With a total of 487 billion spam messages being spread throughout WordPress websites every month, it’s easy to understand why fighting off spam comments is a real battle for site owners. Learning how to stop WordPress spam comments and prevent their negative effects can have a hugely positive effect on the performance of your website.
The simple explanation is that spam comments can seriously damage your website in more than one way. First off, your search engine rankings can be affected, as search engine crawlers generally take this into account and discredit websites with a lot of spam and favor those with as little spam as possible.
Second, the more spam your readers see in the comments section, the worse your credibility will be. That is another thing you will definitely want to avoid. So, let’s see what options you have to stop WordPress spam comments.
Table of Contents
- Stop Comments Spam Using WordPress Built-In Features
- Anti-Spam Plugins for WordPress
- Block Spam Comments Using Captcha
- Use a Third-Party Commenting System to Stop WordPress Comment Spam
- Use a Web Application Firewall to Block Comment Spam
The good news is that you have several options to prevent spam comments in WordPress. Since spam comments have been around for the better part of the last two decades, more and more features and strategies have been developed to stop them.
One way to do it is to use the built-in features from WordPress. One of the main advantages of this method is that you will benefit of a spam-free site without having to install any additional plugins.
Depending on how your website is built, what its purpose is, and how necessary the feedback from your community is, you can look into the option of completely disabling comments on your posts. This will work great as an option to completely prevent spam comments if you take into account one key aspect:
In order to take advantage of the way WordPress can help you prevent spam, you should activate this feature right from the start. That’s because the rule applies to every new post created after the feature was activated. So if you already have posts that have been published, you should manually go through each one in order to disable comments.
Here’s how to do it:
- Go to “Settings” > “Discussion”.
- Uncheck the box next to “Allow people to submit comments on new posts”.
Once this box has been unchecked, no new comments will be posted on the posts you publish.
While you can stop WordPress spam comments by simply eliminating the comments altogether if you don’t really make use of them, a less nuclear option is to simply filter out comments left by anonymous users.
WordPress gives you the option to disallow comments from unregistered users, which can have a seriously positive impact on the amount of spam you are actually getting through the comments section.
Here’s how you can activate this:
- Under “Settings” > “Discussion”.
- Check the box for “Users must be registered and logged in to comment”.
Another option that is available directly in WordPress settings is comment moderation. It can be a great way to prevent WordPress spam comments, but it will eat up some of your time.
One thing you need to understand is that content moderation is not going to actually prevent spam in your comments section, but it will prevent it from becoming visible. Comment moderation can be done in two different ways:
- Through manual approval. This is a very effective way to ensure that your visitors will only see comments with real value to the topic made by real users. Since the method implies that each comment will need to be manually approved by you before it’s made public, it can be rather time-consuming, depending on your website type.
- Through content moderation queue. This is a more complex solution, which will only put comments in a moderation queue if they meet certain criteria. For example, you can set rules to receive an email to manually approve a comment if it contains a number of links, or if it contains certain keywords.
We will explore more options in the content moderation queue settings further below. For now, if you want to simply activate manual approval for all comments, you will need to follow these steps.
- Under “Settings” > “Discussion”.
- In the “Before a comment appears” section, check “Comment must be manually approved”.
Common practice is for spammers to usually include links in the comments they leave on WordPress websites. That is why, sometimes, it can be an effective policy to simply ban completely or limit the number of links that you allow in each comment.
WordPress allows you to set your own strategy, and select the number of links you can allow in a comment. If a comment is submitted, and the number of links included exceeds the rules you set, it will be held for moderation and you will need to manually approve or reject it.
Here’s where you can find these settings in WordPress.
- Under “Settings” > “Discussion”.
- In the “Comment Moderation” box, set the number of links a comment can have before it’s held for moderation.
Of course, this means that you can select 1 in the menu, which will automatically keep comments held for moderation even if they include one single link.
