WordPress 2.0 / 1.5.x Plugin: Referrer Bouncer - A Plugin to bounce referrer spammer bots (and humans)

By Angsuman Chakraborty, Gaea News Network
Saturday, March 19, 2005



Note: This Plugin supports one-click-install through WordPress Plugin Manager and is also available from WordPress Plugin DB.

  1. Upload or move the Plugin file (noreferer.php) to your wp-content/Plugins directory.
  2. Log in to WordPress.
  3. Click Plugins from the main menu.
  4. Scroll to find the name of the Plugin - Referrer Bouncer, and click Activate.


  1. Log in to WordPress.
  2. Click Plugins from the main menu.
  3. Scroll to find the name of the Plugin - Referrer Bouncer, and click Deactivate.

This disables the Plugin. You can also delete the noreferer.php file from wp-content/plugins directory and referer.txt (if created) from the wp-content directory for permanent removal.

Your comments and suggestions are welcome.

Update: This plugin may not work effectively with wp-cache as it doesn’t allow any plugins to execute if caching is enabled, except for the first time. If you want to use wp-cache then you should use .htaccess to block your referrer spammers. However be very careful as you can very easily create site-wide problems. Be sure to test very very well if you decide to go .htaccess way.


August 5, 2010: 4:39 am

Authetic air max series,
Authetic shox shoes,

July 2, 2010: 9:13 pm

oh, maybe I am to late, but is this update until now, I want to use on Wordpress 3

March 7, 2010: 6:44 am

You describe this post in lovely writing style. I enjoy reading your review about wordpress plugin. Hope I can visit your blog again. Thanks for sharing

January 26, 2010: 10:56 pm

Great information, Thank you so much… keep up the great work.

October 6, 2009: 1:54 pm

Great plugin. Can the design be modified to fit the look of the blog?

October 17, 2008: 1:00 pm

This plugin is compatible with all recent versions of WordPress.

October 17, 2008: 8:30 am

Is thsi plugin compatible with WP v2.6.1 and v 2.6.2?

Will it be compatible with WP v2.7? or incorporated in v2.7?

August 31, 2008: 6:30 pm

[...] Referrer Bouncer [...]

August 21, 2008: 3:05 pm

[...] Referrer Bouncer Eklentiyi buradan indirebilirsiniz. [...]

December 21, 2007: 12:10 pm

Great plugin..Ths a lot

August 31, 2007: 3:11 am

thanks a lot for this plugin. i saw that you made a lot of useful plugins:) thank you!

April 23, 2007: 2:30 am

Thanks a ton.

April 22, 2007: 10:15 am

hi there, just would like you to know that your plugin appears on my “most-wanted” list ;-)


January 16, 2007: 3:53 am

[...] I too provide an anti-spam plugin - Referrer Bouncer. Unlike its counterparts Referer Bouncer doesn’t normally give false positives. However it requires active management of the list for best performance which may not be possible for average joe bloggers. Also Referrer Bouncer tackles only one class of spams - referrer spams or spams with a referrer payload. While it is an important category of spam, a lot of spams these days doesn’t come with referrer payload. [...]

January 9, 2007: 6:59 am

[...] Niente da fare la soluzione che postato qualche giorno fà non sono riuscito a loccare niente, ho trovato la soluzione installando un paio di plugin’s per WP, questi: 1) Angsuman’s Referrer Bouncer [...]

December 13, 2006: 10:33 am

[...] Autres solutions à essayer : Referer Karma, Referrer Bouncer, AutoBanReferer ou encore SpamForceField [...]

September 24, 2006: 11:08 pm

[...] Angsuman’s Referrer Bouncer, Trackback Validator, Spam Karma 2, Bad Behavior: It’s hard to tell which of these is doing the lion’s share of the work, but I rarely ever have to see any comment or trackback spam on my blog. Obvious honorable mention to Akismet. I don’t know how this stuff works, but it gets the job done. [...]

August 30, 2006: 6:57 am

[...] Check this post to get an idea on how the plugin works. WordPress in recent versions (1.5 and above) does not provide any visible buttons to support multiple pages even though it supports the functionality internally. This plugins enables you to easily break your WordPress article into multiple pages. It works for both WYSIWYG as well as text mode. [...]

