Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
Recommended
WordPress Plugins
View all Guides

12 Vital Tips and Tools to Combat Comment Spam in WordPress

Last updated on by
Follow WPBeginner on YouTube
12 Vital Tips and Tools to Combat Comment Spam in WordPress

Comment Spam is a big issue that you will face as your blog begins to gain popularity in the industry. You will see comments full of pornography, viagra, or other spammy links in massive counts. Also, you will see fake spammy sites making you think they are linking to your article by sending a trackback. In this article we share some of the most valuable tips, tools, tricks, and other WordPress plugins available for you to combat Comment Spam. If you don’t utilize the options we suggest, you will spend hours moderating the comments on your site.

1. Activate Akismet

Akismet - Combatting Spam

Akismet is one of the most valuable plugins for WordPress. You do not need to download it as it comes pre-installed with all WordPress installation. But you do need to activate it and get an API key. You can find out more about Akismet in our Akismet 101 Guide for WordPress Beginners. Without this, you have no chance against SPAM. Akismet does a great job in catching SPAM comments. Although sometimes good comments get filtered as SPAM, but you can always recover them by going through your SPAM comments regularly.

2. Nofollow Comment Links

One of the main reasons that motivates Spammers to make comments on your site is if you have Do-Follow links. They want to gain link juice from your website, but you can prevent that by simply nofollowing all comment links. By default WordPress adds an external nofollow attribute to all blog links, but sometimes users might take the route of making every link Dofollow in a quest to get more comments. Remember it is about quality not quantity. We recommend if you are using Dofollow get rid of that. If you do not have a plugin of that sort, then this step is not for you.

3. Blacklist Spammers

Blacklist Spammers

WordPress allows you to blacklist spammers by using their email addresses, URL, name, or even IP. All you need to do is type one of the information in the blacklist box under Settings ~ Discussion tab, and you will never see the comment again in moderation.

Sometimes you are not sure whether a person is a spammer, so you approve their comment. But you are not satisfied. There is a box which you can see right above the blacklist box called comment moderation. Just put the words, email, URL, name, or IP and this specific user’s comment will always be moderated by the administrator. Also as you see in the image above, there is a box that has the number 2. It is for the number of URLs in the comment allowed. If the number exceeds the value in that input box, then the comment will automatically be held for moderation. 2 is the default number, but you can change it to make it 1 or higher than 2 to fit your need.

Note: Choose your Blacklist wisely because every IP, word, or other value that you put in will be deleted instantly.

4. Add Captcha Verfication

Add Captcha Verification to WordPress

You can use a plugin called SI CAPTCHA for WordPress to display randomly generated images before the submit button on comments. Your users must enter the correct value on the image, to submit the comment which will eliminate SPAM significantly. But it will annoy your regular commentators as well because this is something that they have to enter each and everytime they comment. This method will significantly reduce your SPAM comments.

5. Defenio

Get Defensio

Defensio is like an automated bow and arrow that is bound to hit the bull’s eye everytime in your fight against spam. Defensio have your comment traffic route through it’s system where it analyzes each comment for the level of spam, and assigns a grade. If the grade is of an adequate value then the comment is published, if the comment seems suspicious it will be held for your review. Defensio provides you with good stats and gives you RSS Feed for both good and spam comments.

6. Simple Trackback Validation

Trackback Validation

Simple Trackback Validation Plugin for WordPress 2.x performs simple but very effective tests on all incoming trackbacks in order to stop trackback spam. When a trackback is received, this plugin checks if the IP address of the trackback sender is equal to the IP address of the webserver the trackback URL is referring to. This reveals almost every spam trackback (more than 99%) since spammers do usually use bots which are not running on the machine of their customers. It also retrieves the web page located at the URL included in the trackback. If the page doesn’t a link to your blog, the trackback is considered to be spam. Since most trackback spammers do not set up custom web pages linking to the blogs they attack, this simple test will quickly reveal illegitimate trackbacks. Also, bloggers can be stopped abusing trackback by sending trackbacks with their blog software or webservices without having a link to the post.

7. Completely Disable Trackbacks

A big portion of comment SPAM is trackbacks. For some blogs it is not even necessary to have trackbacks. You can choose to disable trackbacks on your entire blog, or in an individual post. This can prevent comment SPAM and it is very easy to do so.

Disable Trackback Globally

You can find the above option by visiting Settings ~ Discussion. This will turn off trackbacks for your entire site. But if you want to turn off trackbacks on specific posts, you will need to specify it either when writing a post, or edit a post and change this option.

Disable Trackback on Post

You will see the above option your posts page.

8. Less Annoying Version of Captcha?

Math Comment SPAM Protection

Yes as you can see we mentioned a Captcha option above, but here is another way of user validation. This method is less annoying for users and it is a good way to prevent SPAM. This is done by a plugin called Math Comment SPAM Protection. This plugin do require you to edit comments.php in order to install it. Read full installation details on official site.

