Block WordPress Comment Spam using Spamhaus

WordPress Comment Spam is on the rise, so let me show you how to block more of it using the Spamhaus Exploits Block List (XBL). This realtime database contains IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.

The Spamhaus XBL PHP function below will add another layer of protection for your WordPress blog. If the commenter’s IP address is listed in the block list, we will silently discard the comment and redirect back to the post/page to mimic that the comment post was successful.

Open your theme function.php file and add :

function verify_comment_meta_data( $commentdata ) {
	$ipaddress = $_SERVER['REMOTE_ADDR'];

	$revip = implode(".", array_reverse(explode(".", $ipaddress, 4), false));
	$dns = @dns_get_record($revip . ".zen.spamhaus.org");

	if ($dns != null && count($dns) > 0)
	{
		foreach ($dns as $entry)
		{
			if (!empty($ipaddress) && in_array($ipaddress, array('127.0.0.4', '127.0.0.5', '127.0.0.6', '127.0.0.7')))
			{
				// Reject the comment & bypass Akismet (if installed) since comment is spam
				if (function_exists('akismet_auto_check_comment'))
				{
					remove_filter( 'preprocess_comment', array( 'Akismet', 'auto_check_comment' ), 1 );
				}
				$post = get_post( $commentdata['comment_post_ID'] );
				$redirect_to = get_permalink( $post );
				wp_safe_redirect( esc_url_raw( $redirect_to ) );
				die();
			}
		}
	}
    return $commentdata;
}
add_filter( 'preprocess_comment', 'verify_comment_meta_data', 1 );

That’s all there is to it! Let me know in the comments below if this has helped you out and if you would like help / or a tutorial on anything else!