6 Ways to Stop WordPress Comment Spam & Deter Spammers

If you’re like me, spammers are hitting your blog on a daily basis. I find it a royal pain to check through my site everyday looking for fake comments… so I’ve decided to do something about it. What follows then is an explanation of what I’ve done to reduce my WordPress comment spam.

This guide will show you how to tighten up your posts to stop comment spam, or at least reduce the time it takes you to clean it up.

Why is Comment Spam Such a Problem?

Most comment spam is generated automatically by bots that scour the web looking for pages into which they can drop comments.

The bots automatically publish content into a comment area, along with a link back to a site the bot owner wants to promote. This is a black hat marketing technique used to bulk spam thousands of sites.

These auto generated comments are usually nonsensical or not relevant to the post they are commenting on. They often also try to flatter your site (or you) to appeal to your vanity in the hope their comments are approved and published.

Regardless of the content, comment spam is a real problem for blog owners for a variety of reasons:

• Links dropped into spam comments can drive visitors to malicious or unsavoury websites.
• Google can penalize your site.
• Comment spam makes you look unprofessional.
• Heavily spammed content makes it difficult your visitors to have real discussions about what you’ve written.

A Note on WordPress & Comment Spam

Firstly I have to say, I am a huge advocate of WordPress. It’s an amazing tool for anyone regardless of coding experience. Although it can be a steep learning curve for beginners, the effort of getting to grips with it is worth the pain.

For such a feature rich platform, I am amazed that WordPress is free. However, as with all blogging tools it does leave a footprint for spam marketers to exploit.

Sadly, comment spam is a fact of life for any blogger and not just those using WordPress.

However, accepting it as the occupational hazard it is, you can minimize your exposure to comment spam in WordPress.

At the same time you can make life harder for those wanting to exploit your blog as a springboard for black hat marketing.

So the following list works its way from the most stringent steps you can take down to the less rigorous ones.

Steps to Reduce WordPress Comment Spam

1. Disable Comments

First off there is one way you can stop WordPress from getting any comment spam attacks whatsoever.

It’s a simple one really, and ordinarily I wouldn’t mention it as it’s not something I choose to do. Nonetheless, it is an option so it’s worth adding it to the list.

You can completely stop all comment spam by simply disabling comments on your WordPress blog.

Here’s how you do it.

First go to the Discussion area. You can find this in the navigation menu under Settings > Discussion (shown in the image).

Clicking the Discussion link takes you to the main area in WordPress that enables you to configure how you manage comments.

You should note that any changes you make in the Discussion area only affect future posts. If you have existing comments attached to pages, any configuration changes you make in the Discussion window will not affect these.

To disable comments on all future posts, look for tick boxes under the main Discussion Settings heading:

Select the check box as above to completely disable comments on any post throughout your WordPress blog.

For me, this is a real “sledgehammer to crack a peanut scenario” as although disabling them will kill WordPress comment spam completely, there are potential benefits you’d lose as a result.

Some potential benefits of allowing comments are:

• Comments enable readers to interact with you right at the point they’ve read your blog post. This gives you a mechanism to respond to them directly and publicly.
• You can often get inspiration for new blog posts from questions or directions left in the comments area.
• Allowing comments can keep people on your site longer. The longer someone remains on your site either reading or adding comments, the better.

2. Force Visitors to Register

Slightly less rigorous than disabling comments, you can request that users register with your WordPress blog before you permit them to comment.

There are pros and cons with this.

On the plus side, forcing registration might encourage some users to build a closer relationship with you by signing up as a registered user of your site.

Additionally it might deter many would be spammers. Having said this, spam bots are able to auto register in WordPress these days (and have been able for many years actually).

So it might put off people who manually leave spam comments, but it won’t stop bots. However, if you want to force registration, a WordPress plugin will probably take care of this for you (see the Plugins section below for further details).

Now the downside! Forcing registration might actually deter genuine visitors to leave comments. Let’s face it, it’s a pain to register accounts!

