Three Ways to Stop Spam Comments in WordPress

It doesn’t take long after you’ve put your shiny new WordPress website live for the spam to arrive.

You know what I’m talking about here – the seemingly endless stream of comments left about your blog posts offering to improve your virility, or your website traffic, or seem to have been written by a chimpanzee with a poor command of English.

WordPress Comment spam example
WordPress Comment spam example

You’ve been spammed my friend.

What is “Comment Spam”?


The motivation behind spam comments is the same as email spam – getting you to visit a website to buy a product or service – but the way the spammer gets you to their site is different.

Email spam is all about obtaining your valid email address, then getting you to click a link in the emails you subsequently receive.

Comment spam is not so much about getting you to click a link. Instead, the spammer is trying to get a higher ranking for their own website in search engines such as Google. They do this by placing a valid link to their website in a comment that they leave on yours. Google indexes the  link in this comment. Once the spammer’s website ranks high in Google for a particular search term, many more people are likely to visit this site than if they had received a link in a spam email.

Two men looking at a 1950's computer
Clever Computer Programmers

You’ve got to admit, it’s very clever.

How Do I stop Spam Comments ?

If you are using WordPress as your website platform, it’s very easy to stop most of the spam targeted at your website.

Here are three different approaches you can take. To slow spam comments to a trickle, you’re best to put all three techniques into action.

1. Use WordPress’ Built-in Comment tools

WordPress comes  with a few built-in tools that make leaving spam comments more difficult. These are all available in the “Discussions” dashboard, which is under “Settings” in your WordPress Admin area.

Before a comment appears

One way to make your website less attractive to spammers is to review all of the comments before you make available to the general public. This gives you an opportunity to delete spam comments before the are published, denying the spammer an opportunity to build links back to their website.

When logged in as an Administrator user, you should see two checkbox settings in the Discussions dashboard.

(1) An administrator must always approve the comment. When this option is checked, comments to your posts will not appear until you approve them. I recommended you check this box if the number of comments left on your website is a manageable number.

(2) Comment author must have a previously approved comment. This saves you a lot of time. When this option is checked, then all subsequent comments from a particular author will be approved automatically after their first comment has been approved by you. It means you do not have to worry about comments left by people you trust.

Comment Moderation

If you choose not to auto-approve comments – a necessity if you get a lot of comments – then there are two options under “Comment Moderation” that help you identify potential spam.

(1)  Hold a comment in the queue if it contains [ 2 ] or more links. As WordPress explain with this setting, a common characteristic of comment spam is a large number of hyperlinks. Setting the number of links at “2” will hold the comment from publication until you to approve it.

(2) When a comment contains any of these words… There is a large text box with this option where you can add, line-by-line, the words, website addresses, or other information that you think will be spam for your website  An obvious place to start would be to add words like “Viagra” and “make money” to this list. You should continue to add to this list as you see obvious spam words in the comment you receive. The comments containing these ‘red flag’ words wont be deleted, but are held in a moderation queue for you to approve or remove. If you do consider a comment to be spam, them add their website address to the Comment Blacklist (see below).

Comment Blacklist

This is a box that allows you to add website addresses, email addresses, etc. that a spammer has put in their comments. Having their website on your blacklist – which will probably the ONLY real piece of information in the comment –  will prevent the same spammer from attacking your website again.

Here’s a video to demonstrate the Comment Moderation and Comment Blacklist tools:

2. Only allow authenticated people to comment

The tactics behind  using WordPress’ built-in comment tools deal with spam comments that have already been submitted to your website, and require you to take some sort of action to clean them up.

Things would be much easier if you could at least know that the people who are leaving comments on your website are real people and not spam robots. One of the simple way to deter all but the most sophisticated spammer is to have your visitors register and/or sign in when leaving a comment.

Registration desk sign
Registration Essential

Register on your website

WordPress allows visitors to become registered users of your website, and you can set it up so that only registered users can post comments:

  1. First go to the ‘General’ dashboard, under ‘Settings’, and check the checkbox “Anyone can register”.
  2. Next, go to the ‘Discussions’ dashboard and check the box “

From this point on, visitors can register on your website and leave comments only after logging in.

Use Facebook credentials

An alternative to requiring visitors to register on your website is to require them to use their  Facebook credentials. There are a number of free WordPress plugins you can install that will only allow visitors to leave comments after they have logged in to Facebook. Having them do so has the additional benefit of placing a link to your website on the visitor’s Facebook timeline, which will increase the exposure of your website.

WordPress and Facebook registration wont guarantee a spam-free experience, but they will deter the less sophisticated spammer, as well as spam robots, from abusing your posts.

3. Use Anti-spam plugins and services

Wordpress Plugins
WordPress Plugins

The above techniques to stop comment spam in WordPress are fare easy to set up, but they do take some time to administer, and require you to curate the comments to weed out the spam

If you have too much comment traffic to effectively manage blacklists and user registrations, or you simply prefer not to, then it’s time to increase your anti-spam arsenal by installing a WordPress plugins (or two).

A quick search for “spam” on the WordPress plugin repository turns up over 600 results. These free plugins take a large number of approaches to preventing spam – everything from sharing blacklists, to insisting your visitors solve a simple puzzle, to a statistical analysis of the comment text. Find one the suits your tastes and see how you well it works.

If you do have a little money to spend, then by far the best approach is to leave it to the professionals.

There are several online services that will filter all of the comments received on your website for spam, allowing through only those that pass their strict set of tests and trashing the rest.

The most popular anti-spam plugin is the one that is installed by the makers of WordPress themselves when you first install their software.

Akismet, from Automattic, Inc., is easy to set up and, I’ve found, extremely effective at stopping comment spam. Prices range from “free” for small personal blogs, up to US$50 per month for “Enterprise” websites. It’s US$5 per month for small non-personal websites.

Yes, you can be spam-free!

So, there are a number of straight-forward approaches to combating spam comments, and you really should be doing at least something to stop the abuse of your website. Not only will you website look better, and be a social hub of comment and discussion on your posts, but you also deny the success of one a person (or company) from using such a disruptive call for attention. Hopefully, they’ll consider spamming a waste of effort.

One thought on “Three Ways to Stop Spam Comments in WordPress

  1. Thank you @Kevin. BTW: Well laid out, clear and very useful explanation of options for handling comment spam. A very timely post. We use Akismet and we also us DISCUS to handle comment threads.

Leave a Reply