How to Prevent Spam and Protect Your WordPress Blog
Your comments section gives you a convenient way to engage with your website’s readers. Unfortunately, opening your website up to comments means you will have to deal with spam. Unless you are the type of blogger who doesn’t solicit feedback via comments and trackbacks/pingbacks, you will have to deal with it at some point or another.
But the question is, how? As spam bots (and human spammers) become more sophisticated, it is more and more difficult to keep your blog clean of irrelevant and inappropriate content.
Luckily, WordPress comes with built-in features and free add-ons to help control and combat spam, including Akismet and comment blacklists. Even better, there are many third-party plugins available to provide additional spam protection.
In this post we will take an in-depth look at the issue of spam on WordPress blogs, the negative impact it can have on your site if left unchecked and how it can be managed and prevented. We’ll also take a look at the tools available in WordPress to combat this problem. Finally, we’ll finish up with some plugin recommendations to take your spam moderation to the next level. Let’s dive in!
What WordPress Comment Spam Is
It can be exhilarating when new comments show up on your blog. However, that first blush of excitement often disappears when you see inappropriate replies to your content. These replies, of course, are also known as spam. The dictionary simply defines it as “irrelevant or inappropriate messages sent on the Internet to a large number of users“. Sounds about right to me.
Blog spam is born of the same family as the oh so familiar email spam, but has its own unique aim – to get backlinks. Whether it is via a blog comment, trackback or pingback, the purpose of blog spam is to publish a link on your site that points back to another site. The site in question is typically irrelevant to your niche and often poor quality.
These unsolicited messages is a fact of life if you allow commenting on your posts. Fortunately, identifying it is relatively simple, since it usually takes one of three primary forms.
These are comments are posted automatically using a script or bot that scour the web in search of targets to flood with comment junk. There is no direct human involvement in these comments, and they are usually pretty easy for the human eye to spot. Spambots are probably the biggest culprits of irrelevant comments.
2. Manual Comments
This is when humans are hired to manually post comments on sites. The quality of these comments can vary from blatantly obvious to debatable, which of course offers up a big headache for anyone trying to eradicate spam from their site. These will almost always include links in the comments, and can be a bit sneakier than bots (we’ve seen comments with questionable links added to blank spaces in the comment text).
3. Trackbacks & Pingbacks
As defined by Google, a trackback is “one of three types of linkback methods for website authors to request notification when somebody links to one of their documents”. For our purposes you can assume pingbacks to be essentially the same thing. You will have probably seen trackbacks before. They exist as a list of links, typically within or below the comments section on a blog post. For a spammers’ purposes, the objective is simple – mention a blog post in their own post and get a link back.
Each of these spam types is problematic, and you’ll often receive more than just one category. Together, they can clog up your comments section and cause all kinds of issues.
How Comment Spam Affects Your WordPress Site
You may consider spam to be nothing more than an annoyance. However, if left unchecked, it can have negative consequences for your website. In addition to providing a poor user experience for your readers, comment spam can harm your site in many ways, causing:
- Loss of search engine rankings. Google targets bad links on your site for ranking purposes, even in the comments.
- Potential risks to your readers. The links in spam comments can lead to malicious sites.
- Site speed and load time issues. Too many comments can overload your WordPress database and slow down your site.
Every blog that enables commenting is vulnerable to spam. Having a plan of action for reducing and combating it is the only way to protect your site and your readers.
How to Combat WordPress Comment Spam
While comment spam is unavoidable, there is good news. You can combat this blight by moderating your comments and utilizing WordPress’ built-in tools.
First, make sure that you have turned on comment moderation. Doing so enables you to approve any comment before it posts to your site. If you don’t have time to review every single comment, you can set parameters based on several factors. For example, under Settings > Discussion you can:
- Flag a comment as spam based on the number of links it has.
- Blacklist commenters in reaction to previous spam.
- Disable trackbacks and pingbacks.
- Only allow registered users to post comments.
Don’t forget the biggest weapon in your default arsenal: plugins. There are tons of great free and open source plugins you can add to your WordPress installation to check comments and filter out anything that looks like spam.
Reduce Comment Spam on Your WordPress Site with a Plugin
One of the best things about using WordPress is how easy it is to customize. When it comes to blog comments, you can use antispam WordPress plugins shore up your security. Here are three plugins to help you take control of your comment spam.
How could we not mention Akismet? This plugin comes installed by default on WordPress blogs, and is free to use for personal bloggers (with a commercial monthly subscription set at $8.33 per month (with an annual plan), and enterprise solutions available at just over $41 per month).
In using a “catch-all” spam solution like Akismet, you have to accept that some legitimate comments may get flagged as spam. It’s simply a cost of blogging and using an automated spam blocker. The issue is mainly stems from human spammers. One person’s spam is another person’s legitimate comment, so if humans can’t agree 100% of the time, what chance does a plugin have?
However, for most part, Akismet does a great job. It keeps an enormous amount of spam at bay on my blog, with only the occasional legitimate comment being caught out. Furthermore, it takes care of trackback spam too – a huge bonus.
- Blocks comment and trackback spam.
- Automatically checks all comments.
- Comment history so you can check which comments were blocked by the plugin or by moderators.
- Includes a “Discard” settings to auto-block the worst spam.
Price: Akismet is a free plugin, and may already be installed on your blog.
2. Antispam Bee
This plugin uses the ‘honey pot’ technique to trap bots invisibly. Humans won’t see captchas, but bots will, and they will then be trapped as spam. Antispam Bee acts as a firewall to block both automated and targeted spam. Since it blocks these comments before they reach your database, you never have to worry about them slowing down your site.
- Blocks trackback and pingback spam.