July 24, 2006: 10:30 am

[...] You can easily and effectively use your .htaccess file to easily and effectively block comment and referrer spammers targeting your blog(s). If you are using WordPress you can also use my Referrer Bouncer plugin, which is much simpler, to block referrer spammers. For the rest here is a sample .htaccess file you can start with. [...]

May 29, 2006: 10:06 am

[...] Angsuman’s Referrer Bouncer…リストされた変なリファラを持つアクセスを拒否 [...]

May 5, 2006: 5:26 am

[...] WordPress 2.x (and above) plugin to create multi-paged article. I have been asked several times how I create articles with multiple pages (like this or this). WordPress in recent versions (1.5 and above) does not provide any visible buttons to support multiple pages even though it supports the functionality internally. This plugins enables you to easily break your WordPress article into multiple pages. It works for both WYSIWYG as well as text mode. Compatibility Works on 2.x codebase. It hasn’t been tested on 1.5.x codebase and not supported. [...]

April 9, 2006: 1:01 pm

Thanks for looking into it. Still boggles my mind what people will do just to try to get their URL somewhere it shouldn’t be…

April 9, 2006: 7:53 am

That is definitely not an error with Referrer Bouncer plugin.
Have you checked (in WordPress options) the options to blacklist open proxies?
That might be causing this error. Your office IP has been blacklisted by powers that be.

Referrer bouncer doesn’t selectively ban based on IP addresses.

April 9, 2006: 6:16 am

Bug Report!

Found myself banned by my own site. That is, when I came through my ISP. When I came through my site’s server I got through.

The ability to whitelist certain numbers would be a useful feature.

April 8, 2006: 8:17 pm

The url simply translates a page to non-English language. If you click on the flags in the top right corner of this page then you get a translated version of this page in your language of choice.

It seems someone is misusing the service and using it to hide their nefarious activities.

Give me a day or two. I will fix it.

April 8, 2006: 4:37 pm

Last night my blog received 2036 hits from the URL “http://blog.taragana.com/wp-content/plugins/translator.php”, as displayed in AWstats. I don’t use Wordpress, I use b2evolution - and though I’m always looking for solutions to referrer spam, I’ve never seen this page before.

It looks like I’ve been referrer-spammed by a referrer-spam-blocker. Could someone offer any insight as to what might have happened here?

March 27, 2006: 4:06 pm

thanks so much! really helpful!

March 21, 2006: 4:40 pm

[...] Estava (aliás, estou) aqui a fazer uns ajustes para poder abranger a raiz do domínio com a protecção anti-referer-spam do Referer Bouncer (plugin do blogue), e fiquei espantado com a velocidade com que surgiam novos spammers nas estatísticas: menos de um minuto entre cada hit (se calhar isto até é uma quantidade levezinha, mas a verdade é que ao blogue não chega nada disto, é só mesmo na raiz do domínio, onde eu, já por causa disso, até nem tinha o BBClone a “cheirar” visitas). [...]

January 16, 2006: 1:18 pm

[...] 1:18 pm - Activated “Angsuman’s Referrer Bouncer” plugin and verified that it was functioning correctly. Filed under: general by Shane | [...]

January 10, 2006: 1:00 am

[...] The latter was found via referrers.  The “shortstat” plugin for WordPress has revealed some interesting traffic over the past few days.  I am surprised at the constant stream of referrer spam I receive.  Implementation of various plugins, like Angsuman’s Referrer Bouncer, seem to help.  However, the new domains come about 5 to 10 a day. [...]

January 3, 2006: 5:38 am

The sites may still show up on log analysers as Apache passes on the request to WordPress which bounces them. However they are getting bounced and spamming themselves :)

You can manually test to ensure it is working properly:
How to Ensure your Site is Protected by Referrer Bouncer Plugin

January 3, 2006: 4:08 am

Hi there,
this plugin is a great idea, but unfortunately it doesn’t seem to work for me, since I’m using a custom referrer.txt file and the same spam sites I have listed there keep showing up in my referrers.

Do you have an idea what could be wrong?

