Blocking Spammer From Wasting Wordpress Resources

Wordpress is definitely a resource-hogging application. It tooks more than 5 queries per request. This is maybe not an issue on small blog, and yes, you can always put this or this to cache all the result and make it faster. The real problem is, when you have numerous spam request on your site.

I've added logging mechanism for blocked request, so you can see who's got blocked, just check for the blocked-request.log inside the wp-content directory. Here's the link.

Note that spammers send POST request, POST request don't get cached. So, it will continuously drain your server's resource, make your site sluggish. So, whats the solution for this? Mine is: block the culprit when he's POSTing spammy comments on your site.. A simple mechanism is using .htaccess file. All we have to do is block POST request from spammer's IP, like this

#.htaccess file
<Limit POST>
  Order allow,deny
  #put spammy IP's here
  Deny from 116.193.8.0/21
  Deny from 125.31.0.0/18
  Deny from 161.64.0.0/16
  Allow from all
</Limit>

#existing htaccess for Wordpress mod_rewrite
..

This techniques is efficient, but if one just too lazy to update the IP list, and here comes the plugin. I've created a wordpress plugin to store spammer's IP into a list and manage the list. Installation is simple:

1. download block-spammer.zip
2. extract
3. upload the capture-spammer-ip.php inside the wp-content/plugins directory.
4. upload the check-spammer-ip.php inside the wp-content directory.
5. make sure the wp-content directory is writable
6. edit the wp-settings.php, after line 215 — the one in bold
   

   if ( defined('WP_CACHE') )
     @include WP_CONTENT_DIR . '/advanced-cache.php';
   @include WP_CONTENT_DIR . '/check-spammer-ip.php';
   

7. activate the plugins