How to block Spam Trackbacks in WordPress

wordpress-iconTrackbacks are a great way for other blogs to notify your blog about a link back to you. Many blogging platforms support this feature, including WordPress.

But sometimes it’s very obvious that those trackbacks aren’t coming from a legitimate source, especially when you get several dozen of them every day from the same source.

No one loves you that much.

The most recent two examples are and, the latter can’t even properly mix a plural with a singular. But that’s not for here.

To make sure those trackbacks don’t bother our WordPress site anymore, we can add a bit of code to your re-reite rule file. If your host is using Apache then this will be your .htaccess file, famously in use for Pretty Permalinks and some cache plugins.

A typical .htaccess file is either empty or contains a block of code courtesy of WordPress. It’s a simple text file. If we add this little snippet to the bottom of the file, friendly trackbacks from will no longer notify our website:

# Block Semalt Trackbacks
RewriteEngine On
RewriteCond %{HTTP_REFERER}
RewriteRule ^.* - [F,L]

This rather strange looking code is a rewrite rule. It says “if you encounter a link or a visitor from, then forbid them access to anywhere on this site”.

Notice the backslash, followed by the domain extension in This is necessary to escape the dot character, otherwise Apache would interpret it as an instruction. In our other example,, we need to deal with the slashes in the domain name in the same way:

# Block buttons-forwebsite Trackbacks
RewriteEngine On
RewriteCond %{HTTP_REFERER}
RewriteRule ^.* - [F,L]

You can stack these rules in your .htaccess file and add as many as you like for your very own Trackback Spammers. Simply replace the URL in the code with your own, escaping special characters as seen above (a special character is anything that isn’t “a to z” or “0 to 9″).

Note that these rules do not prevent such websites from linking to you. However as soon as someone from the offending website clicks a link to your website, they will be denied access. On the other hand, when the same visitor would type in your URL, or come from a different website, they will be able so see your content without problems.

You can leave a comment on my original post.