Nonetheless, if you want to force visitors to register before they can comment, go to Settings > Discussion, and look at the Other comment settings area.

3. Comment Blacklist

If you find the same person is repeatedly spamming you, you can configure WordPress to automatically send their comments to the trash folder.

You’d normally be able to identify a persistent offender through the repeated use of certain elements in the comment:

• Name
• URL
• Email
• IP address

To add an element into your WordPress comment blacklist, go to Settings > Discussion, and look at the Comment Blacklist area.

You can add any of the above but as per the description in the image above, be careful you add ONLY words into this area that precisely match the individual spammer so you don’t send genuine comments to trash.

4. Limit the Number of Links in Comments

Since most comment spammers are looking to drop links into your posts, you can limit the thing they most desire.

You can configure WordPress to reject comments with more than x links.

Of course this affects genuine visitors to your site, but if spammers are hitting you hard, this might be one way to reduce the problem.

It’s a trade off you’ll need to weigh up.

To reduce the number of links you allow in comments, visit Settings > Discussion and head to the Comment Moderation heading.

The image shows you can add the number of links you’ll permit when submitting a comment. If you set this to 0, any comment with even 1 link will not submit.

5. Comment Moderation Queues

This should be a default for anyone in my opinion. I personally would NEVER allow comments to auto-publish as the risk of spam is too great.

Comment moderation is a process whereby any comment left on your WordPress blog automatically goes into a queue awaiting you to check it’s ok before publishing it.

It is very simple to activate. Go to Settings > Discussion and look for the Before a comment appears heading.

Selecting the Comments must be manually approved check box means that no comment will ever go live to your blog without your moderation and approval.

If you see comments you don’t like in your moderation queue, you can manually trash them before they hit your site.

This downside of this configuration is it won’t stop people leaving comment spam… it just won’t publish to your site until you say so.

With comment moderation turned on, you will have to look at each comment and make a call as to whether it’s genuine or not. Not such a problem if you’re getting two spammy comments a day, but a headache if you’re getting hundreds.

To reiterate tough, I would NEVER leave this configuration unchecked.

6. Plugins

Perhaps the easiest way to manage spam, from both comments and registration bots, is to use a plugin.

Plugins do place an overhead on your page load speed though: the less plugins you have the more lean your site will be.

WordPress installations come bundles automatically with the Akismet Anti-Spam plugin

This plugin is made by Automattic (the company that makes WordPress).

It comes in 3 different packages:

The basic package for personal WordPress blogs is free. The Plus and Enterprise versions require paid subscription though.

The Akismet plugin is a highly respected anti-spam tool with over 5+ million active users. It doesn’t just guard against comment spam though since it also protects contact forms and fake registrations.

Akismet connects to a spam database that updates in real-time so it’s very up to date at recognizing and filtering out spam. You need to set up an API key to activate Akismet for your site, which you’ll receive after signing up.

I have personal experience with Akismet and recommend it highly, but it’s not the only anti-spam plugin available. Make a search for anti-spam in the WordPress plugins site to see a list and all reviews.

Summary

WordPress comment spam can be frustrating. It can fill up your comment moderations queue and give you a ton of extra work to go through filtering out the good from the bad.

If you allow comment to publish automatically, you run the risk of publishing malicious or undesirable links to other sites. This can cause you a problem with Google: you do not want a manual penalty against your domain.

To stop comment spam, we can take the following steps:

• Disable comments in WordPress.
• Force visitors to register before they can leave comments.
• Add common spam words (or words offenders use repeatedly) words to a blacklist that automatically trashes spam comments.
• Limit the number of links per comment.
• Require all comments to enter a moderation queue where you can decide if it’s spam or not (recommended).
• Use a plugin like Akismet to to handle contact form, registration and comment spam all in one go (highly recommended).

That’s it for now.

Paul

If have any questions about WordPress comment spam or anything else in this post, drop me a comment below.