Block Spam Comments from the Worst Offenders


I took a look at my dashboard the other day and was horrified to see that I had more than 10,000 spam comments. That’s just plain ridiculous! So, while Akismet is stopping the spam from appearing on my site, I nonetheless wanted to block those IP addresses from even accessing my site, to stop my database from getting overloaded with spam.

It wasn’t as easy as I would have thought to find an answer to this, but I found a nice simple little plugin that did exactly what I wanted. I wanted to find recurring spammers and block them. So I needed a way to sort through all of my spam comments and find the prolific offending IP addresses, so that I could block them.

I found solace in the WP-Blacklister plugin. It’s very small and lightweight and does three simple tasks. It sorts through your spam comments and lists them by IP addresses, email addresses and URLs. The one I was interested in was the IP addresses.


Once you install it and go to the settings page, you can sort the columns by the number of spam comments left by each IP address / email address / URL. Once you’ve sorted them, you can then copy the IP addresses and paste them in your htaccess file to deny them access to your site. In my case, I chose to block anyone with more than 10 spam comments, so I sorted the IP list, copied my selection and pasted them in to htaccess to block them.

So that you know how to do it, this is the syntax that you need to use to block users from accessing your site by IP address. You can simply repeat this line as many times as you need for as many IP addresses as you have and paste it into your .htaccess file in the root of your website:

And it’s that easy. I’m going to keep it installed and keep checking back occasionally to identify any new offenders and get them blacklisted immediately.

8 thoughts on “Block Spam Comments from the Worst Offenders”

  1. Matt says:

    Handy tip, but i think CAPTCH is enough (especially if you get a plugin with two kinds of CAPTCHA). The problem is you always run the risk of blocking lagitamet IP address in with the spammers.

    1. That may be so, but I am strongly against CAPTCHA. I don’t believe in making it more difficult for people to comment on my blog, as a method of blocking spammers. When you’re taking a list of persistent spammers, I don’t there’s much concern for blocking legitimate commenters.

  2. Derek says:

    Hey Dave,

    This is a great suggestion. It seems like no matter what plugins I try, they can never block all the spam. Like Matt, I don’t want to block anyone unfairly, but at some point enough is enough. Captchas only work part of the time. There are still a lot of people out there who spam “manually” with generic comments to get around Captchas.

  3. Adrienne says:

    Hey Dave,

    I was curious to check out how you deal with all these spammers.

    I don’t get as many as I use to because I use GASP instead of Akismet. I still blacklist some spammers but I have a cool plug-in that lets me know when people are trying to hack into my blog. Now those nasty numbers go straight to my hosting service and I blacklist them there. Never to ever set their sneaky little paws on my blog ever again.

    Thanks for sharing this plug-in. I learned something new today.


    1. Actually, now I use a plugin called Bad Behavior, which is fantastic. I had heard of GASP before, but didn’t like the idea of having to make my readers take an extra step (kind of like CAPTCHA) to post a comment. I’ve got a review of Bad Behavior coming out in a couple of weeks.

  4. I had used nearly everything, Akismet, Anti-Spam Bee, Gasp, CLP with Gasp+ and eventually I had to switch to an external commenting system like Livefyre then Disqus to help combat spam, I have less spam with Disqus than I have ever had with WordPress default commenting no matter which plugin I used.

    1. Yeah, I have played with external commenting systems like ID before, but it’s just extra bloat, and since this particular solution works quite well for me, I’m happy to keep the default WordPress system in place. If I had much higher traffic, that might be a little different.

  5. You may want to try out the plugin I’ve been using – it’s called “WP-Ban” and that makes the same job perfectly. It blocks listed IPs. If you want to block email addresses additionally you may install Ban Hammer plugin to do so.

Leave a Reply