5. Set Up a Word Blacklist
Another way to create a blockade against spam on WordPress is to filter out comments that contain certain keywords. While spammers have certainly become a lot more creative in the past decade or so, you can still get a lot sorted out if you know what words they tend to use.
If you want, for example, to make sure that your competitors are never mentioned in the comments section of your posts, you can simply add their names to the word blacklist. Whenever a post is submitted and contains one of the blacklisted words, it will immediately be added to the moderation queue and you will get to decide if it should be posted or not.
Here’s where you can find the menu that allows you to create and implement this blacklist of words.
- Under “Settings” > “Discussion”.
- In the “Disallowed Comment Keys” box, input words, phrases, URLs, or IP addresses that you want to block.
While spam needs to be avoided on every single page of your website, certain pages or posts are likely to attract more spammy comments than others.
If that is the case and if the comments are an important part of the experience you want to offer your visitors, you could explore the option of only disallowing comments on the posts that are likely to attract spam.
It could be because you already noticed that a certain post or page attracted a lot of spam comments. It could also be because you just know that a certain controversial subject you are tackling will make the comments section a spam fest. That is when you can simply choose to manually disable comments for those individual posts.
Here’s how you do it:
- While editing a post or page, go to the “Discussion” box.
- Uncheck “Allow Comments”.
All these built-in features from WordPress work well and are quite easy to activate or configure. If you’re looking for a more complete solution that requires less effort from you, you might want to check a dedicated anti-spam plugin. More on that below.
Anti-Spam Plugins for WordPress
Using an anti-spam plugin can be a great way of filtering out unwanted messages from your comments section without keeping the comments turned off or having to manually moderate them.
There is a wide variety of anti-spam plugins you can use, but we managed to identify a couple of the most popular and most effective. Here are some of them and what their main features are.
1. Akismet
- Cost: Name your price for Personal or $119.40 / year for Pro
- Rating: 4.7
- Active installations: 5+ million
Akismet is the most popular spam protection plugin out there. It is automatically included as part of each WordPress installation and is therefore the most commonly used anti-spam plugin. It is completely free for personal use and only $5/month for commercial websites and will filter out up to 99% of spammy comments.
The plugin has been around for a long time and has a long history of creating rules and figuring out ways to outsmart spammers. While it does come with a lot of pros, you should know that Akismet is not perfect. Users have reported that some pretty obvious spam gets through despite having this plugin activated on their WordPress sites and some users might be wary of its data usage policies.
2. Antispam Bee
- Cost: Free
- Rating: 4.8
- Active installations: 700,000+
Another popular anti-spam plugin, Antispam Bee is one of the most clever anti-spam solutions out there. It uses a particularly effective technique to ensure that spam comments are blocked, and that is a special CAPTCHA that can only be seen by bots. That way, whenever that particular CAPTCHA gets solved, the plugin automatically considers that the comment is spam based on the fact that it was posted by a bot.
With an impressive number of installs and a stellar rating, Antispam Bee is definitely a good choice if you want to filter out spam comments for free. It works out of the box with minimum setup, but will only work with native WordPress comments, and not Jetpack comments for example. As a matter of fact, there are several other contact forms out there that Antispam Bee doesn’t cover and doesn’t work on.
3. Titan Anti-spam & Security
- Cost: Free + $55 / year for the premium version
- Rating: 4.5
- Active installations: 100,000+
Titan Anti-spam & Security is a more complex security plugin for WordPress websites. It comes with a wider variety of security features, like a firewall, a malware scanner, and the possibility to create threat audits for your WordPress website.
While it does a decent job of keeping spam comments away and protecting your website against other security threats, it is probably not as effective at either as the dedicated solutions. It can be a good choice for those with limited resources in terms of website performance, as it will do a decent job while not eating up too many resources.
