WordPress Quickie: Ban Malicious Visitors

Over the past few weeks I have been receiving spam comments from one spammer in Abu Dhabi. The comments were not picked up by Akismet, nor did Akismet learn to recognize them as spam after I flagged them as such. Yesterday I started receiving tons (a few every minute) of the same spam with the guy leaving links to his splog. At first I disabled comments on the current post but then he started spamming huge comments all over the place. Unfortunately WordPress does not currently possess the ability to ban a commenter based on his IP address.

I had attempted to perform a deny with htaccess rules but my foo was lacking and I kept getting Internal Server 500 errors. (Update: The WordPress Codex expands upon denying access via htaccess.) So I decided for a quick, yet effective PHP tactic as follows:

if(_SERVER['REMOTE_ADDR'] == '') { echo 'Spam is not appreciated!'; exit; }

If loaded at the top of a primary WordPress file such as wp-config.php, the spammer won't even be able to access the site. In place of the site, the spammer receives a lovely message. You can get as creative as you like with the message. For this to work, you must replace with the IP address of the spammer which WordPress provides with every comment.

If you have multiple IPs to ban just follow the same format except with the code below:

|| _SERVER['REMOTE_ADDR'] == '')
echo 'Spam is not appreciated!'; exit;

This method of banning visitors obviously only works with static IPs. There's nothing stopping the spammer/irate kid from coming back in a few days after his dynamic IP has changed. I have yet to find any effective WordPress plugins that can do simple user banning, so if you know of anything please let me know as I bet it's something on many peoples' minds. If nothing exists, I might just have to start writing a WP-Ban plugin, heh. Update: This plugin looks promising.