Block Trackback Spam in WordPress

Posted in: My Diary,Website & Blog |

This post is also available in: Indonesian


This post is also available in: Indonesian

These recent days, my blog is hit by spam attack, Trackback spam. Just in few days, when I was not at home and was in Jakarta-Bogor for spending my weekend, my blog got so many spam I ever had, up to 2500 (and after few weeks, around 28.000). The Trackback itself actually is good in intention, but petty minded people use trackback spambot to raise up their web rank (which is actually NOT WORKING at all). What the heck Trackback is? what is the benefits and why it can be categorized as spam?

Trackback is one of three linkback methods, the web author can be informed automatically when other people is linking their page to one of the documents (webpages) of that author. This method enable the web author to track whoever link back, reference back to the author’s articles. Thus, when you write a post and somebody else have the same topic with your post, we can get informed if that people link back or reference from your post. In WordPress, Trackbacks appear in comment section (depends on applied theme) and of course if we enable the Trackback itself in the settings.

Unfortunately, such damned people use trackback spambot to keep spamming to blog posts so that their web link will appear in comment section and when search engine crawl to that blog posts that damned web rank will raised up. If you check that web, it has nothing to do nor even related to your blog posts, it is also possible that those are only dead links.

To handle trackback spam in WordPress, we can do some effective ways:

  • Enable Captcha and Akismet in comments

    Captcha is able to block spam bots before they can post spam comments, avaiable captcha plugins for WordPress are SI Captcha, reCAPTCHA, etc. While Akismet block comments considered as spam before automatically appear in the comment section so later we can approve or delete it.

  • Enable Simple Trackback Validation plugin

    This plugin is effective to block trackback spam, by checking the IP address that send a trackback with the IP address of the original site that trackback link refers to, if the IP address is different then it is considered as spam. This is because the spam bots normally use another computer with dynamic IP address that is different from the trackback web links.

  • Deactitave (disable) trackback or pingback

    Trough Settings » Discussion » uncheck Allow link notifications from other blogs (pingbacks and trackbacks.)

  • Enable moderation in every comments, trackback atau pingback.

    Every comment, trackback, pingback will need to be approved manually by the administrator or automatically if once ever been approved. Unfortunately this is not effective and efficient because if there are so many comments (tens or hundreds) it will make you tired. This setting is available on Settings » Discussion » Before a comment appears

  • Do not use comment_author_link() for trackback or pingback in Comment template.

    Create callback for listing comments in comments.php:

    wp_list_comments( array( 'callback' => 'your_list_comment' ) )
    function your_list_comment( $comment, $args, $depth ){
    //add with your own comment listing, but remember to leave trackback/pingback without comment_author_link()
  • use rel="nofollow"

    For every links in comments add an attribute rel=nofollow, as follows:

     <a rel="nofollow" href="http://author_link">Author Link</a>

    By doing this, Google will not use the link to raised the rank of the target link web.

  • Block hosts through .htacess

    This method is powerful enough so that the suspected hosts cannot access our website to send trackback spam, but if the spam bots use the shared/dynamic IP address there will be a lot of IP addresses that is blocked, so that there are possibilities of IP addresses that are not used to send spam anymore are kept blocked. Plugin that provides feature to delete spam and block the hosts are Block Top Spammers. To manually block the host (eg a host with IP Address and add the following lines in the .htacess file in the root directory:

    <Files wp-comments-post.php>
    Order allow,deny
    allow from all
    deny from
    deny from
    ErrorDocument 403 '<title>Access denied!</title><style><!-- p,address{margin-left:3em;} span{font-size:smaller;} --></style><h1>Access denied!</h1><p>Your IP address has been blacklisted because a larger number of spam comments originated from the same source.</p><h2>Error 403</h2>'
  • Delete or rename wp-trackback.php file in the WordPress root directory

    Once this file is deleted/renamed then trackback or pingback is absolutely disabled.

  • Delete or rename wp-comments-post.php file in the WordPress root directory

    Once this file is deleted/renamed then comments, trackback or pingback is absolutely disabled.

I have tried some, but in the end the one that is effective enough is by activating the Akismet, Captcha, and also the Simple Trackback Validation with Topsy Blocker plugin and finally… bye bye trackback spam!

Speak Up!

Leave your own comment

Notify me of follow-up comments via e-mail (or subscribe here).



Subscribe Feed







Google Buzz