4. Spam protection, AntiSpam, FireWall by CleanTalk
- Cost: Free trial then $12 / year
- Rating: 4.8
- Active installations: 200,000+
Another great tool to stop spam comments on your WordPress website comes from CleanTalk and offers a multitude of features that will help you in your war against spam comments. Among these features, we should mention the ability to stop: spam comments, registrations, contact emails, orders, bookings, subscriptions, surveys, widgets, WooCommerce, and even search.
It offers real-time email validation and is GDPR compliant, for a modest $12/website annual rate. It does come with some negative aspects, one of the most important ones being that there is no reCAPTCHA integration available.
5. Zero Spam for WordPress
- Cost: Free
- Rating: 4.1
- Active installations: 40,000+
Using artificial intelligence to protect your WordPress site against spam comments among some other clever technologies, Zero Spam for WordPress is a great tool to use. An interesting aspect of the way Zero Spam for WordPress operates is the fact that it keeps a running database of malicious IPs which makes preventing spam comments a lot quicker and easier, thus using up fewer resources.
While the fact that there is no CAPTCHA and moderation queue can be seen as a way of taking some work off of your shoulders, they can be a negative aspect as well. It all depends on what you need and what you expect an anti-spam plugin to do.
- Cost: Free
- Rating: 4.7
- Active installations: 1+ million
Another great tool for those in need of a solution to prevent spam comments in WordPress. This plugin comes as a great alternative to the manual anti-spam settings this CMS has as default. Since this plugin can do it all in just a couple of clicks in a user-friendly dashboard, it requires very little technical knowledge from the admin.
Even though this plugin doesn’t come with as many features as some of the others added to this list, it’s still a great choice, especially for those who want to disable comments in order to prevent spam, but also want more customization options to the process than WordPress can offer.
Another option to prevent comment spam is using Captchas. Since most (if not all) spam comments are published by automated bots, a good way to stop comment spam is to simply make it impossible for bots to post comments.
That is where CAPTCHAs come in to save the day. CAPTCHA stands for “Completely automated public Turing test to tell computers and humans apart” and the name is as descriptive as it can possibly be. CAPTCHAs do exactly what their name suggests: they are specially designed tests that can only be solved by humans, thus reducing the possibility for a bot or crawler to be able to complete an action that requires CAPTCHA confirmation.
Traditional CAPTCHA tests have been developed by many companies throughout the years, but one of the most popular versions is, to this day, the reCAPTCHA developed and owned by Google. It is used for basic bot protection and preventing comment spam, but it has other purposes too.
For example, it was used to digitize The New York Times archives and other books. Later, it became a way for machine learning to be perfected by using real user input from humans.
Keeping in mind that close to 50% of CAPTCHA tests can, in fact, be completed by non-human entities such as bots and crawlers, you should know that they can be a solution for reducing spam comments on your WordPress site.
With WordPress comment spam being a real problem to this day, there are several ways for you to implement CAPTCHAs in the comments section. That includes some pretty great plugins that will work pretty much out of the box. Here are some of the most popular:
1. Advanced Google reCAPTCHA
- Rating: 4.9
- Active installations: 70,000+
This plugin is a great tool for implementing Google’s reCAPTCHA to any forms on your WordPress site, including the comments section. This will reduce comment spam considerably, and the process of implementing the measures is going to be a rather simple one.
This is a great way to eliminate a great deal of WordPress spam comments with zero investments and a very simple and quick setup process.
2. Really Simple CAPTCHA
- Rating: 4.2
- Active installations: 500,000+
Another very popular CAPTCHA plugin, this one has the special characteristic of not being designed to work on its own. It was originally designed to work with Contact Form 7, but it can now work with a multitude of other plugins.
It is not like other CAPTCHA plugins, as it is not designed to use PHP sessions for storing states, but it instead creates temporary files: one is an image for the CAPTCHA challenge, and the other is a text document where the solution is stored. That way, it allows you to embed the CAPTCHA into WordPress smoothly, without fear of any conflicts.