December 28, 2005: 12:49 am

[...] Angsuman’s Feed Copyrighter Plugin for WordPress 1.5 and above is of the class of upload-activate-and-forget Plugins (like WordPress 1.5 Plugin to disable nofollow from comments or WordPress Referrer Bouncer Plugin to bounce referrer spammer bots), Plugins that simply work. [...]

December 27, 2005: 1:45 pm

[...] WordPress 1.5 Plugin: Referrer Bouncer - A Plugin to bounce referrer spammer bots (and humans) [...]

November 23, 2005: 3:35 am

[...] Guardando meglio scopro che ne arriva approssimativamente uno al secondo, comincio a preoccuparmi e cerco di capire che cos’è . . . Spam nei trackback/referrer !!? Googlando un poco ho trovato a parte i soliti Trencaspammers e HashCash questo che mi sembra interessante, si chiama ReferrerBouncer. Questo risolve il problema nei referrer anche se i buoi sono già scappati tant’ è che ora nei log mi ritrovo : [...]

November 22, 2005: 2:29 am

[...] Heute morgen bin ich bei Eintrag 42326. Ist doch toll was die so alles an Traffic veranstalten, oder? Habe mir gerade mal den Referer Bouncer installiert, und meine Blacklist upgedatet. Nun bin ich mla gespannt was noch durchkommt. [...]

November 18, 2005: 12:47 pm

Would you please, please be so kind to clue me in how to change the referer.txt dynamicly / help me otherwise?

Because sofar I’m not doing so well I quess: “Traffic limits are exceeded in this domain…”

November 9, 2005: 9:55 pm

Actually we do give them a taste of their own medicine. We re-direct them to spam the same site whose ranking they intend to increase by spamming ours. So all they get for their effort is a high bandwidth bill.

With it doesn’t cost them anything even if the spider is stupid anough to search the localhost and also if there is actually a server running.

November 9, 2005: 4:46 pm

Your referer bouncer wordks just fine in WP ;)

For my ‘other’ problem:
With help ‘we’ found another solution…, to fix this problem instantly.
Replace the last line with:

RewriteRule \.*$ [R,L]

and you give them a peace of their own cake!

Regards, M. ;)

November 8, 2005: 5:16 pm

That would be perfect.
I do not want to look brutal, nor do I want to rush you, but… ;) Please?

November 6, 2005: 12:03 pm

I have a different version which will work on any php enabled website including but not limited to wordpress. So yes it will neatly solve your problem.

I will post it by tommorrow.

November 6, 2005: 6:27 am

WP is ‘just’ a part of my website / not my entry page. Is there anyway I can get this plugin to work on my not WP-page(s) as well?
Forever thankful in advance ;)

November 5, 2005: 7:35 pm

Looking forward to hear about your 22, 000 not wanted hits :)

November 5, 2005: 2:15 pm

It works now / when chmod wp-content to 755 instead of i.e. 711 (which resulted in a blanc page / non visible website). BLOND hé :P ;)
Sorry. All my mistake!! I’ll Let you know what it does to my 22.000 not wanted referer hits ;)

November 5, 2005: 1:06 pm

Should the plugin (noreferer.php / Angsuman’s Referrer Bouncer plugin) still be / remain activated after the referer.txt and nrsetup.txt files have been created? Or is activation only nessecary to adjust the referer.txt file (and create the nrsetup.txt file)? The nrsetup.txt file is a blanco file, right?
I cannot describe the earlier problems in details, so I just want to know before I () try again. This plugin does / wants to do more then I’m ‘used’ to. :D :) Thanks.

November 5, 2005: 4:15 am

It will work in any version of WordPress, upwards compatible.

Please describe the problem in detail and I will take a look.

November 5, 2005: 3:53 am

[edit]22.000 not wanted referer hits every day[/edit]

November 5, 2005: 3:50 am


I was so glad to find a plugin like this. However I’m facing a lot of problems getting it to work in WP version 1.5.2. Asuming that that’s the problem, cause

Tested only on WordPress 1.5. Should work with earlier versions

. At some point my own site was complete blanc, and had to restore a number of WP-documents.
I’m I right: is the WP version the problem? Please help: with ca. 22.000 not wanted referer hits me and my provider are in desperate need ;) Tnks in advance

October 31, 2005: 9:17 pm

Can you provide me the url to the site which you intend to bounce? - I will take a look.

