Firewall Rules for Bot Comments


I can’t prevent WordPress bot comments :frowning:

This is the rules I used. :

(http.request.uri.path eq “*wp-comments-post.php” and http.request.method eq “POST” and not http.referer contains “”)

I am trying to make it work with all subdomains. Seems not work. Is my rules valid? Can anyone tell me how can I do it right.

It looks like your referer test contains a couple of *. Since it’s a contains, I’d leave it as just ‘website’. I’d also use a ‘contains’ for ‘wp-comments-post’. I try to simplify it as much as I can.

If it’s bots, why not try JS Challenge for URI Contains wp-comments-post.

Or…Gulshan Kumar has a plugin that’s supposed to be pretty good. Here’s his blog post with a link to the plugin and a detailed description how it works:

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.