If you’re like me, spammers are hitting your blog on a daily basis. I find it a royal pain to check through my site everyday looking for fake comments… so I’ve decided to do something about it. What follows then is an explanation of what I’ve done to reduce my WordPress comment spam.
This guide will show you how to tighten up your posts to stop comment spam, or at least reduce the time it takes you to clean it up.
Why is Comment Spam Such a Problem?
Most comment spam is generated automatically by bots that scour the web looking for pages into which they can drop comments.
The bots automatically publish content into a comment area, along with a link back to a site the bot owner wants to promote. This is a black hat marketing technique used to bulk spam thousands of sites.
These auto generated comments are usually nonsensical or not relevant to the post they are commenting on. They often also try to flatter your site (or you) to appeal to your vanity in the hope their comments are approved and published.
Regardless of the content, comment spam is a real problem for blog owners for a variety of reasons:
- Links dropped into spam comments can drive visitors to malicious or unsavoury websites.
- Google can penalize your site.
- Comment spam makes you look unprofessional.
- Heavily spammed content makes it difficult your visitors to have real discussions about what you’ve written.
A Note on WordPress & Comment Spam
Firstly I have to say, I am a huge advocate of WordPress. It’s an amazing tool for anyone regardless of coding experience. Although it can be a steep learning curve for beginners, the effort of getting to grips with it is worth the pain.
For such a feature rich platform, I am amazed that WordPress is free. However, as with all blogging tools it does leave a footprint for spam marketers to exploit.
Sadly, comment spam is a fact of life for any blogger and not just those using WordPress.
However, accepting it as the occupational hazard it is, you can minimize your exposure to comment spam in WordPress.
At the same time you can make life harder for those wanting to exploit your blog as a springboard for black hat marketing.
So the following list works its way from the most stringent steps you can take down to the less rigorous ones.
Steps to Reduce WordPress Comment Spam
1. Disable Comments
First off there is one way you can stop WordPress from getting any comment spam attacks whatsoever.
It’s a simple one really, and ordinarily I wouldn’t mention it as it’s not something I choose to do. Nonetheless, it is an option so it’s worth adding it to the list.
You can completely stop all comment spam by simply disabling comments on your WordPress blog.
Here’s how you do it.

First go to the Discussion area. You can find this in the navigation menu under Settings > Discussion (shown in the image).
Clicking the Discussion link takes you to the main area in WordPress that enables you to configure how you manage comments.
You should note that any changes you make in the Discussion area only affect future posts. If you have existing comments attached to pages, any configuration changes you make in the Discussion window will not affect these.
To disable comments on all future posts, look for tick boxes under the main Discussion Settings heading:

Select the check box as above to completely disable comments on any post throughout your WordPress blog.
For me, this is a real “sledgehammer to crack a peanut scenario” as although disabling them will kill WordPress comment spam completely, there are potential benefits you’d lose as a result.
Some potential benefits of allowing comments are:
- Comments enable readers to interact with you right at the point they’ve read your blog post. This gives you a mechanism to respond to them directly and publicly.
- You can often get inspiration for new blog posts from questions or directions left in the comments area.
- Allowing comments can keep people on your site longer. The longer someone remains on your site either reading or adding comments, the better.
2. Force Visitors to Register
Slightly less rigorous than disabling comments, you can request that users register with your WordPress blog before you permit them to comment.
There are pros and cons with this.
On the plus side, forcing registration might encourage some users to build a closer relationship with you by signing up as a registered user of your site.
Additionally it might deter many would be spammers. Having said this, spam bots are able to auto register in WordPress these days (and have been able for many years actually).
So it might put off people who manually leave spam comments, but it won’t stop bots. However, if you want to force registration, a WordPress plugin will probably take care of this for you (see the Plugins section below for further details).
Now the downside! Forcing registration might actually deter genuine visitors to leave comments. Let’s face it, it’s a pain to register accounts!
Nonetheless, if you want to force visitors to register before they can comment, go to Settings > Discussion, and look at the Other comment settings area.

3. Comment Blacklist
If you find the same person is repeatedly spamming you, you can configure WordPress to automatically send their comments to the trash folder.
You’d normally be able to identify a persistent offender through the repeated use of certain elements in the comment:
- Name
- URL
- IP address
To add an element into your WordPress comment blacklist, go to Settings > Discussion, and look at the Comment Blacklist area.

