WP-Mix

A fresh mix of code snippets and tutorials

.htaccess block spammer

Quick tutorial showing how to block a specific spammer via .htaccess. This technique is perfect for forum and site owners who want to block access to pesky visitors based on their reported IP address.

Block any spammer from accessing your site

First, here is the general technique for blocking a specific spammer from accessing anything on your domain:

<Limit GET POST>
	Order Allow,Deny
	Allow from all
	Deny from 123.456.789
</Limit>

This .htaccess code snippet allows all IP addresses except for the one specified, 123.456.789. So to block a spammer from your site, get their IP from your site’s access log and use it to replace 123.456.789 in the previous code. Once the code is ready, it should be included anywhere in the site’s root .htaccess file. Not sure about .htaccess files? Check out my book »

To deny access to multiple IPs, you can do this:

<Limit GET POST>
	Order Allow,Deny
	Allow from all
	Deny from 123.456.789
	Deny from 456.789.123
	Deny from 789.123.456
</Limit>

These techniques use Apache’s <Limit> directive to block the two most common types of requests, GET and POST. You can add other types of requests as needed, but for most spammers blocking GET and POST should be sufficient.

Block any spammer from accessing a specific file

This second technique can be used to block access to any specific file:

<Files anyfile.ext>
	Order Allow,Deny
	Allow from all
	Deny from 123.456.789
</Files>

To use this snippet, change the IP address to match the one you would like to block, and also change the anyfile.ext to match the actual file for which you would like to deny access. When ready, add the code to the .htaccess file that is located in the same directory that contains anyfile.ext, the file you would like to block. As before, you can add multiple IPs by simply replicating the Deny from line (see previous example).

Learn more

.htaccess made easy