October 31, 2005: 6:12 pm

Add this to my previous comment…is it possible that while at this site those who wish to visit my site are not clicking on the link there to me (which would get them bounced); but rather are pasting my URL link into their browser window? Would this explain how they’re getting around referer bouncer? If so, I wish there was some way to fight this.

October 31, 2005: 6:09 pm

Angsuman: I was wondering whether you might have any ideas why I’m seeing this behavior regarding a bounced domain.

I added it to my referer.txt file. When I visit the bounced domain myself & attempt to click on a link there to my site I AM bounced back to the original site (& not allowed access to my own). This is the behavior I want to see. However, I’m still seeing in my site stats visits to my site referred fr. that domain.

How could that be happening?

October 25, 2005: 10:08 pm

[...] Since installing Angsuman’s Referrer Bouncer earlier this month, the referral spam I was accumulating has dwindled to almost nothing! As you can expect, I am very happy about this because my log files were filling up with stuff I don’t want to mention. At any rate, I am unsure if I am unintentionally blocking legitimate traffic. If you’ve been blocked or redirected while trying to reach my site, please let me know the circumstances and I might be able to tweek the configuration. The main factor should be the site you linked from before arriving here. Filed under: blogging, traffic, technology & web by Shane | [...]

October 17, 2005: 1:44 pm

[...] Been getting a lot of spam lately — in the hundreds, daily. I’ve already installed the Wordpress Hascash and Referrer Bouncer for quite some time now. [...]

October 6, 2005: 12:58 am

You can add domains or any keywords. I even have words like casino.

It simply scans for the text within referrer string, sent by the http client.

Please edit your file using the WP interface to ensure no empty lines in file. In the next version I will remove this requirement, I promise.

October 5, 2005: 5:16 pm

UPDATE to my last comment. When I view the referer.txt file using Notepad through my ftp client, I see no returns separating the entries. But when I use WP’s own interface to view the file I do see returns separating them. So I recommend only adding domains to referer.txt using the WP interface (or else adding returns to the file when viewed in Notepad or via yr. ftp client).

October 5, 2005: 5:05 pm

I think the plugin has stopped working for me. Can you remind me how you add domains to the bounced list? I just added one to referer.txt & saved it. When I went to the domain in question & clicked on a link there to my site, I should’ve been bounced back to the original site. Instead, I was taken to my site.

I wonder whether the way the referer.txt file is formatted could be the problem. I noticed that ea. domain name is listed without any punctuation separating them. Shouldn’t there be a semi colon or some punctuation allowing the plugin to distinguish bet. the domains? Maybe I’ve lost the proper formatting I once had for the file?

September 25, 2005: 6:05 am

[...] Anyway, how did I do it? Simple! I used the Referrer Bouncer plugin and in the referer.txt file, I cuntpastded (lulz) all of the search terms that I deemed sick and disturbing. Here’s an example of some stuff in my .txt file: hot+cat+sex+ass YUGIOHhentai Yautja+cock+sex+ass hot+silicon+girl silicon+girl pissing-girl.ws 8m.com yu-gi-ohhentai Yautja+sex+cock+ass illegal+porn+galleries princess+peach+hentai princess+peach+porn Super+Mario+Porn i-no+hentai yugioh+hentai [...]

September 24, 2005: 5:34 pm

[...] I did some research and decided to implement some WordPress plugins to help to combat the spam. The first was Spam Karma 2, an anti-spam plugin that helps to eliminate all forms of blog spam. So far so good, no more trackbacks or comment spam have gone live in my blogs. I also installed a Referrer Bouncer plugin to hopefully eliminate all of the junk in my logs. I won’t really be able to easily see if this is working until next month when I have some clear logs to view. [...]

September 23, 2005: 11:24 am

[...] So after weighing my options, I decided to ban spam referrers from ever hitting my site, at least on my WordPress-based J Spotter, the WP referrer bouncer plugin being readily available. [...]

September 19, 2005: 6:27 am

[...] Then I found Referrer Bouncer (via Blogging Pro News), a WordPress plugin that blocks referrer spams by matching against a plain text file. It gives some interesting responses — instead of denying spambot the access, it actually sends back a 302 “Found” to tell the spammers to go back its own website. [...]

