Disable direct access to comments in Wordpress

Spam protection

In wp-comments-post.php at the top:


<?php if(!empty($_SERVER['SCRIPT_FILENAME']) && 'wp-comments-post.php' == basename($_SERVER['SCRIPT_FILENAME']) && !isset($_SERVER['HTTP_REFERER'])) : 
header('HTTP/1.1 403 Forbidden');
header('Content-Type: text/plain');
exit;
?>

Add to .htaccess:

#Security
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*gregolsen.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

Kategori: Wordpress

Disable direct access to comments in Wordpress

Search My Site

Login Form