Skip to content

How To Deny Access To No Referrer Requests With .htaccess

In this article, we will talk about how to deny access to no referrer requests. Believe it or not, but it’s a phenomenal trick. This method will definitely protect your website from a huge amount of spam. It’s also a great way to protect your website’s login form from brute force attacks. Automated spambots comments to your website directly from the comment form. This code will prevent all the spambots who aren’t submitting the login or comment form from accessing it.

Add following code to your .htaccess file:

# Stop spam attack logins and comments
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*
    RewriteCond %{HTTP_REFERER} !.*example.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]
</ifModule>

Replace example.com in above code with your website’s URL. Above code is basically for WordPress. So, let me break the important lines to you for using it with other platforms.

You need to replace the following line in above code with the URL of your form:

RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*

If you’re only protecting a single form, use this code:

RewriteCond %{REQUEST_URI} .comment-form\.php*

That’s it!

Leave a Reply

Your email address will not be published. Required fields are marked *