9. Bad Behavior

Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site’s load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers. Bad Behavior also transcends other link spam solutions by working in a completely different, unique way. Instead of merely looking at the content of potential spam, Bad Behavior analyzes the delivery method as well as the software the spammer is using. In this way, Bad Behavior can stop spam attacks even when nobody has ever seen the particular spam before. Bad Behavior is designed to work alongside existing spam prevention services to increase their effectiveness and efficiency. Whenever possible, you should run it in combination with a more traditional spam prevention service. This plugin is recommended to be installed alongside with Akismet to produce the best result.

10. Close Comments on Older Posts

Sometimes it is wise to close comments on older posts. WordPress has this as a built-in feature where you can specify a number of days and WordPress will automatically close the comments on articles older than this many days. All you have to do is go to Settings ~ Discussion and check this box

Close Comments on WordPress

Just change the number of days to fit your needs and save changes.

11. CLOSE Comments or User Registration

Worst come worst, you can close comments for a short period of time. That will drive the spammers away from your website. If you are building a custom site using WordPress, you should have disabled comments long ago. All you have to do is go to Settings ~ Discussion

Disable Comments on WordPress

You can do this for a short period of time, a week or two, and then reopen it if it gets really bad, but it should not get that bad if you use the techniques mentioned above.

You can also make comments for registered users only by checking the box in your Settings ~ Discussion page.

Other Tips

One of the other ways that is not SPAM but it is frustrating is duplicate comments. Sometimes users post double comments, if you do not let them know that their comments are in the moderation que. Most themes already have this option by default, but if your theme does not, find the following line in your comments.php

<p>
<input name="submit" type="submit" tabindex="5" value="<?php _e("Say it!"); ?>" />
</p>

and replace it with:

<p>
<blockquote>
Comment moderation is in use. Please do not submit your comment twice — it will appear shortly.
</blockquote>
<input name="submit" type="submit" tabindex="5" value="<?php _e("Say it!"); ?>" />
</p>

Feel free to edit the styling and the text.

Frequently Asked Questions by Users

Why are they spamming me?

They want to get a better pagerank. They think that by spamming they can get more links and it will some how positively affect their pagerank. It is nothing personal against you for the most part, and many blogs face this issue, you are not the only one.

What happens to comments that are marked as “Spam”?

The comments that you mark as spam, are not displayed and are listed on a separate page when you have Akismet installed. You can delete Spammed comments in batch and/or recover good comments from the SPAM list.

Why is every comment going into the moderation queue?

Go to the Settings ~ Discussion panel and make sure that “An administrator must approve the comment” is unchecked. With that option selected, all comments are sent to the moderation queue to await approval. Make sure that Hold a comment in the queue if it contains more than x links is not blank and contains a number higher than zero.

We hope that these tools helped. What are some techniques that you use to fight spam on your blogs. If you have something that might help others, feel free to help fellow bloggers.


Editorial Staff at WPBeginner is a team of WordPress lovers led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »
  • Sophia

    Really a beginners guide. I have just started a blog and I was thinking how to stop spam commenting, I got your blog, Thanks.

  • Matyas

    I recieve happiness out of, produce I stumbled upon precisely what I used to be having a look for. You’ve broken my Five day lengthy search for! God Thank you guy. Employ a wonderful time. Cya

  • http://twitter.com/chefdenker Dennis

    I’m using antispam bee (http://antispambee.com/) – no more problems.
    I kicked off akismet, bad behaviour and all those stuff.

    • http://blog.quipsnquills.com/ MichaelM

      Followed your link to “antispambee” but comments to date indicate that the plugin has very little to offer in the way of documentation (and what little is offered is in German). Perhaps, as time passes and the contributor provides a bit of documentation in English to go along with the plugin, I’ll consider using it. For now I think I’ll just stick with Askimet.

      • http://www.wpbeginner.com Editorial Staff

        Akismet is a safer option because it powers all WordPress.com blogs and Automattic is a reliable company ;)

  • http://www.faqpal.com FAQPAL

    You could simply make text highlighting in the comments disabled. I know theres a piece of code that will do that.

    • http://www.scratch99.com/ Stephen Cronin

      That’ll only slow them down 10 seconds, they can just view the source…

      • http://www.wpbeginner.com Editorial Staff

        Some spammers might do that. Most spammers do this on a massive scale, so spending time on one site is not efficient ;)

  • http://www.lunarosa.net Rosie

    Apologies if this is the wrong place to post this but I’m new to wordpress blogging and am wondering of anyone can help me.

    The specific type of spam I always get is where the spammer repeats the exact wording of a previous comment but changes the email address and username and it’s the username that is hotlinked. What is the best way of combating this without loosing legitimate comments?

    Any advice would be greatly appreciated.

    • http://www.wpbeginner.com Editorial Staff

      If it is coming from the same IP, then ban their IP. Otherwise, you would have to manually delete that comment. Perhaps there is way to detect duplicate comment and set it to SPAM. We will do more research on it and write about it.

