Introduction

Many spambots simply hit the wp-comments-post.php and wp-trackback.php files directly, without scanning your site to find the real names of these scripts. You can foil such bots by renaming these files.

This trick won't catch all incoming spam. However, the spam that it does catch will be disposed of without chewing up your server resources, and this hack is totally transparent to your readers.

Renaming wp-comments-post.php

Let's say you want to rename your file wp-comments-die-spam-die.php.

1. Back up all your files.
2. Replace all instances of wp-comments-post.php in your theme template files with wp-comments-die-spam-die.php. In most themes, this will mean editing comments.php and comments-popup.php; it's a good idea to double-check by searching through all files in your theme directory with the "find and replace" feature of your favorite editor, or a tool like grep.
3. Upload your edited template files.
4. Rename your wp-comments-post.php file to wp-comments-die-spam-die.php. Be sure that wp-comments-post.php is gone when you're done, or spammers will still be able to use it!
5. (Optional) Create a blank file and name it wp-comments-post.php. This will prevent spambots from getting a 404 error. If your 404 page is large, this will save you some bandwidth; it might also keep the spammers from catching on to your trick.
6. Check that everything works by posting a test comment to your blog.

These changes may be overwritten if you install a new version of your theme. Changes made to the WordPress Default Theme may also be overwritten when you upgrade WordPress.

Using PHP Includes to Re-Rename wp-comments-post

If you expect to change the name of your comments script on a regular basis, you can make it easier by using PHP to call up the new name from a single, central location.

Just create a text file called something like comment-script-name.txt, and place it in your main WordPress directory. The file should contain just the new name of your wp-comments-post.php script, e.g., wp-comments-die-spam-die.php with no spaces or line breaks. Then, replace references to wp-comments-post.php with <?php include('comment-script-name.txt'); ?>.

Then if spammers start directly attacking wp-comments-die-spam-die.php, you need only rename the file and change the name in comment-script-name.txt.

Renaming wp-trackback.php

Let's say you want to rename your file wp-trackback-example.php.

1. Again, back up all your files! You will be modifying parts of WordPress itself, not just the theme templates, so this is important.
2. Change all occurrences of wp-trackback.php to wp-trackback-example.php. In most cases, this means changing it twice in wp-blog-header.php and once in wp-includes/comment-functions.php. Again, check through all your files and plugins using your editor's "find and replace" function or grep.
3. Upload your edited files.
4. Rename wp-trackback.php as wp-trackback-example.php.
5. (Optional) Create a blank file named wp-trackback.php.
6. Test your new setup by sending yourself a trackback, either from your own blog or the Trident Trackback Test Blog.

If you upgrade WordPress, these changes will be overwritten and you will need to redo them.