August 27, 2005: 12:03 am

[...] By the way, the solution of Dawzz I chose to solve my problem was Angsuman’s Referrer Bouncer plugin. Works like a dream. blog, censorship, comments, plugin, abuse, wordpress [...]

August 26, 2005: 11:53 pm

Angsuman: I’ve noticed a weird behavior in my CHMOD settings. Yesterday, my plugins folder & referer.txt & noreferer.php files were all set to 777. Tonight, one reverted to 644 & one to 755. This in turned caused that weird hanging behavior once again.

Can you think why CHMOD settings would change? How do you keep them set once you configure them?

August 26, 2005: 8:15 pm

Thanks Richard for the solution. I have emailed Thomas about your solution (cc’ed you).

I will update the post with this.

August 26, 2005: 1:58 am

[...] Remember that old line from Julius Caesar: “I come here not to bury Caesar but to praise him.” Well, I come here to bury certain unwanted blog visitors and to praise Angsuman’s remarkable Referer Bouncer plugin. [...]

August 26, 2005: 1:38 am

Hey, if Thomas is still reading this (see his May 16th comment) I think I discovered what might’ve been the problem with his WP installation hanging after installing the plugin. He says in his comment that he set his wp-content folder to 755. I had mine set to 755 as well & got the same hang behavior. But when I set it to 777, then everything went back to working fine.

So be sure your folder is set to 777.

Angsuman: if Thomas doesn’t see this maybe you have his e mail & can send him this comment in case it’ll fix his problem?

August 26, 2005: 12:58 am

UPDATE: I tested the plugin by going to one of the sites which linked to my blog & sent nasty commenters my way. While at the site, I found the link to my post, clicked on it and…was promptly bounced right back to the original site!

Worked just like I hoped it would. This will be one useful tool in fighting certain types of unwanted visitors.

August 26, 2005: 12:25 am

I have a use in mind for this plugin a little different fr. the main one Angsuman conceived it for & I just want to be sure that it’ll accomplish what I need.

Periodically, I get visitors who are referred to my site by various online forums. They come to my site referred fr. the forum sites and leave pretty nasty comments. And sometimes they leave them in droves.

My question is: once I discover that a particular domain is referring these people to me & they’re leaving these unwanted messages, if I add that particular referring domain to my referer.txt file will it bounce the unwanted commenter back to the domain/URL fr. which they came?

If so, this is something I very much need. I’ve just installed it & no problems so far. Proof of the pudding will come when my next “attack” happens.

August 18, 2005: 6:04 am

[...] FIX [...]

August 17, 2005: 10:43 pm

You are welcome.
BTW: You don’t even need the vending-machine.narod.ru line as your .ru line before will match any ru domains.

August 17, 2005: 7:38 am

Please delete the blank line between:



in your referer.txt file. That will solve the problem. In other words you cannot have empty lines in this file.

August 17, 2005: 6:33 am

After using this for a while, I started to get error messages that my redirect url limit was exceeded. I couldn’t even log in to my admin panel. When I deleted the plugin, the problem went away. When I reinstalled, the problem came back. What am I doing wrong?

August 3, 2005: 4:11 am

[...] next… it’s this refferer bouncer thingy… works like the b2evo blacklist of specific site addresses…. if anyone from your blacklist tries to get in to your site… it gives the spammer an error message of sorts hence… they cant even get in [...]

August 1, 2005: 7:55 pm

[...] See the above image? This is what happens when you somehow get blank lines in certain files of your Wordpress installation or plug-ins. In my case, it was the plug-in I use to bounce referrer spam, called Referrer-Bouncer. Referrer bouncer uses one php file that checks incoming referrers against a text file, and if it finds a match then it will bounce the referral back into the abyss. Well, if you accidentally insert a blank line in this text file, like I somehow did today, then you will find that you cannot access your admin panel, it will infinitely loop constantly bouncing itself. Firefox returns the above error. Internet Explorer just sat there all confused. [...]

July 30, 2005: 11:19 pm

[...] WordPress 1.5 Plugin: Referrer Bouncer - A Plugin to bounce referrer spammer bots (and humans) - Simple Thoughts A neat referrer spam plugin that I will rollout when I’m sitting at my proper desk. (tags: blog plugins wordpress blogs spam referrer) [...]

