file about 2 years ago now. The spam was building up, even with Akismet catching most of it I’d rather it just not hit the database in the first place.
I renamed the file but I added a Redirect 410 in htaccess for the old file, so that bots to the file would get a 410 (Gone) and possibly assume WordPress was no longer on the domain.
Another option is also to modify one of the input names. Bots assume the names of the input fields are author, email, url and comment, so modify say ‘author’ to be ‘authorname’ and then alter this in the wp-comments-post.php file (it’s right near the top) and you add an additional barrier for spam.
The only issue with this, and of course with the renaming, is that you have to remember to do it on every upgrade. Something I forget at times!
Kevin Muldoon (Post Author) | July 22nd, 2008 at 4:32 pm #
You’re completely right. I used to change a few things manually but it just makes updating more time consuming. For example, I used to make the login page more presentable and had the bloggingtips logo above it etc. However, it requires you to do it every time you upgrade.
I definately think theres a real need for WordPress to tackle trackback spam more effectively in their stable releases. Perhaps they can use some sort of random generator whereupon the comment submission file changes every day or something.
Kolia Shlapak | July 30th, 2008 at 7:49 am #
Thanks for the advice Will give a try!
SEO Article Scribe | August 12th, 2008 at 7:50 pm #
I learn something new every time I visit. Thanks for the great post.
StumbleUpon | August 16th, 2008 at 3:22 pm #
Your post makes one think! Great article. Thanks for allowing me to comment!
backlinks | August 16th, 2008 at 7:31 pm #
First of all congratulation for such a great site. I learned a lot reading article here today. I will make sure i visit this site once a day so i can laern more.