Outdated: This .htaccess approach targets a specific era of WordPress spam bots. Modern WordPress spam prevention is better handled through plugins like Akismet or Cloudflare’s bot management. The rewrite rules shown here may also conflict with newer WordPress versions.

Yes, Akismet can be of huge help when fighting with comment spam, but it can’t help against the most sophisticated auto-commenting tools which make fake comments look very real.

These software have one thing in common though, a flaw which they share. They try to automatically post the comment data (name, email, URL, text) to the wp-comments-post.php file on your blog, which WordPress allows by default. There is a simple solution to avoid this and it’s htaccess.

Just paste this code below any existing content in your own .htaccess file at your WordPress installation:

RewriteEngine On RewriteCond %{REQUESTMETHOD} POST RewriteCond %{REQUEST_URI} .wp-comments-post.php RewriteCond %{HTTPREFERER} !._ephp.info. [OR] RewriteCond %{HTTPUSER_AGENT} ^$ RewriteRule (.) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Replace ephp.info with your own domain name in the above code, though.

This should lower the work required by Akismet.

[by WpRecipes]