Three Strikes and You're Out

Three Strikes and You’re Out is a WordPress plugin that temporarily closes comments on your blog across the board to anyone who is coming from an IP address that is repeatedly behaving badly. It examines your Bad Behavior logs and spam queue and its own internal log, and if your visitor has notched up three or more bad hits, it responds by closing comments right across the board on your blog.

Installation is straightforward: download it, unzip it, copy the file three-strikes.php into your /wp-content/plugins directory, and enable it in your dashboard.

By default, it will close comments after the offending IP address has tried something naughty three or more times in the past seven days. You can change these defaults by editing the define() statements at the top of the plugin’s source code:

• THREE_STRIKES_LIMIT is the number of bad hits above which an IP address is blocked.
• THREE_STRIKES_TIMEOUT is the time in days after which bad hits are ignored.
• THREE_STRIKES_BB_STRICT indicates whether to include events logged by Bad Behavior's "strict checking" option. As these are more likely to give false positives, this option is left off.

One feature of Three Strikes and You’re Out is that it includes a public API that allows other plugins to communicate with it, either by logging their own events, or by manipulating the final count of nefarious attempts on your blog.

Requirements:

Three Strikes And You’re Out officially requires WordPress 2.0 or later. It may work with WordPress 1.5, though if that is the case then it is more by accident than by design, as that version is not supported.

If you run into problems, I’ve written a blog entry on how to report problems with WordPress plugins. Please read it and do what it says before shouting at me!