WordPress Comment Spam

A day after my first blog post and I am already a sensation! Well, to the Parbrize family at least. Although I’d love to agree with the generous comments, it takes less than common sense to realize the comments are spam. Within a day I received 13 comments on my fist blog post – all of them obviously spam.

… And because I wasn’t sure what my next blog post would be, I will explain how we can prevent spam like this in the future.

WordPress Comment Spam

After a bit of research I found a useful article on Namecheap that breaks down WordPress spam into 3 main categories:

  1. SpamBots (automated comments that may or may not contain links)
  2. Trackbacks/PingBacks (comments that contain links for the sole purpose of improving the Google rank of another site)
  3. Manual (comments manually created that have no relevance to the blog post)

Although the easiest way to avoid comment spam is to disable comments, I’ll investigate some other options first:

  • Use a plugin like Akismet to auto-block spam comments.
    • I may try this in the future, but I prefer built in options to reduce my reliance on third parties and the number of ‘things’ to update.
  • Manually block spam by using built-in WordPress features under: Settings > Discussion

For now i will opt for the second option, if I find that it’s too labor intensive to keep up with all the spam, I may try the Plug-In at a later point. Now for the manual configuration:


Added Parbrize IP addresses to the ‘Disallow’ list:

I’ve also ensured that the following is checked so only approved commenters are displayed.

We’ll see how that works for now, but it may be necessary to add a Re-Captcha to the comment form to prevent and endless flow of spam from other IP addresses.

Until next time, try googling your name or email address!

Post #1

Welcome to my first blog post! It won’t be impressive, so don’t get your hopes up. I don’t currently have a structured plan for this blog yet, but I need to start somewhere, so basically I will explain how you are able to read this post – note the terms in italics – these may be topics of future blog posts:

  1. You entered or clicked on a link with the URL of homegrowntechie.com
  2. Your device made a DNS query to find out that homegrowntechie.com is located at a specific IP Address
    • Hopefully you are not using Google DNS or your ISP’s DNS – more on this in a future post
  3. The DNS request returns my Public IP address because I’ve used a Dynamic DNS service to update my Domain Registrar with the public IP address your machine needs to access this website.
  4. Your machine requested this page by sending a GET request, but before you were able to read anything on this page your request was Routed through your home router (or cell tower) to your ISP’s network, and on through the Internet before finally reaching my router,
  5. After reaching my router, my router forwarded your GET request to a Self-Hosted NGINX Reverse Proxy which then forwarded your traffic to my Self-Hosted WebServer
  6. My WebServer is running WordPress which then responded to your GET request with this webpage.

The few steps above are a simplified version of what actually happened, but a good opportunity to throw out some terms (Italicized) that may be topics of future blog posts.

Thought of the day: “Why am I still using Gmail when I care about my own privacy?