Skip to main content
WordPress made easy with the drag & drop Total WordPress Theme!Learn More

How to Prevent Spam and Protect Your WordPress Blog

December 26, 2017
How to Prevent Spam and Protect Your WordPress Blog

Your comments section gives you a convenient way to engage with your website’s readers. Unfortunately, opening your website up to comments means you will have to deal with spam. Unless you are the type of blogger who doesn’t solicit feedback via comments and trackbacks/pingbacks, you will have to deal with it at some point or another.

But the question is, how? As spam bots (and human spammers) become more sophisticated, it is more and more difficult to keep your blog clean of irrelevant and inappropriate content.

Luckily, WordPress comes with built-in features and free add-ons to help control and combat spam, including Akismet and comment blacklists. Even better, there are many third-party plugins available to provide additional spam protection.

In this post we will take an in-depth look at the issue of spam on WordPress blogs, the negative impact it can have on your site if left unchecked and how it can be managed and prevented. We’ll also take a look at the tools available in WordPress to combat this problem. Finally, we’ll finish up with some plugin recommendations to take your spam moderation to the next level. Let’s dive in!

What WordPress Comment Spam Is

Screenshot of spam comments

Automated spam comments like these can overrun your WordPress database.

It can be exhilarating when new comments show up on your blog. However, that first blush of excitement often disappears when you see inappropriate replies to your content. These replies, of course, are also known as spam. The dictionary simply defines it as “irrelevant or inappropriate messages sent on the Internet to a large number of users“. Sounds about right to me.

Blog spam is born of the same family as the oh so familiar email spam, but has its own unique aim – to get backlinks. Whether it is via a blog comment, trackback or pingback, the purpose of blog spam is to publish a link on your site that points back to another site. The site in question is typically irrelevant to your niche and often poor quality.

These unsolicited messages is a fact of life if you allow commenting on your posts. Fortunately, identifying it is relatively simple, since it usually takes one of three primary forms.

1. Spambots

These are comments are posted automatically using a script or bot that scour the web in search of targets to flood with comment junk. There is no direct human involvement in these comments, and they are usually pretty easy for the human eye to spot. Spambots are probably the biggest culprits of irrelevant comments.

2. Manual Comments

This is when humans are hired to manually post comments on sites. The quality of these comments can vary from blatantly obvious to debatable, which of course offers up a big headache for anyone trying to eradicate spam from their site. These will almost always include links in the comments, and can be a bit sneakier than bots (we’ve seen comments with questionable links added to blank spaces in the comment text).

3. Trackbacks & Pingbacks

As defined by Google, a trackback is “one of three types of linkback methods for website authors to request notification when somebody links to one of their documents”. For our purposes you can assume pingbacks to be essentially the same thing. You will have probably seen trackbacks before. They exist as a list of links, typically within or below the comments section on a blog post. For a spammers’ purposes, the objective is simple – mention a blog post in their own post and get a link back.

Each of these spam types is problematic, and you’ll often receive more than just one category. Together, they can clog up your comments section and cause all kinds of issues.

How Comment Spam Affects Your WordPress Site

Trackback spam

Spammers use trackbacks to create links back to irrelevant sites.

You may consider spam to be nothing more than an annoyance. However, if left unchecked, it can have negative consequences for your website. In addition to providing a poor user experience for your readers, comment spam can harm your site in many ways, causing:

  • Loss of search engine rankings. Google targets bad links on your site for ranking purposes, even in the comments.
  • Potential risks to your readers. The links in spam comments can lead to malicious sites.
  • Site speed and load time issues. Too many comments can overload your WordPress database and slow down your site.

Every blog that enables commenting is vulnerable to spam. Having a plan of action for reducing and combating it is the only way to protect your site and your readers.

How to Combat WordPress Comment Spam

While comment spam is unavoidable, there is good news. You can combat this blight by moderating your comments and utilizing WordPress’ built-in tools.

First, make sure that you have turned on comment moderation. Doing so enables you to approve any comment before it posts to your site. If you don’t have time to review every single comment, you can set parameters based on several factors. For example, you can:

Don’t forget the biggest weapon in your default arsenal: plugins. There are tons of great free and open source plugins you can add to your WordPress installation to check comments and filter out anything that looks like spam.

The Best Anti-Spam Plugins to Reduce Comment Spam on Your WordPress Site

One of the best things about using WordPress is how easy it is to customize. When it comes to blog comments, you can use plugins shore up your security. Here are three plugins to help you take control of your comment spam.

1. Akismet

Akismet plugin

How could we not mention Akismet? This plugin comes installed by default on WordPress blogs, and is free to use for personal bloggers (with a commercial monthly subscription set at $5 per month, and enterprise solutions available at $50 per month).

In using a “catch-all” spam solution like Akismet, you have to accept that some legitimate comments may get flagged as spam. It’s simply a cost of blogging and using an automated spam blocker. The issue is mainly stems from human spammers. One person’s spam is another person’s legitimate comment, so if humans can’t agree 100% of the time, what chance does a plugin have?

However, for most part, Akismet does a great job. It keeps an enormous amount of spam at bay on my blog, with only the occasional legitimate comment being caught out. Furthermore, it takes care of trackback spam too – a huge bonus.

Key Features:

  • Blocks comment and trackback spam.
  • Automatically checks all comments.
  • Comment history so you can check which comments were blocked by the plugin or by moderators.
  • Includes a “Discard” settings to auto-block the worst spam.

Price: Akismet is a free plugin, and may already be installed on your blog.

