Block Spammers from Visiting your Site/Blog
Whether you are using WordPress, Joomla or any other CMSes (Content Management Systems) that involve comment system, you are prone to spam comments. For a spammer to post a spam comment, he/she should obviously visit your site first. This blog post will help you learn to block spammers from visiting your site based on their IP. This doesn’t mean that you’ll have no spam comments, but this could reduce the amount of spam comments, as spammers have the habit of re-posting the same comment.
Related : Eliminate Comment Spammers [WordPress]
Before you start, just make sure you have/know the following
- Spammer’s IP address, or range of IP address
- cPanel (recommended) (or) appending to .htaccess
- Few minutes
There are three ways,
- Using cPanel (Control Panel for Linux Servers) – Simplest & Recommended
- Editing .htaccess file
- Using WP-Ban Plugin (for Self-hosted WordPress users) – Recommended for WP users
Let’s start.
cPanel
This is the most simplest way of banning any user from visiting your site/blog. To do this, you’ll first have to login to your cPanel.
yourdomain.com:2083 (SSL) or
yourdomain.com/cpanel
serverip:2083 (SSL)
Once you’ve logged in to cPanel X, click ‘IP Deny Manager’ (second from left) under the ‘Security’ tab.
This will take you a page where you can enter an IP to ban from visiting you site. Enter the spammer’s IP address here, or if its a range of IPs, you can enter in the following formats
192.168.1.1 = Blocks single IP address
192.168.1.1-255 = Blocks all IPs from 192.168.1.1 to 192.168.1.255 (range)
192.168.1. = Blocks all IPs in 192.168.1.xxx range (notice, there’s a trailing dot)
192.168. = Block all IPs in 192.168.xxx.xxx range
192. = Blocks all IPs in 192.xxx.xxx.xxx range
Once you add an IP, it will be added to the list, and the corresponding .htaccess will be updated. From now, the IPs that were added won’t have access to your site.
Editing .htaccess
If you have deployed (installed) CMSes like WordPress, Joomla, or any other, you should be having a file named ‘.htaccess’ in the root folder (if you’ve deployed in the root folder). If you don’t have a .htaccess file, you can create one. Create a file named “htaccess.txt” (without quotes) locally on your computer and upload it via FTP/File Manager. Then, rename the file from ‘htaccess.txt’ to ‘.htaccess’. You now have a .htaccess file.
Now, to block an IP, all you have to do is to add/append a line to .htaccess file.
deny from 192.168.1.1
replace 192.168.1.1 with spammer’s IP
Similar to cPanel’s IP Deny, you can use ranges too, as shown here:
192.168.1.1 = Blocks single IP address
192.168.1.1-255 = Blocks all IPs from 192.168.1.1 to 192.168.1.255 (range)
192.168.1. = Blocks all IPs in 192.168.1.xxx range (notice, there’s a trailing dot)
192.168. = Block all IPs in 192.168.xxx.xxx range
192. = Blocks all IPs in 192.xxx.xxx.xxx range
Simple! From now, the IPs that were added won’t have access to your site.
For WordPress Users – WP-Ban
WordPress users can use a plugin by Lester Chan, named WP-Ban. Though WP users have Akismet, that catches Spammers smartly, this plugin can help blocking those spammers from visiting your site. Obviously, they won’t have access to post comments too, and thereby you save time that you spend on reviewing and deleting them.
The plugin can be downloaded from WP Repository. Once activated, you’ll have options to
- Ban by a specific IP
- Ban by IP range
- Ban by Hostname
- Ban by referrers (a site that refers/sends a visitor to your site)
Wildcards supported. You can also ban country-based hostnames (eg. *.in, *.sg, *.us) and referrers like *.blogspot.com. You can also use custom HTML for the banned page.
Hey, interesting post bro… Yeahh I hv akismet in my blog with the help of the setter for my blog and it’s doing it’s job well :)
Just curious,
IP address do change from time to time right?? Even if one IP add is blocked, when the same spammer visit e site again it’s another IP add… :S correct me if I’m wrong… I might hv got the term wrong for IP
Regarding IPs, if its a dynamic one, it gets changed every time the internet is restarted, provided there are free IPs in the pool. Dynamic IPs are common in India. Static IPs are common in the US. It depends, based on the Internet Service Provider. For Dynamic IPs, CAPTCHA or Math-based spam validation is the best choice.
well for dynamic IP spammers CAPTCHA is a better solution too.. specially when it comes to BOTS
Nice explanation and some ideas for dealing with spammers. I just wonder, by providing a certain range of possible IPs, will that block out visitors who are from the same area but not spammers? Especially if the spammer is not using fixed IP.
@wchingya
Social/Blogging Tracker
Thank you, Ching Ya. Yes, it does block if a range of IPs is given. If spammers originate from different IPs (dynamic), a better solution is to have CAPTCHA or Math-based comment validation clubbed to the comment system – Blog post
can u plz suggest a plugin that can automatically ban ip address if the site/blog gets more than x no of click in a given period of time or if an ip address visits too often. but before the ip is blocked i want to set the above statistics.