- Prevents spam at the front of the site, so it never hits the WordPress database.
- Works with all major form builder tools.
Price: Antispam Bee is a free plugin.
3. Titan Anti-spam
Anti-spam uses invisible captchas to block all spambots from your comments. The pro version also blocks manually submitted spam. While this plugin does a great job of stopping unwanted comments, however, it doesn’t protect other types of forms on your site. This means you might want to use this plugin with something else to get extra form protection. However, it’s still an excellent lightweight option.
Looking for more protection options? Anti-Spam Pro includes added settings for manual spam protection so you can further by automatically preventing comments that rank high on a spam points scale (with more than a set number of links, words or flagged spam words).
- Blocks trackbacks by default.
- Prevents automatic spam from ever getting to your WordPress database.
- Pro version blocks manual spam.
Price: Anti-Spam is free, and the pro version available for $25.
WPBruiser promises to work from the second you install it. This plugin combines brute force attack protection with comment spam blocking. You can use it to protect all of your forms, and your readers will never have to use a captcha. Overall, it’s a comprehensive and user-friendly option.
- Includes brute force attack protection.
- Enables you to block malicious IP addresses.
- Is compatible with WordPress Multisite.
- Offers extensions that work with all major form tools.
Price: WPBruiser is a free plugin with optional extensions.
5. Hide Trackbacks
This last plugin is very straightforward as it simply does what the title states – hides trackbacks. While you can disable trackbacks completely, there is value in simply hiding them if you want to keep track of who is linking to you. This plugin removes trackbacks from your front end but still allows you to see them on your WordPress dashboard.
Price: Hide Trackbacks is completely free.
6. Forget Spam Comment
Forget Spam Comment is a fast and GDPR compliant anti-spam plugin for WordPress comments. It works without affecting user-experience and does all its magic with about 217 bytes of JS. There is no chance of false-positive comment to be moderated. It’s a great time saver for busy site admin which allow focusing on growing business instead of dealing with spam comment even after having Anti-Spam plugin. No settings. No sign up requires. No captcha for visitors. No nagging or advertisement or upsell. It simply allows humans to comment, not bots.
Price: Forget Spam Comment is completely free.
Comment spam is a simple fact of life on the internet, unless you plan to disable comments altogether. Safeguarding your site against inappropriate comments is crucial for its overall health and performance. By removing spam comments, you can keep your database clear, maintain a solid user experience, and improve engagement.
Do you have any questions about how to manage spam on your WordPress site? Or tips to add to the list? Let us know in the comments section below!
I used the “Cookies for Comments” plugin for a few years and never be bothered by spam in that time frame. (Then I switched to Disqus for an unrelated reason.) It comes with a different approach which doesn’t bother legitimate commenters at all: It doesn’t have anything to add to the comment form, it just checks if the visitor has the cookie it set when the page was loaded. You should check that out, too.
Oh yes, this is definitely a great option. For this specific post we wanted to target users who are taking advantage of the built-in comments functionality. For me personally I like having all the comments in my dashboard and the content on the site (for SEO). I’d be scared to see years worth of comments disappear if Disqus for some reason goes away.
But yes, it’s definitely a good option for some, as well as Facebook comments 😉
I actually tried to praise the Cookies for Comments plugin 🙂
As for Disqus; when I migrated to Disqus, I could also migrate all my existing comments into my Disqus account with the help of its official WP plugin. The plugin also synchronizes new comments made on Disqus with WordPress’ native comments database, so you can continue using the regular WordPress Comments system with no casualties when you don’t want to use Disqus anymore.
Oh wow, I really had no idea it would synchronize with the navive WP comments 😉 That’s pretty freaking cool. Thanks for sharing that info!
I used Akismet and Captcha to reduce spam on my website but that didn’t really help stop these spam.
I combined Akismet and Captcha + blacklisted words, so comments with blacklisted words goes to the trash folder on my website Ncsarena.
So now I want comments with blacklisted words not to be able to submit the comments at all, that is to say the comments shouldn’t even make their way to my trash folder.
My understanding is that the comment form has to first be submitted for WordPress to then check for blacklisted words. I’m not aware of anyway to prevent a submission based on content.
But you can change the number of days until WordPress clears your trash cans – the default is 30 days, so if you change it to 1 it will clear itself every day. Just keep in mind that this does require a bit of code and it applies to ALL trash (for comments, posts, pages and any custom post types)
veri nice this post,solutions presentend are excellent…
Thank’s for stopping by Bucur 😉 I like the changes you’ve made to the Pytheas theme on your site!
Great Article! I have used WP-reCAPTCHA and it stops some but not all. I’ll give the others a try and see how they work. Love the new articles. 🙂
Glad you like the post Ben 🙂
Thank you very much Tom for this post. I was beginnig to get a lot of spam in the comments for my new site. I´ve already installed the Growmap plugin and I believe it will save me a lot of trouble!
No problem Luis 🙂
I use Disqus which uses Akismet on the Disqus servers not mine so all the spam posts are stored on there system. This means my server doesn’t get filled with loads of comments in the spam folder.
I tried Livefyre once but just didn’t get along with it. I like being able to moderate and edit comments from within my WordPress backend, and I also like the minimalist design of the standard comments system.
nice post plz share tips to secure disk data
Hey there, Paul! It would have been nice if you included some examples of spam comments as there are others who couldn’t easily identify what a spam comment looks like. But it’s really safer to just use an anti-spam. Haha. Anyway, thanks for sharing this post! Such a great help!
Thank you for explaining here how to prevent spam in my WordPress blog. This is fantastic content from you, and I hope that you’ll share more details about this soon. I think this information is not enough.
Hi! Nice article, thanks for sharing. I have used Akismat.