Get Akismet

2. WP-SpamShield

WP-Spamshield plugin

This plugin uses the ‘honey pot’ technique to trap bots invisibly. Humans won’t see captchas, but bots will, and they will then be trapped as spam. WP-SpamShield acts as a firewall to block both automated and targeted spam. Since it blocks these comments before they reach your database, you never have to worry about them slowing down your site.

Key Features:

  • Blocks trackback and pingback spam.
  • Prevents spam at the front of the site, so it never hits the WordPress database.
  • Works with all major form builder tools.

Price: WP-SpamShield is a free plugin.

Get WP-SpamShield

3. Anti-spam

Anti-spam plugin

Anti-spam uses invisible captchas to block all spambots from your comments. The pro version also blocks manually submitted spam. While this plugin does a great job of stopping unwanted comments, however, it doesn’t protect other types of forms on your site. This means you might want to use this plugin with something else to get extra form protection. However, it’s still an excellent lightweight option.

Looking for more protection options? Anti-Spam Pro includes added settings for manual spam protection so you can further by automatically preventing comments that rank high on a spam points scale (with more than a set number of links, words or flagged spam words).

Key Features:

  • Blocks trackbacks by default.
  • Prevents automatic spam from ever getting to your WordPress database.
  • Pro version blocks manual spam.

Price: Anti-Spam is free, and the pro version available for $25.

Get Anti-Spam by Webvitaly

4. WPBruiser

WPBruiser plugin

WPBruiser promises to work from the second you install it. This plugin combines brute force attack protection with comment spam blocking. You can use it to protect all of your forms, and your readers will never have to use a captcha. Overall, it’s a comprehensive and user-friendly option.

Key Features:

  • Includes brute force attack protection.
  • Enables you to block malicious IP addresses.
  • Is compatible with WordPress Multisite.
  • Offers extensions that work with all major form tools.

Price: WPBruiser is a free plugin with optional extensions.

Get WPBruiser

5. Hide Trackbacks

This last plugin is very straightforward as it simply does what the title states – hides trackbacks. While you can disable trackbacks completely, there is value in simply hiding them if you want to keep track of who is linking to you. This plugin removes trackbacks from your front end but still allows you to see them on your WordPress dashboard.

Price: Hide Trackbacks is completely free.

Get Hide Trackbacks

Conclusion

Comment spam is a simple fact of life on the internet, unless you plan to disable comments altogether. Safeguarding your site against inappropriate comments is crucial for its overall health and performance. By removing spam comments, you can keep your database clear, maintain a solid user experience, and improve engagement.

Do you have any questions about how to manage spam on your WordPress site? Or tips to add to the list? Let us know in the comments section below!

prevent-wordpress-spam
Article by Tom Ewer WPExplorer Author
Published on: 11/01/2012
Last updated on: December 26, 2017
Subscribe to the Newsletter

Get our latest news, tutorials, guides, tips & deals delivered to your inbox.

14 Comments

  1. Barış Ünver says:

    I used the “Cookies for Comments” plugin for a few years and never be bothered by spam in that time frame. (Then I switched to Disqus for an unrelated reason.) It comes with a different approach which doesn’t bother legitimate commenters at all: It doesn’t have anything to add to the comment form, it just checks if the visitor has the cookie it set when the page was loaded. You should check that out, too.

    • AJ Clarke | WPExplorer says:

      Oh yes, this is definitely a great option. For this specific post we wanted to target users who are taking advantage of the built-in comments functionality. For me personally I like having all the comments in my dashboard and the content on the site (for SEO). I’d be scared to see years worth of comments disappear if Disqus for some reason goes away.

      But yes, it’s definitely a good option for some, as well as Facebook comments 😉

      • Barış Ünver says:

        I actually tried to praise the Cookies for Comments plugin 🙂

        As for Disqus; when I migrated to Disqus, I could also migrate all my existing comments into my Disqus account with the help of its official WP plugin. The plugin also synchronizes new comments made on Disqus with WordPress’ native comments database, so you can continue using the regular WordPress Comments system with no casualties when you don’t want to use Disqus anymore.

        • AJ Clarke | WPExplorer says:

          Oh wow, I really had no idea it would synchronize with the navive WP comments 😉 That’s pretty freaking cool. Thanks for sharing that info!

  2. Bucur says:

    veri nice this post,solutions presentend are excellent…

    • AJ Clarke | WPExplorer says:

      Thank’s for stopping by Bucur 😉 I like the changes you’ve made to the Pytheas theme on your site!

  3. Ben says:

    Great Article! I have used WP-reCAPTCHA and it stops some but not all. I’ll give the others a try and see how they work. Love the new articles. 🙂

  4. Luis Alejandre says:

    Thank you very much Tom for this post. I was beginnig to get a lot of spam in the comments for my new site. I´ve already installed the Growmap plugin and I believe it will save me a lot of trouble!

  5. Paul says:

    I use Disqus which uses Akismet on the Disqus servers not mine so all the spam posts are stored on there system. This means my server doesn’t get filled with loads of comments in the spam folder.

    • Tom Ewer says:

      Hi Paul,

      I tried Livefyre once but just didn’t get along with it. I like being able to moderate and edit comments from within my WordPress backend, and I also like the minimalist design of the standard comments system.

      Cheers,

      Tom

  6. Madiha says:

    nice post plz share tips to secure disk data

  7. Nico Puno says:

    Hey there, Paul! It would have been nice if you included some examples of spam comments as there are others who couldn’t easily identify what a spam comment looks like. But it’s really safer to just use an anti-spam. Haha. Anyway, thanks for sharing this post! Such a great help!

Leave a Reply

Your email address will not be published. Required fields are marked *

Learn how your comment data is processed by viewing our privacy policy here.