July 27, 2005: 11:32 am

[...] This took care of it. Installation is easy (though I had a little trouble with permissions), and the list of banned referrers easy to edit. Best of all: The messages bounce back to the referring URL. Heh. (I don’t have any way to prove it’s happening, but the images in my head are enough.) [...]

July 17, 2005: 9:59 am

Excellet plugin! I’ve been looking for something exactly like this to weed out the spam in my referrer links.

July 11, 2005: 1:17 pm

[...] [EDIT] Back on again, please report any problems. Suggestions that I have found useful include: Apache mod_security, Spam Valve, Bad behavior, WP Hashcash and Referer Bouncer I have already implemented a couple of these and am in the process of rewriting a couple more to suit my needs. The first three are very promising. Bad Behavio(u)r has some clever code and when used without the logging feature, is very swift. I might tweak the code a bit to make it even more transparent and engage it *before* the Wordpress process using Addhandler. Using JS verification is an option that I would consider but would rather stay away from.   (Visited 121 times) [...]

July 9, 2005: 8:27 pm

[...] To fill in the gaps until Bad Behavior gets updated, I’ve installed this referrer bouncer called, well, “Referrer Bouncer.” The trick is that you create a text file that the plug-in references. In this text file you enter in the domains of sites that are sending you referral spam. If the site is in this list, the plug-in will “bounce” the referred link back to the offending site. In essence, any links from that site are simply not accepted. Very nice. This blocks bots and humans. Referrer bouncer came with a default list of known spamming sites. I’ve added about 8 sites that were getting through Bad Behavior. While it’s very annoying to have to deal with all this spam, in some ways, it’s fun to get satisfaction in knowing that I am defeating them, and will always be able to leave an open comment form for articles and trackbacks. Speaking of trackbacks, I’ve added trackback protection, as well. If you trackback to meeciteewurkor and it doesn’t immediately show up, that means it’s been held in moderation. [...]

June 20, 2005: 10:09 am

I’ll give it a go being rather fed-up with parasitic spamming. I’m glad i don’t have to work through code beyond my grasp to do your solution.

June 13, 2005: 1:19 am

[...] access there are a number of plugins that you can use. For Wordpress users, there’s Referrer Bouncer which bills itself as a “class of upload [...]

June 7, 2005: 1:34 pm

[...] event comment spammers from taking advantage of your pagerank. A basic, necessary plugin. Referrer Bouncer: The other half of the blog/spa [...]

May 16, 2005: 8:24 am

i tired that too… no luck..

thanks for tips though..


May 16, 2005: 4:27 am

There isn’t anything which can cause this behavior. I am as surprised as you are. Never had any other reports before even remotely like this.

Just a hunch. Can you re-download the file please (from my site) and try again. Let me know what happens.

May 16, 2005: 1:50 am

yes my wp content directory is set at 755

and yes, I am not doing any customization, just put it in the plugin folder and then tried to activate it.

This is really a strange bug, not sure why it is happening.

I have your noreferrer plugin on a different wp 1.5 blog and there seem to be no problems there.

But with this one, right after I put it in my plugin directory, and then go to my admin plugin section. And then when I try to activate it, it also hangs and gets stuck.

Very strange…

not sure what else could be wrong.. maybe I will just have to use the hashcash plugin for now..

May 15, 2005: 3:28 pm

@Thomas Is your wp-content directory writable?

May 15, 2005: 3:24 pm


Have you activated the plugin first?
First use it just after activation, no customization. Once you are comfortable with then create a custom file by clicking on the appropriate link in Plugin manager (details in the post).

First you need to create the file, before you can edit it. Please check the instructions in the post. They should clarify the details.

May 15, 2005: 1:03 pm

hey man,

not sure what I am doing wrong but i just installed a new wp 1.5 blog

and when I add the noreferrer plugin to my plugin folder, and then on my site i try to click the
‘edit’ link so that i go into my Wordpress user interface, it hangs and does not let me get in there..

but when i remove the noreferrer plugin from my plugin folder through ftp, then i can access my blog and admin fine..

the noreferrer plugin is hanging something up, not sure why.

i am assuming to install I only have to drop the file into my plugins directory? and thats it?


