Spam: What You Need to Know to Protect Your WordPress Blog

Spam is a major irritant — whether it is arriving in your email inbox or plaguing your blog.

Unless you are the type of blogger who doesn’t solicit feedback via comments and trackbanks/pingbacks, you have to deal with it. But the question is, how? As spam bots (and human spammers) become more sophisticated, it is more and more difficult to keep your blog clean of irrelevant and inappropriate content.

With that in mind, today I want to take an in-depth look at the issue of spam on WordPress blogs, and how it can be managed and prevented.

What is Spam?

Almost everyone is familiar the concept of email spam. The dictionary simply defines it as “irrelevant or inappropriate messages sent on the Internet to a large number of users”. Sounds about right to me.

Blog spam is borne of the same family, but has its own unique aim — to get backlinks. Whether it is via a blog comment or a trackbank/pingback, the purpose of blog spam is to publish a link on your site that points back to another site. The site in question is usually completely irrelevant to your niche and typically poor quality.

WordPress bloggers have to deal with three different types of spam:

1. Spambot Comment Spam

These are comments posted automatically by bots that scour the web in search of targets. There is no direct human involvement in these comments, and they are usually pretty easy for the human eye to spot.

2. Manual Comment Spam

This is when humans are hired to manually post comments on sites. The quality of these comments can vary from blatantly obvious to debatable, which of course offers up a big headache for anyone trying to eradicate spam from their site.

3. Trackbank/Pingback Spam

As defined by Google, a trackback is “one of three types of linkback methods for website authors to request notification when somebody links to one of their documents”. For our purposes you can assume pingbacks to essentially be the same thing (although there are minor differences).

You will have probably seen trackbanks before — they exist as a list of links, typically within or below the comments section on a blog post. For a spammers’ purposes, the objective is simple — mention a blog post in their own post and get a link back.

How to Prevent Spam

So now you know what kind of spam you can expect on your WordPress blog, let’s get onto how you can go about preventing it.

First off, you should note that it is impossible to completely eradicate spam on your blog. I have yet to come across a perfect solution. However, there are effective ways and means of preventing spam to a large degree.


My first suggestion would be simply to remove trackbanks and pingbacks from your blog. They’re not really “in fashion” these days, they add clutter to your blog posts, and are of course a major spam target.

You can remove them by manually altering your theme files (if you know how to), or alternatively you can download a plugin like Hide Trackbacks. This will remove trackbanks from your front end but still allow you to see them on your WordPress dashboard. This is definitely handy — it is good to know who is linking to you.

Spambot Comment Spam

These days, automated spam can be rather effectively taken care of. There are multiple solutions, but the simple premise is that spambots are “tricked” into revealing their identity, and as such, can be flagged.

The best WordPress plugin I have found to eradicate automated spam is Growmap Anti Spambot Plugin. It adds a simple client-side checkbox that must be ticked in order for a comment to be submitted. According to the plugin’s developer, this box cannot be detected by spambots, and in my experience, it is 100% successful in preventing automated comment spam.

Unfortunately, Growmap does not offer trackbank spam protection, so if you do want to keep trackbanks on your site, you will have to consider alternative options.

There are other plugins of a similar nature to Growmap (such as BotBlocker) but I consider it to be the best of its kind.

Manual Comment Spam

Manual comment spam is where things start to get tricky.

If at all possible I would recommend that you stick with an automated spam prevention solution such as Growmap, because as soon as you allow a plugin to moderate both automated and human spam, you will find that genuine comments do occasionally get flagged. If you get the occasional human spam comment, I would recommend that you just stick to moderating them manually.

However, there may well come a point where you feel that you have no other choice but to implement a “catch-all” spam solution. Under such circumstances my recommendation is Akismet. This plugin comes installed as default on WordPress blogs, and is free to use for personal bloggers. For commercial blogs, a monthly subscription will set you back $5 per month, with enterprise solutions available at $50 per month.

In using a plugin like Akismet, you have to accept that some legitimate comments will be flagged as spam. It’s simply a cost of blogging — there will be collateral damage. The issue is mainly with human spammers. One person’s spam is another person’s legitimate comment, so if humans can’t agree 100% of the time, what chance does a plugin have?

However, for most part, Akismet does a great job. It keeps an enormous amount of spam at bay on my blog, with only the occasional legitimate comment being caught out. Furthermore, it takes care of trackback spam too.

Alternative Solutions

There are a lot of antispam plugins out there, and I have tried quite a few. I have made my main recommendations above, but if you want to explore the best alternative solutions, check these three options out:

Wrapping Up

If you are a personal blogger or can stomach the cost, I consider Akismet to be the best antispam solution available. However, you should only implement it as a “last resort”, if you are being overrun by human spammers.

If you can get away with it, a spambot solution like Growmap gives you the best of both worlds — near-perfect spam protection without legitimate comments getting caught in the crossfire.

Tom Ewer
Post Author: Tom Ewer

Tom Ewer is a professional blogger, longtime WordPress enthusiast and the founder of WordCandy.

Disclosure: This page contains external affiliate links that may result in us receiving a comission if you choose to purchase said product. The opinions on this page are our own. We do not receive payment for positive reviews.
Got something to say? Join the discussion.
  1. Barış Ünver says:
    I used the "Cookies for Comments" plugin for a few years and never be bothered by spam in that time frame. (Then I switched to Disqus for an unrelated reason.) It comes with a different approach which doesn't bother legitimate commenters at all: It doesn't have anything to add to the comment form, it just checks if the visitor has the cookie it set when the page was loaded. You should check that out, too.
    • AJ Clarke | WPExplorer says:
      AJ Clarke | WPExplorer
      Oh yes, this is definitely a great option. For this specific post we wanted to target users who are taking advantage of the built-in comments functionality. For me personally I like having all the comments in my dashboard and the content on the site (for SEO). I'd be scared to see years worth of comments disappear if Disqus for some reason goes away. But yes, it's definitely a good option for some, as well as Facebook comments ;)
      • Barış Ünver says:
        I actually tried to praise the Cookies for Comments plugin :) As for Disqus; when I migrated to Disqus, I could also migrate all my existing comments into my Disqus account with the help of its official WP plugin. The plugin also synchronizes new comments made on Disqus with WordPress' native comments database, so you can continue using the regular WordPress Comments system with no casualties when you don't want to use Disqus anymore.
        • AJ Clarke | WPExplorer says:
          AJ Clarke | WPExplorer
          Oh wow, I really had no idea it would synchronize with the navive WP comments ;) That's pretty freaking cool. Thanks for sharing that info!
  2. veri nice this post,solutions presentend are excellent...
    • AJ Clarke | WPExplorer says:
      AJ Clarke | WPExplorer
      Thank's for stopping by Bucur ;) I like the changes you've made to the Pytheas theme on your site!
  3. Great Article! I have used WP-reCAPTCHA and it stops some but not all. I'll give the others a try and see how they work. Love the new articles. :)
  4. Luis Alejandre says:
    Thank you very much Tom for this post. I was beginnig to get a lot of spam in the comments for my new site. I´ve already installed the Growmap plugin and I believe it will save me a lot of trouble!
  5. I use Disqus which uses Akismet on the Disqus servers not mine so all the spam posts are stored on there system. This means my server doesn't get filled with loads of comments in the spam folder.
    • Tom Ewer says:
      Tom Ewer
      Hi Paul, I tried Livefyre once but just didn't get along with it. I like being able to moderate and edit comments from within my WordPress backend, and I also like the minimalist design of the standard comments system. Cheers, Tom
  6. nice post plz share tips to secure disk data

Leave a Reply