How To Stop Spam Comments on Your WordPress Blog/Site

How To Stop Spam Comments on Your WordPress Blog

Anyone running a successful WordPress blog or site must have had issues with spam at some point.

For many years, spam comment notifications have been flooding admins’ inboxes all over the world.

Worse yet, measures taken to resolve the issue can often do more harm than good.

Restrictive discussion settings can prevent spam, but they can also choke the site’s traffic.

Therefore, WordPress users must find a way to manage comments without reducing engagement.

The answer, as usual, is in moderation.

Between an unrestricted spam-fest and fully curated content, there is a golden mean.

With that in mind, here are a few steps we can take toward finding the right balance.

Recognizing Spam Comments

Let’s take a moment to first define what qualifies a comment as spam.

This should give us a better understanding of how we can avoid it going forward.

Spam is known to come in many forms.

In a WordPress discussion, spam usually refers to a generic comment posted by a bot, including links to an advertiser.

Users can recognize and ignore this content, but it can still pose a threat.

Here’s a brief overview of the reasons why we all hate spam comments:

  • It irritates the website’s visitors. Comment sections riddled with spam make it difficult for actual users to engage in real discussions.
  • Some users will click on it. Spam URLs can lead to high-risk websites, which trick users into revealing sensitive information.
  • Someone has to delete it all. Sooner or later, an admin will need to remove all the queued spam content. Batch delete is always an option, but we do lose some legitimate comments this way.

With all that in mind, here are several ways of preventing spam comments.

Restrict User Comment Privilege

It would be a mistake to jump straight into choosing the right anti-spam plugins.

Extensive plugin support requires regular maintenance and uses up valuable server resources.

Instead, let’s try to handle spam within the default options that the platform offers.

In the WP Dashboard, under Settings/Discussion, we can see various criteria for comment management.

Here we’ll take a closer look at those that deal with spam.

Allow link notifications from other blogs (pingbacks and trackbacks) on new articles

This box is checked by default and enables trackbacks for the website as a whole.

We should consider disabling it if comment spam becomes an issue.

Still, it’s unlikely that this measure alone will be enough.

Allow people to post comments on new articles

Also checked by default, this box is the nuclear option in the battle against spam.

Is the issue serious enough that we’d consider disallowing all comments?

In recent years, some popular websites have given up on comments altogether.

Yet for the vast majority of us, user engagement is not optional.

Comment author must fill out the name and email

This one sounds great, but unfortunately, you can’t foil spam bots like that anymore.

Automated spam routines fill out forms using fake names and email addresses.

On the other hand, many legitimate users seem to favor the lazy login option.

Users must be registered and logged in to comment

This option works slightly better, but it may be too restrictive for popular websites.

Some potential commenters may not have a WP account.

Others might not want to go through the trouble of logging in just to engage with our content.

Automatically close comments on articles older than X days

A solid maintenance option, this one keeps bots from cluttering the comment sections of old articles.

Yet it does nothing to prevent bots from spamming our recently posted content.

(Email me whenever) A comment is held for moderation

If this box is checked, we’ll receive email notifications each time a comment is held up for moderation.

Depending on other settings, this might occur far too frequently to be manageable.

(Before a comment appears) The comment must be manually approved

Checked by default, this one prevents spam and all other comments from appearing automatically.

However, it creates massive moderation queues, which deter user engagement.

Spam still piles up, of course, so we’ll have to find another way to handle it.

(Before a comment appears) The author must have a previously approved comment

If we opt out of the manual approach, we can allow free posting for previously approved commenters.

While this helps the moderation issue, it does not fully resolve it.

Comment queues will keep growing, and legitimate new posters will occasionally end up blocked.

Hold a comment in the queue if it contains X or more links

Spambots riddle their comments with links.

This option filters out the worst offenders, but many will still find a way to squeeze through.

Again, you run the risk of filtering comments from real users containing legitimate URLs.

Comment Blacklist

This field allows us to create our own blacklists, containing text and IP addresses.

The system can filter out comments that include any of the entries on the list.

These aren’t just marked for moderation — they’re sent directly to trash.

On the one hand, this achieves our primary goal in fully filtering out spam.

On the other hand, you might accidentally blacklist legitimate user content and remain unaware of it.

Blacklists are efficient but can be difficult to manage regularly.

So how do we automatize blacklist creation and maintenance?

That’s what leads us to plugins.

Anti-Spam Plugin Solutions

Let’s say we’ve already tried all the available settings in the Dashboard.

Somehow, we’re still having trouble handling spam comments.

What would be the next step?

Arguably the strongest side of the WordPress CMS is its customization.

To resolve the spam issue, we can look for a plugin – and there’s plenty on offer.

1. Akismet

Shipped with each WP install, this plugin uses algorithmic spam detection and self-correction.

Akismet does such a good job that one might wonder why there are so many alternatives available.

We’ll consider some of these, but let’s first point out that Akismet uses the freemium model.

Up to 50,000 comment checks per month are free, enough for most individual users.

Larger entities will need an API key to go beyond this limit, and the price is quite reasonable.

2. CleanTalk

Highly recommended, this plugin utilizes cloud-based content analysis.

It can evaluate comments as well as registration forms.

Its free trial period is fairly short and followed by a yearly subscription.

3. WP SpamShield

Unlike the previous two plugins, SpamShield was open-source software until fairly recently.

Now offered at a substantial fee, it features two different layers of protection.

One blocks typical mass-generated spam content.

The other’s algorithms catch advanced spam content that makes it past the first layer.

4. WP Zero Spam

This plugin blocks spam bots by utilizing client- and server-side JavaScript validation.

The simplest of the four popular anti-spam plugins listed here, WP Zero Spam is entirely free of charge.

5. CAPTCHA, no CAPTCHA, or reCAPTCHA?

As a final consideration of anti-spam plugins, let’s look into the CAPTCHA issue.

For a time, CAPTCHA logins were the go-to method for keeping bots away from a website.

As machine learning advanced, CAPTCHA systems had to increase in complexity just to keep up.

Finally, after Google’s reCAPTCHA, they became too cumbersome for human users to deal with.

Today, most anti-spam plugins list “no captcha” as one of their features.

They offer alternative ways of detecting bots and don’t make us click the “Not-A-Robot” button.

But this trend, like so many others, leaves behind serviceable technology.

Research and user testimony shows that there’s still room for simple and effective methods for blocking spam.

New iterations of CAPTCHA protect from brute force attacks and form submission exploits.

For example, there’s WP Invisible reCaptcha.

It’d be a shame to ignore free software like this in favor of premium no-captcha solutions.

External Comment Platforms

If all else fails, we can always turn to a third-party comment system.

Cross-platform solutions such as Disqus or wpDiscuz have their own set of issues.

Against spam, though, they can work wonders. They simplify moderation and maintain logins across different domains.

This, in turn, facilitates content engagement.

Still, people who oppose social logins might feel less inclined to comment.

WP creators should feel free to experiment with external comment systems.

We can always track levels of user engagement before and after the change.

Once we find the option that suits our needs, we’ll stick with it, but until then, keep an open mind.

Summary

Comment spam is an easy issue to overlook, but it can adversely affect a WordPress website.

We should take the necessary steps to prevent it, or at least reduce the damage it does.

With a little effort, it’s not too difficult to develop effective anti-spam measures.

To keep spam from cluttering up our inbox and reducing our traffic, we can:

  • Take advantage of the in-built options for comment management.
  • Look for up-to-date blacklists of spam content to filter.
  • Try installing some of the many anti-spam plugins available.
  • Consider moving to a third-party comment system.