May 10, 2005: 5:56 am

[...] To keep around, in case my other, latest installments don’t get the job 100% done : WordPress 1.5 Plugin: Referrer Bouncer : “A Plugin to b [...]

May 6, 2005: 9:44 pm

[...] spambots. It goes far beyond User-Agent and Referer, however. 3. Recent Comments plugin 4. WordPress 1.5 Plugin: Referrer Bouncer - A Plugin to bounce ref [...]

May 4, 2005: 4:49 am

Thanks for the bug report. I confirmed the bug which happens for non-default use of the plugin. I have updated the plugin file. Please download again.

If you have downloaded the plugin before, please download it again as a critical error for non-default use of the plugin (customized referrer file) has been discovered and fixed.

May 4, 2005: 2:51 am


I’d install this plugin and it’s activated, also I add referers url into referers.txt. But I still
seeing the same spam referers in my stats!

For example, in referers.txt I’ve “p(0)ker” but in my referers I see “http://www.p(0)ker.blabla.com. (note: (0)=o).

What’s wrong?


April 7, 2005: 9:27 pm

[...] are a lot of useronline scripts out there but this one’s made specifically for WP. Referrer Bouncer : Bounce referer spammers back to their own s [...]

April 7, 2005: 12:40 am

I am assuming you are using the link specified in the plugin description. Is that correct?
Try changing wp-content permission to 777. Run it. Then change wp-content permission to your old value.
Let me know how it goes.

Christian (TigerDE2)
April 6, 2005: 7:34 pm

When I try to run
I get a 500 Internal Server error.
What’s wrong? (Possibly the file permissions?)

April 2, 2005: 9:34 pm

Yes, I think you are done.

The diasbling of links means anyone with access to the url’s to create and delete your referer.txt will not be able to. After you “disable” the links, such operations will be prohibited, till you re-enable again.

It doesn’t affect the working of the plugin in any way.

The way it works is this. It checks to see if referer.txt is present. If so, it then uses it and sees if the current referrer matches anyone in your list. If the referer.txt file is not present then it uses its own internal list.

When I say that referer.txt can be deleted, I mean that by doing so you would be using the default set of referrer’s. If you want to customize the list then you need to have the referer.txt file present with your own entries.

Hope that clarifies…

April 1, 2005: 5:39 am

Okay, I think I’m almost there. I did chmod wp-content to 777 (temporarily) and tried selecting the link to disable the referer.txt and it seemed to work (no errors were given). I also found nrsetup.txt had been created automatically in wp-content.

I chmod the directory back to its original settings and clicked the link and did not get an error message. So, based on what you’re saying, now that nrsetup.txt is present, it looks like I’m done, right?

Sorry for so many questions. I guess what’s confusing me is when the plugin says to disable links to referer.txt and you explaining that the referer.txt can be deleted, I’m just left wondering, “so how does it know to keep working?” Of course, I’m NOT saying you’d program it that way (that would be counter-productive LOL). I’m just trying to get a good understanding of it, is all.

I really do appreciate your patience with me and the help you’ve given.

April 1, 2005: 3:22 am

The wp-content directory should be writable by the process running php, which normally has the same permissions as your webserver (like Apache). Is your web server running under your login id?

I strongly suspect that it doesn’t have write permission to wp-content directory. It is probably running as “nobody”. You can do a ps -ef to find out this. Look for a process called httpd if you are running on Apache.

Another way is to temporarily chmod wp-content to 777 and see if it solves your problem.

The simplest solution for you is to create an empty file called nrsetup.txt under wp-content directory manually. You are done. You don’t need to worry about anything else. The setup is now fully secure.

If you are not concerned about manually configuring it with referrer’s then you can also delete the referer.txt file. You can always change your mind later.

By “touch” I meant the unix command I used to create the file.

March 31, 2005: 6:47 pm

Thanks for getting back to me. :) It wasn’t until I sent you another comment that I realized that the previous comments were in moderation. When I submitted the third one that’s when the others popped up to tell me that. Sorry about that.

My wp-content directory is set to 755. “Group” and “public” are not set to “write”. Should they be?

