Block Bad Requests to your Server with Bad Behavior


Bad Behavior is a WordPress plugin which effectively stops spam, by analyzing not just the content of the spam, but also the way it is delivered (for example, by blacklisting requests made directly to wp-comments-post.php). I installed it a couple of months in response to my spam comment numbers (which exceeded 10,000 per month), and it has been massively effective at killing spam.

Installing and configuring Bad Behavior

Once you install the plugin, you can pull up the settings page from the Settings menu. The overall settings are fairly simple and really, they can be left at default and work very effectively.

You have options to decide whether to display your statistics in the footer, how to log HTTP requests and what kind of requests to block. I have enabled strict checking, which is stricter, but may block some legitimate requests – I’m OK with that, given how much spam I have to deal with.

You can then activate the http:BL service as an extra measure, which checks each request against a centrally maintained blacklist (similar to how Akismet works). You’ll need an Access Key for this, but it’s free and signing up is easy. You can set two values for how strict you want http:BL to block requests, but I’ve left them at the default values and they seem to be working well for me.

If applicable, you also have options for EU Cookie Handling and Reverse Proxy/Load Balancers. However, these shouldn’t apply in most cases.

Bad Behavior in action

Once Bad Behavior is set up and deployed, malicious server requests will instantly get returned a 403 error. This will save you a lot of bandwidth and precious server resources. Furthermore, if a legitimate request in block inadvertently, the error page gives a unique key that enables you to refer to the individual access attempt, and also allows the user to see why their request was blocked and offers them recommendations on how to resolve it, such as by removing malware on their machine.

403 Error

The error log

Bad Behavior can keep a log of blocked access attempts if you so wish. It makes for quite interesting reading, to see where people are trying to get access to your site.

Bad Behavior Error Log

The results

From my original position of more than 10,000 spam comments per month, I am now down to less than 200, most of which Akismet catches. So between the two, I’ve got a great system which produces very few false positives and doesn’t leave much bloat in my database. I love it and I don’t think that Bad Behavior gets enough good press.

How about you? Have you ever heard of it? Have you given it a go? How did it work for you?

Categories: Plugins, Security | Permalink

What next?

Hire me

If you couldn't quite manage this yourself, find it too intimidating, or just don't have the time to do it, you can always hire Dave to do it. Please get in touch so that we can discuss your needs.

Leave a comment

If you have a question, update, or comment about the tutorial, please leave a comment. I try and respond to every comment, though it may take a few days, so please check back soon.

Let a WordPress Expert help you

Do you want to try this, but feel like you need a helping hand, in case something goes wrong? My service, The WP Butler, gives you access to WordPress expertise whenever you need it. Better yet, I'll keep your site backed up, updated and secure, so that you don't have to worry about it. It's all part of the service. Use coupon DIWW and save 15% on all plans.

Visit The WP Butler


Dave has been tinkering with WordPress for many years, and he now shares his WordPress knowledge here on Do It WIth WordPress to help others realise its impressive power. He can also be hired to help with your WordPress needs. Dave, who is British, is married to his best friend, Marti, with whom he has a beautiful daughter, Ellie. When he's not dabbling with WordPress, he's probably eating Triscuits or hummus, watching an indie film or British TV show, spending time with friends or family, or exploring the world.


  1. Heard of it, use it, and love it! I had just as much success with Bad Behavior, with an almost 80% reduction of spam in just a month, I would recommend this to anyone having spam problems

  2. I’m absolutely shocked that you have so many spam comments! This probably is a reflection of the size of your blog readership and of course popularity.
    Our readership is relatively small but even so we do have a number of spam comments which are tedious to determine and deal with. “Bad behaviour” is something we would get good use from. Thanks Dave.

  3. That’s actually really impressive. I’ve always been on the fence about putting something like this into place because I was afraid of lots of false positives… But to actually go from 10,000 spams to ~200 makes me really consider taking the plunge.

Leave a Reply