Until I can figure out if I personally want to keep supporting TrackBack, I’m renaming the wp-trackback.php file in WordPress and changing the .htaccess reference to it. This will stop all the bots that are programmed to just spam wp-trackback.php?p=###.
Every bot request I’ve seen comes in through wp-trackback.php; they never use WP’s prettified URLs.
As long as I don’t screw it up, it should kill the bots … until they figure out what you’re doing and start scraping URLs. But it’d be a couple months before they’d do that, likely. [Once they start scraping URLs, well, you're hosed.]
Have you tried MtDewVirus’s trackback spam plugin? It puts trackbacks into moderation. I haven’t installed it yet, but I probably will by this weekend.
Matt: I’m not interested in MtDewVirus’s approach. I have filters that generally do a pretty good job of filtering out the crap, and when they don’t, we’re talking very little time in making them go away. But my problem comes when I have to do that on 70 installs.
My whole idea is to foil the bots while letting the legitimate users of TrackBack still have their day in the sun. What I’ve done has worked.
What did you have to do in your htaccess file? Did you edit it manually, or did you do it through your WP console?
Each edit was a manual one, because I typically don’t have .htaccess CHMOD’d to 666. All I was doing was adding a -[I'mnottelling] to the filename, like wp-trackback-yomama.php, then making the same change in .htaccess. Works like a champ.
Pingback: The Indiana Jones School of Management