      • http://www.lunarosa.net Rosie

        Thanks, I appreciate the help:)

  • http://www.xaby.com Xaby

    Editorial Staff: “Using a dofollow is a great way to attract more commentators, but a lot of those are in for link juice rather than actually contributing to your blog. It is a pointless plugin, but surely many use it. People have different values, some like quantity whereas others like quality. We choose the latter. Turning off comments on old posts is a very common technique used by many top blogs. But turning off the comments can also solve problems with blogs that are receiving tons of spam. We have had clients with blogs receiving thousands of SPAM comments daily. Even though Akismet does a great job, but when the number gets high and frequent, a lot of comments bypass Akismet also good comments get filtered as SPAM in akismet.”

    I feel if someone can contribution regularly and constructively to a blog post, i’ll say “open the floodgates”.

    For e.g., if your blog is worthy of users coming in (and posting constructive comments), then its a compliment that someone is eyeing the link juice here. He/she can be converted into a regular commentor (which is recurring web traffic).

    For us, we are there to make constructive comments in web design related blogs and we do not just post a “well done” or “cool article” kind of comment just to have a link back. We highlight a dozen of quality blogs (like yours) and trust me, there isnt a lot out there. So what this means for users like us = become a loyal fan of your blog, follow your updates regularly and make constructive posts.

    And there have been a few occasions when we even signed up for membership at some of the blogs we commented at. :)

    my 2 cents.

    • http://www.wpbeginner.com Editorial Staff

      The sole reason why we allowed your comment was because it raises a good argument. You did not follow our Comment Policy which clearly states to use your name rather than your business name or keywords.

      That is one SPAM that bloggers get when you have dofollow links. SEO Companies have users commenting with different names and have same IPs, or they have the same guy changing names in the future as they get new projects. Most comments are like “very nice article”, “cool post” and others just to get backlinks. Then you will also get users commenting on your announcement post or contest posts that ended over two years ago saying “I wish I joined” … Simply to get a backlink.

      Users blogs are also targetted by more spammers who just want backlinks with those invaluable comments. While it is not fair for those who are actually making legit comments, it is the best way to prevent spam. One can honor their best commentators at the end of the month if they like in the post to give credit. There are alternatives to give thanks to your commentators and not invite SPAM.

  • http://www.strictlyonlinebiz.com/blog/ Udegbunam Chukwudi

    I manage a PR2 dofollow blog and yes in the begining it was all about the quantity of comments I could get but now I see the light and using a new comment policy, I’ve managed to focus only quality comments.

    I’ve had to close comments on a post about the Keywordluv plug-in as it was getting spammed a lot for backlinks.

    P.S: Dofollow or not, spammers will spam a blog.

  • http://ebiene.de Sergej Müller

    http://antispambee.com inclusive trackback validation.

  • http://www.twomilessolutions.com Jeff Miles

    I have found that WP-Spam Free works really well without adding a CAPTCHA image to posts. They also have a built in contact form which is pretty nice. I have installed it on all the sites that I have built with WordPress and so far it has worked really well.

  • http://www.lexiconn.com/blog/ Rob Mangiafico

    I like the plugin “Cookies for Comments”. Works wonders in conjunction with Akismet for stopping bot spam.

    Rob – LexiConn

  • http://www.scratch99.com/ Stephen Cronin

    For those people who currently have a dofollow blog, or used to have one, you may be interested in my Comment Warning plugin for WordPress. It displays a warning to visitors who arrive at your blog via a search for DoFollow (or CommentLuv or KeywordLuv) or from a DoFollow list.

    Couldn’t resist spamming you! :)

  • http://casanovawebdesign.com Adam Haney

    Simply turning off commenting isn’t exactly a solution for most people (unless you’re running a corporate blog). I use dofollow on on the comments on my blog, and I was having a problem with comment spam until I started using akismet, and it was all taken care of. For the most part with a little moderation comment spam can be prevented without captchas on a dofollow system.

    • http://www.wpbeginner.com Editorial Staff

      Using a dofollow is a great way to attract more commentators, but a lot of those are in for link juice rather than actually contributing to your blog. It is a pointless plugin, but surely many use it. People have different values, some like quantity whereas others like quality. We choose the latter. Turning off comments on old posts is a very common technique used by many top blogs. But turning off the comments can also solve problems with blogs that are receiving tons of spam. We have had clients with blogs receiving thousands of SPAM comments daily. Even though Akismet does a great job, but when the number gets high and frequent, a lot of comments bypass Akismet also good comments get filtered as SPAM in akismet.

      In your case, it might be true that Dofollow and Akismet give you a great combo. But we do not know the traffic stat of your site, so we cannot make any judgements. In our experience, as site gets more and more traffic, SPAM increases as well.

  • http://www.faqpal.com FAQPAL

    Goodpost, I find reCaptcha works great as well.

    • http://www.carrieactually.com Carrie

      i hate captcha. i always have to try again and again to get them right.