the walking writer

How to Stop Comment Spam On Your WordPress Site

Credit: Mkhmarketing, CC BY 2.0 (image edited by author)

With more and more people now using WordPress to power their websites, spammers are getting better and better at figuring out how to spam the comments feature efficiently. These annoying spam-filled comments usually include links to sites that you definitely don’t want appearing on your own website. Depending on how popular your blog is, you could see hundreds of spam comments a day. This tutorial aims at providing some basic ideas to help you avoid the need to wade through piles of comment spam to find comments actually left by humans.

Moderate All Comments

Moderating all of your comments will absolutely ensure that no spam appears on your site. By choosing to moderate your comments, you will need to sift through the comments each day to find and approve legitimate comments. Although this option will cost you some time, you can fine tune it to make it a bit easier. For example, you can set your WordPress installation to allow comments from repeat commentators. In other words, if you’ve accepted a comment from one person once, the next time they comment, their comment will go through without needing approval. These options are all under Settings > Discussion on your control panel.

Use an Anti-Spam Plugin

If you’d prefer a more automatic option to deal with spam, you can try a variety of plugins from the WordPress community. The Akismet plugin comes with each fresh WordPress installation. However, the terms for using Akismet have changed over the years. If you have any kind of advertising on your blog (for example, an Amazon affiliate link), you must pay at least $5 dollars a month to use the service. Fortunately, there are some other alternatives that you can use instead, including the aptly titled Anti-spam. A quick search on the WordPress plugin site can help you find more plugins to better suit your needs.
Please be aware that Akismet and other plugins will on occasion mark a legitimate comment as spam, so you may want to browse through the spam comments from time to time. Spammers have gotten better with making their spam look legitimate, but it’s still pretty easy to identify true spam, especially if you look at the URL they include in their comments.

Block Repeat Spammers

If you have a troublesome spammer who refuses to give up, it’s easy to blacklist them if they have a pattern to their comments. First, go to Settings and then Discussion. If the spammer is leaving a lot of links, then fill out the option to hold a comment if they leave X number of comments. This will not mark it as spam, however, but it will hold the comment in moderation. You can also scroll down a bit further to the Comment Blacklist form. Here you can put particular words or URLs that will automatically be marked as spam. Maybe you’ve noticed you have a problem with a spammer who is trying to sell you toothbrushes. If you’re not too worried about someone submitting a legitimate comment with the word “toothbrush”, you can simply add “toothbrush” and future comments with that word will automatically be held for moderation.

Pinging Can Bring Spam

When you make a new post on your WordPress blog, you have the option to ping update services to let these websites know about your newest post. Spammers monitor these update lists to find new blogs to unleash their advertisements on. Be cautious about what ping services you choose to use. I suggest using only Pingomatic. This service is run by the creators of WordPress and automatically notifies the other important update services for you. You can also turn this function off completely, but you may lose out on some legitimate visitors as well as the spammers. You can adjust this feature in the Writing settings in your WordPress control panel.


You can also install a CAPTCHA plugin to ensure that only a human reader can leave a comment. CAPTCHAs are garbled images with some blurry text that you must decipher and input to prove you’re a human. Some people strongly dislike CAPTCHA plugins because they often generate images that are hard to read. There are, however, some other kinds of plugins that are less annoying and only ask your visitors to input something simple, such as answering a basic math question. In my opinion, this option is a last resort as some of your visitors may refuse to leave comments because they dislike dealing with CAPTCHA.

Good luck! Comment spam is annoying, but there are many ways to increase your defenses against it.

Well, despite my failure to blog for a couple of months (I blame lack of inspiration and a really terrible cold), my poor little blog has been mercilessly attack by spam bots.  I must say the spam comments have become a little more interesting in the last few years.  Some of them could almost pass for legitimate comments.

I’m not a big fan of Akismet for spam protection, but I will sing endless praises for Anti-spam.  It’s a simple plugin that uses two hidden fields in your comments form to catch spam.  Spam bots will automatically fill the fields in (thus identifying them plainly as spam bots), while human readers won’t.  You don’t have to deal with a moderation queue or sign up for an account.

Well, now that I’ve eliminated my spam problem, hopefully I’ll manage to motivate myself to post a little more frequently.

Many years ago, the Internet was filled with blog scripts covering every programming language.  I remember spending hours comparing all of the available scripts before settling on one.  Greymatter was one of the first ones I remembered.  There were plenty of other popular options, including MoveableType and b2 (which later became WordPress).  These days, however, WordPress seems to be the king of blog scripts.  From major corporations to the tiniest personal weblog, WordPress is the choice for many users.

I’ve been using WordPress for years, probably not long after it first emerged from b2.  It does what I need it to do, and I’m familiar enough with it to do just about anything with it.  However, I think there is some room for improvement.  New users, in particular, probably feel intimidated by the backend of WordPress.  Even making a simple change to the formatting the main blog template requires coding knowledge or significant assistance.

However, to my knowledge, no other blog script has stepped up the challenge of dethroning WordPress.  In fact, with the rising popularity of social networks and the decline in self-hosted personal blogs, I wonder if anyone will ever try to become as popular as WordPress.  There are, to be sure, a few possibilities.  Textpattern, for example, still lives on, even without its original creator.  However, at the end of the day, I imagine many bloggers reach the same decision I’ve reached: I don’t want to trust my content to a blog script that may not exist in two or three years.  At least with WordPress,  I’m reasonably certain that updates will still keep rolling out for years to come.