3. reCaptcha by BestWebSoft
- Rating: 4.0
- Active installations: 200,000+
An effective plugin for filtering out comment spam by implementing reCAPTCHA, this BestWebSoft plugin is a very powerful tool to keep Comment spam to a minimum on your WordPress site.
It comes with additional features like the possibility to implement invisible CAPTCHA and a user-friendly dashboard. This will make the setup seamless and effortless.
Another great way to reduce WordPress spam comments is to simply outsource your comment forms. Using a third-party comment system, you will go around the native comments in WordPress. That way, you basically externalize every aspect of your comments section and you could reduce, at least to a certain extent the WordPress comment spam problem.
Hosting your comments section on a different server can have a couple of different positive effects on your website. There are several different services you can choose from. Here are some of the best.
With a 99% success rate in preventing spam comments from being posted on your website, Disqus is clearly one of the top choices for outsourcing comments. It takes care of pretty much all comment moderation without any input from your end.
While it is definitely a very effective tool against spam bots and a good way to stop WordPress comment spam, it also comes with some drawbacks. For example, it comes with its own ads, which can possibly hurt your page loading times and site credibility.
2. IntenseDebate
Another top choice for WordPress website owners who want to keep spam bots away without the need to disable comments completely, IntenseDebate comes with a great deal of features to help you. IntenseDebate has its own anti-spam filters and tons of security features to prevent every single spam comment.
The user rating for the WordPress plugin is not exactly high, which means that many users have had some trouble either setting up the service or a less-than-perfect experience with it in the long run.
With Facebook comments, you can take advantage of more benefits than just preventing most spam bots from doing any damage. Since Facebook requires users to be logged in to be able to comment, you will have a lot fewer anonymous comments, which automatically reduces the number of trolls you will get to deal with.
Among the possible negatives, we should mention that it can slow your pages to a certain extent, it will provide no backup options, and it will make it impossible for people who don’t have a Facebook account to comment on your posts.
A WAF, or web application firewall is a layer 7 defense protocol that filters and monitors HTTP traffic between a web application and the internet. It, therefore, protects web applications from different types of attacks and possible threats like:
- File inclusion
- SQL injection
- Cross-site forgery
- Cross-site scripting (XSS)
A WAF will basically shield your WordPress site and your WordPress host against a huge variety of possible threats, and will simply filter out bad proxy traffic and spam bots.
With pretty much any spam comment being made by bots, you can seriously reduce the amount of comment spam you get by keeping bots from visiting your site altogether. This can be a great solution if you don’t want to disable comments altogether.
There are several services you can choose for WAF, but two of the best and most popular are Sucuri and Cloudflare. They both offer a high level of protection against security threats and rather simple setup processes.
FAQ
Every spam comment ever made has always had a single purpose: to get a link posted online. Whether that is for malicious purposes like stealing data from the people who click it or simply as an SEO backlink strategy is irrelevant. This process of posting links in the comments sections of WordPress websites is generally automated and almost completely performed by spambots.
Does WordPress Have a Spam Blocker?
WordPress has a couple of native options that can be used for blocking spam comments to a certain extent. It allows you to create a keyword blacklist, to limit the number of links comments can contain, or even to disable comments completely.
Moreover, it even comes with a spam prevention plugin preinstalled. Akismet spam protection is a great solution and works great as a prevention tool.
Absolutely. Spam comments can have a negative impact on your search engine rankings because all crawlers will favor sites with as little spam as possible. A website with a lot of spam is generally not considered a safe online destination.
On top of this, real users will have a hard time reading through the comments section if they have to go through lots of spam to reach the thoughts of other genuine readers.
Conclusion
Staying on top of the comment spam issue is an absolute must for you as a website owner or administrator. Taking proactive measures against spam like using the right plugins or WAFs right from the start is going to keep your website clean and safe for your readers. Not only that, but you will also have a greater chance of outranking your competitors in search rankings.
You should constantly monitor your comments section on the website and adjust your settings or the services you use as your blog or website grows in popularity.