Title: Reduce Comment Spam Module valid_referer Last modified: April 6, 2020 --- # Reduce Comment Spam Module valid_referer * [shubhamgulati91](https://wordpress.org/support/users/shubhamgulati91/) * (@shubhamgulati91) * [6 years, 2 months ago](https://wordpress.org/support/topic/reduce-comment-spam-module-valid_referer/) * Below is the code from my nginx config file generated by plugin. Am I missing something? Users are facing 403 on posting comments. * # Reduce Comment Spam – Security > Settings > WordPress Tweaks > Comment Spam location = /wp-comments-post.php { limit_except POST { deny all; } if ($http_user_agent ~ “^$”) { return 403; } valid_referers server_names jetpack.wordpress.com/jetpack- comment/; if ($invalid_referer) { return 403; } } * When I change it to: valid_referers server_names jetpack.wordpress.com/jetpack- comment/ *.mysite.com; Post Comment works. Update: still doesnt work. I have to disable Reduce comment spam to allow legit user comments. * Do I explicitly need to add *.mysite.com? Ofcourse mysite.com implies the domain and is not the actual URL. * Server is nginx. - This topic was modified 6 years, 2 months ago by [shubhamgulati91](https://wordpress.org/support/users/shubhamgulati91/). - This topic was modified 6 years, 2 months ago by [shubhamgulati91](https://wordpress.org/support/users/shubhamgulati91/). Viewing 3 replies - 1 through 3 (of 3 total) * [nlpro](https://wordpress.org/support/users/nlpro/) * (@nlpro) * [6 years, 2 months ago](https://wordpress.org/support/topic/reduce-comment-spam-module-valid_referer/#post-12633122) * Are you sure 403 is returned because of an invalid referer ? * Perhaps it’s returning 403 because of the user_agent. * To prevent any confusion, I’m not iThemes. * Thread Starter [shubhamgulati91](https://wordpress.org/support/users/shubhamgulati91/) * (@shubhamgulati91) * [6 years, 2 months ago](https://wordpress.org/support/topic/reduce-comment-spam-module-valid_referer/#post-12636756) * Thanks, but I tried removing conditions one by one, in combinations and even adding *.mysite.com as valid_referers server_names jetpack.wordpress.com/jetpack- comment/ *.mysite.com; Nothing has worked so far except for disabling the module. * [nlpro](https://wordpress.org/support/users/nlpro/) * (@nlpro) * [6 years, 2 months ago](https://wordpress.org/support/topic/reduce-comment-spam-module-valid_referer/#post-12636931) * Can you confirm there are no 403’s when temporarily removing the last line: * > if ($invalid_referer) { return 403; } * from the nginx config file ? * If so I would try and figure out what value(s) server_names returns. * What nginx version are you using ? Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Reduce Comment Spam Module valid_referer’ is closed to new replies. * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351) * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/) * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq) * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/) * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/) * 3 replies * 2 participants * Last reply from: [nlpro](https://wordpress.org/support/users/nlpro/) * Last activity: [6 years, 2 months ago](https://wordpress.org/support/topic/reduce-comment-spam-module-valid_referer/#post-12636931) * Status: not resolved