You can add any of the above but as per the description in the image above, be careful you add ONLY words into this area that precisely match the individual spammer so you don’t send genuine comments to trash.
4. Limit the Number of Links in Comments
Since most comment spammers are looking to drop links into your posts, you can limit the thing they most desire.
You can configure WordPress to reject comments with more than x links.
Of course this affects genuine visitors to your site, but if spammers are hitting you hard, this might be one way to reduce the problem.
It’s a trade off you’ll need to weigh up.
To reduce the number of links you allow in comments, visit Settings > Discussion and head to the Comment Moderation heading.

The image shows you can add the number of links you’ll permit when submitting a comment. If you set this to 0, any comment with even 1 link will not submit.
5. Comment Moderation Queues
This should be a default for anyone in my opinion. I personally would NEVER allow comments to auto-publish as the risk of spam is too great.
Comment moderation is a process whereby any comment left on your WordPress blog automatically goes into a queue awaiting you to check it’s ok before publishing it.
It is very simple to activate. Go to Settings > Discussion and look for the Before a comment appears heading.

Selecting the Comments must be manually approved check box means that no comment will ever go live to your blog without your moderation and approval.
If you see comments you don’t like in your moderation queue, you can manually trash them before they hit your site.
This downside of this configuration is it won’t stop people leaving comment spam… it just won’t publish to your site until you say so.
With comment moderation turned on, you will have to look at each comment and make a call as to whether it’s genuine or not. Not such a problem if you’re getting two spammy comments a day, but a headache if you’re getting hundreds.
To reiterate tough, I would NEVER leave this configuration unchecked.
6. Plugins
Perhaps the easiest way to manage spam, from both comments and registration bots, is to use a plugin.
Plugins do place an overhead on your page load speed though: the less plugins you have the more lean your site will be.
WordPress installations come bundles automatically with the Akismet Anti-Spam plugin
This plugin is made by Automattic (the company that makes WordPress).
It comes in 3 different packages:
The basic package for personal WordPress blogs is free. The Plus and Enterprise versions require paid subscription though.
The Akismet plugin is a highly respected anti-spam tool with over 5+ million active users. It doesn’t just guard against comment spam though since it also protects contact forms and fake registrations.
Akismet connects to a spam database that updates in real-time so it’s very up to date at recognizing and filtering out spam. You need to set up an API key to activate Akismet for your site, which you’ll receive after signing up.
I have personal experience with Akismet and recommend it highly, but it’s not the only anti-spam plugin available. Make a search for anti-spam in the WordPress plugins site to see a list and all reviews.
Summary
WordPress comment spam can be frustrating. It can fill up your comment moderations queue and give you a ton of extra work to go through filtering out the good from the bad.
If you allow comment to publish automatically, you run the risk of publishing malicious or undesirable links to other sites. This can cause you a problem with Google: you do not want a manual penalty against your domain.
To stop comment spam, we can take the following steps:
- Disable comments in WordPress.
- Force visitors to register before they can leave comments.
- Add common spam words (or words offenders use repeatedly) words to a blacklist that automatically trashes spam comments.
- Limit the number of links per comment.
- Require all comments to enter a moderation queue where you can decide if it’s spam or not (recommended).
- Use a plugin like Akismet to to handle contact form, registration and comment spam all in one go (highly recommended).
That’s it for now.
Paul

If have any questions about WordPress comment spam or anything else in this post, drop me a comment below.
I wish there was more commenting on my newest blog haha (still in the early phases I guess)! As you said though, once comments are flowing, the spammers become very annoying very quickly.
I also use the Akismet plugin and it’s been working very well on all my WP blogs. Sometimes a spam comment slips through here and there, mostly because it was a manual submission. However, on very rare occasions I’m not even sure if it’s an actual spam comment or just someone dropping a line real quick, especially when it’s related to the blog post.
Either way, I always check the links that people submit. If it’s going to a spammy website, I just delete the link. This way, I can protect myself from links going to dubious websites while still approving the comment. Oh and yes, like you said, I highly suggest approving comments before they get published, too!
You and me both James, but comments come over time as you point out… we are running from a similar starting point (you a few months ahead of me though I think), though like you, this is not my first blog.
I appreciate your thoughtful comments James… they show you’ve read my posts and you always add value to the subject.
I like reading your blog, Paul. We both think the same way!
🙂