Fight to Comment Spam & Malicious Scripts

I was trying to improve my security in order to reduce on comment spam by inserting following codes:

.htaccess

# Protect from spam bots
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.domain1.com.* [NC]
RewriteCond %{HTTP_REFERER} !.domain2.com.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^https://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>

function.php

function check_referrer() {
if (!isset($_SERVER[‘HTTP_REFERER’]) || $_SERVER[‘HTTP_REFERER’] == “”) {
wp_die( __(‘Sorry we think that you are a spammer. If you are not a spammer try
commenting again and if the problem continues contact us’) );
}}
add_action(‘check_comment_flood’, ‘check_referrer’);

Further I removed the URL feature from the comment form.

Unfortunately, the comment spam flood has not really changed since the introduction of these WordPress tweaks. I’m still getting approx. 50 spam comments daily. This spam is removed by Akismet, but still land in the spam queue for manual review, which is time-consuming and annoying

Is there anything else what can be done? May I have a malicious script hidden on my website? How would I identify and find this?

Thanks in advance for your suggestions, guys.