Stopping Comment Spam with WordPress

If you have a blog, you’re probably familiar with comment spam. Comment spam can damage your reputation and credibility with readers if you fail to address it. Luckily, WordPress offers several options for combating spam. Options to help you protect your site might be already ingrained in WordPress and/or plugins might be helpful.

What is Comment Spam?

Comment spam really gained traction when Google introduced Pagerank, a technology that used the content of the page being indexed as well as who linked to that page to determine relevant search results. It’s what made Google the mostly widely used search engine today.

However, this stimulated a phenomenon called “Google Bombing.” A google bomb is when a large number of different websites link to a page with the same link text to influence the ranking of that page for a search term. A spammer will leave hundreds of irrelevant comments on certain blogs and content in order to rank in a certain search page.

Block Spam Comments with WordPress’s Built-In Tools

Comment Blacklist

Within the Settings of your WordPress site, you’ll find a ‘Comment Blacklist.’ This is a list of words completely blacklisted from your blog. These blacklisted comments will be removed from your database with no notification and marked as [spam].

Remember that this will remove partial words as well. So if the blacklisted word is ‘verb,’ words like ‘adverb’ and ‘proverbial’ will be removed.

Remove Website URL Field from Comment Form

To stop spammers from embedding harmful URLs in your comments section, you’ll need to install and activate Disable / Hide Comment URL plugin. This plugin will remove comment author URL (website) field from your WordPress comment form. In order to remove author URL from comments template so that the author names are not linked to their websites, you’ll need to download the Disable Comment Author Links plugin.

Remove Comment Options from Media Attachments

If you are linking images to the automatically downloaded attachment page, you’ll end up with a lot of attachment pages with comments enabled. If you’d rather have users comment on posts instead of attached images, you should download the Disable Comments plugin.

Disable Trackbacks

In order to disable spammers from sending thousands of fake trackbacks and pings, you’ll want to disable them in your WordPress settings. Go to Settings » Discussion page and then uncheck the box next to ‘Allow link notifications from other blogs (pingbacks and trackbacks) on new articles’ option.

Disable Comments

To completely stop spammers in their tracks, disable comments altogether. To do this, go to Settings » Discussion » check/uncheck the box next to “Allow people to post comments on new articles,” and then click “Save Settings.”

Best Plugins to Block Spam Comment

There are several ways to block spam in the WordPress comments. These WordPress plugins offer different option including installable plugins and out-of-the-box solutions.

Akismet

Every WordPress plugin comes with a version of Akismet. Akismet is a comment spam filtering service. Akismet catches blog comment and pingback spam using specific algorithms created by Automattic. Comment moderation is a time consuming and Akismet makes it automated. Akismet will catch spam comments before it lands in your moderation queue as pending.

Price: Free for Personal Plans, $5 for Professional Plans, and $50 for Enterprise

Pros: Out-of-the-box solution, automated algorithms will save you from moderation comments manually, integrates with the Jetpack and Contact Form 7 plugin

Cons: Can sometimes mark legitimate comments as spam comments (false-positive)

Cookies for Comments

Cookies for Comments adds a stylesheet or image to your blog’s html source code. When a browser loads that stylesheet or image a cookie is dropped. If that user then leaves a comment the cookie is checked. If it doesn’t exist the comment is marked as spam.

Price: Free

Pros: Simple, effective solution. Multiple methods for checking for spam.

Cons: Might not integrate with existing plugins

WP Bruiser

WP Bruiser (formerly GoodBye Captcha) is an anti-spam and security plugin based on algorithms that identify spam bots without any annoying and hard to read captcha images.

Price: Free

Pros: Completely invisible to the end user, prevents the bots from leaving spam in the first place

Cons: False-positives are possible.

Google Captcha (reCAPTCHA)

Google Captcha (reCAPTCHA) plugin is an effective security solution that protects your WordPress website forms from spam entries while letting real people pass through with ease. It can be used for login, registration, password recovery, comments, popular contact forms, and other. Recaptcha shows an image containing characters, users need to type those characters to prove that they are human.

Price: Free

Pros: Can hide Google Captcha (reCAPTCHA) for whitelisted IP addresses, available for multiple languages

Cons: Not compatible with WooCommerce, additional step for the user (humans need to prove they are humans)

WordPress Spam Blocking Plugins Overview

A-Grade

Akismet shouldn’t be a decision you have to make. This plugin comes built-in to WordPress for a reason. Every WordPress user should activate it.

B-Grade

One thing to consider is if you are more worried about automatic spam bots or manually submitted spam comments. If you are most worried about manually submitted comments, you should not consider a plugin with reCAPTCHA. If manually submitted comments are a concern, consider Google Captcha (reCAPTCHA).

If manually submitted comments are not hugely concerning to you, consider using cookies, like Cookies for Comments. Plugins that use cookies to block spam do so by sending users a stylesheet or image file whenever they access a page with the comment form- automatic spam bots don’t have the time to download these forms.

C-grade

If you prefer spam comments to automatically go to the spam folder and simply never make it to your site at all, WP Bruiser is the best option. Unlike other anti-spam plugins, which detect spam comments and signups after the fact and move them to your spam folder, which you then have to delete – using up not only your website’s resources, but your time as well, WPBruiser prevents the bots from leaving spam in the first place.

Take Your Security To The Next Level With WP Engine

WP Engine’s security measures ensure website protection while running your website at peak performance. We do a lot behind the scenes to make sure your website is secure and safe. Automatic WordPress updates, limited disk writing capabilities and free Let’s Encrypt SSL Certificates are just some of the few things we do to keep your WordPress site safe. Learn more about our managed hosting plans!

Get started.

Build faster, protect your brand, and grow your business with a WordPress platform built to power remarkable online experiences.