I’m sorry — I don’t understand what you mean when you say “using touch”. There is no file called “nrsetup.txt” in my wp-content directory. Are you saying that I can or should create one? If so, I’m not clear what the file should contain. Could you clarify?

I understand about not needing to delete the referer.txt file. So if I have the wp-content directory set to the correct chmod, will it then disable it as you describe?

I really appreciate your help!

March 31, 2005: 6:03 pm

@Ken You do not need to delete the referer.txt file for security.
Deleting it doesn’t enhance security in any way. In fact I encourage that you maintain your own file and update it as necessary.

All I do is prevent the file from being deleted/created by outsiders using the disabling feature. Thus outsiders cannot modify your referer list even if they guess that you are using this plugin. Editing the file is controlled by wordpress admin authentication mechanism. So after disabling you need not have any concerns wrt. security.

March 31, 2005: 5:19 pm


Does your wp-content directory have write permission?

The process of disabling is done by creating a file (using touch) named nrsetup.txt in your wp-content directory. You can also manually create the file for same effect.

Yes, when it cannot find referer.txt then it uses the default list of spammers which is hardcoded in the plugin file.

Yes, I got your posts. I was out on business.

Let me know if that addresses all your questions.

March 30, 2005: 5:31 pm

Hello again, Angsuman. My earlier post is missing. Did you get it? If not, I’d be happy to explain again the help I need with your plugin. I look forward to hearing from you. :)

March 30, 2005: 7:58 am

Oh, I’m sorry…one more thing. Am I correct in my understanding that after I delete the referer.txt file (for security reasons, I guess) that that information is somehow saved elsewhere for the plugin to continue working?

March 30, 2005: 7:56 am

Angusman, thanks for creating this plugin. I’m looking forward to benefitting from it. I have a question about disabling the links though. I manually created the referer.txt file, chmod it to 666. However, after clicking on the disable link it give me a few warning messages like “Warning: touch(): Unable to create file /hsphere/local/home/galen5/familywebwatch.com/blog_test/wp-content/plugins/../nrsetup.txt because Permission denied in /hsphere/local/home/galen5/familywebwatch.com/blog_test/wp-content/plugins/noreferer.php on line 48″.

What am I doing wrong? Thanks for any help you can offer. :)

March 30, 2005: 4:11 am

Thanks very much for the Referrer Bouncer Plugin. I was looking for something like that as I’ve accumulated a large number of bogus referring sites. Since I’m on a shared hosting platform, doing the htaccess rewrite rules thing is problematic and time-consuming.

March 29, 2005: 3:35 pm

[...] trackback spam as well… and huge piles of referrer spam, which I’m hoping the Referrer Bouncer 1.1 plugin by Angsuman Chakraborty will reduce [...]

March 25, 2005: 4:44 am

Thanks to all for the compliments. I am happy to know you found it useful.

I am thinking about including Chad’s idea of a central distribution of updates in the next release. Say an automatic weekly update, which incorporates your changes along with new entries from my list.

What do you all think?

BTW: You can always look in my list.

March 25, 2005: 4:26 am

Thanks a bunch for writing this plugin. I’ve been looking for one of these.

March 24, 2005: 3:26 am

[...] ing but filling my stats with crap. Now I have a chance to defend myself. I just found a referrer bouncer plug-for WordPress and I’m hoping it wor [...]

March 24, 2005: 1:50 am

[...] i tiene le statistiche ed averlo subissato di spam, sappiate che ora esiste una soluzione: referrer bouncer, un plugin per wordpress che usa una blacklist [...]

March 21, 2005: 10:32 am

[...] n for Wordpress to deal with referrer spam Filed under: Plugin Testing — Tom Referrer Bouncer by Simple Thoughts seems to be a well done and [...]

March 20, 2005: 12:46 pm

[...] Danger, And More WP Goodness Before we continue, as usual here’s another new plugin for WordPress that’s too good to pass up. What [...]

March 20, 2005: 6:44 am

Thanks for sharing your list.

March 20, 2005: 4:05 am

Hmmm… It would be wonderful if we could work out a central update service. I found myself adding 2-3 new referals to my .htaccess every week.
Either way, I’ve added a lot of the ones I received to the list. Anyone can grab it at http://www.pirate-king.com/wp-content/referer.txt

will not be displayed