Adventskalender Day 7 – Mini-Plugin: Blocking Known Spam-IPs in WordPress

On Tuesday you found some useful SQL statements Toscho put into our Adventskalender. They help you to generate and analyse some information from the comments in your WordPress installation.

Today we want to introduce you to a small mini-plugin that prevents known IP addresses to leave comments. As a prerequisite for this is that you don’t delete your spam comments permanently.

The Mini-Plugin

Our small mini-plugin hooks into the WordPress-hook preprocess_comment, which is executed when you create a new comment in the function wp_new_comment(). There we have the opportunity to respond before the comment is inserted into the database.

Our callback looks like this:

Because we hook into the comment in a early stage, we need to assume the preparing of the IP and the User-Agent of the core. That’s unclean, but unfortunately there a no helper-functions within the Comment-API.
First we start a database query to check wether there is already a spam comment with the same IP address. Sadly the Comment-API of WordPress just offers a very imprecise search trough the class wp_comment_query. Here we can enter “search” into the search array which, however, examined with a OR-operation and a LIKE in the following fields:

  • comment_author
  • comment_author_email
  • comment_author_url
  • comment_author_ip
  • comment_content

Therefore we decided to write our own performant query.

The second measure to examine spam comments, we use the internal WordPress method check_comment() to verify with the blacklist. If one of the two checks match, we break off and prevent saving the spam comment.


With this tiny plugin we can accomplish, that unwanted comments will be blocked at an early stage. Thus, we can also take quiete a load of our database and facilitate unnecessary comments. However, this plugin needs the availabilty of a spam database that is canceled in the long term.

You can find the Mini-Plugin Block Known Spam IPs in our Github-Repo.

Your opinion is needed

Now it’s your turn! How do you prevent spam? Do you elevate or delete your spam? And have you ever heard ot the “Blacklist”? Let us know!

Post Sharing

Author Avatar

Hi! My name is Chris and I enthusiastically develop the web from back-end to front-end at Inpsyde. When I'm not discussing accessibility, you can find me at Google+. In my spare time I study computer science, do a lot of sports, read one book after the other and blog at

Also Interesting

New Plugin: Slack Connector - Connect WordPress, WooCommerce and Slack

by Michael Firnkes

Initially we merely wanted to optimize our own Slack-processes. With automated notifications from our MarkettPress shop, the blog and our forums. The resul ...

Read more

Inpsyde is the first VIP partner in Germany

by Michael Firnkes

Automattic has given us the title of VIP Service Partner, the first in Germany, Austria and Switzerland. Worldwide, there are only eleven com ...

Read more

Inpsyde is a WooExperts Gold Partner of WooCommerce

by Michael Firnkes

A few weeks ago, Inpsyde GmbH with MarketPress became a certified WooExperts Gold Partner. This is confirmation from WooThemes of our agency’s know-h ...

Read more

BackWPup Pro: Secure WordPress Backup with Google Drive

by Michael Firnkes

The Pro version of our BackWPup plugin supports the backup of WordPress databases and files to Google Drive. But how do you set something like that up? And ...

Read more