Are you getting tired of dealing with comment spam on your WordPress blog? Well, you are not alone.
Spam comments are a huge problem especially if you are not prepared to deal with them properly.
In this article, we’ll share the best WordPress comment spam plugins and helpful tips to combat spam comments in WordPress. These tips will save you a lot of time and will significantly eliminate comment spam from your website.
Why You Need to Deal with Comment Spam in WordPress?
The internet is full of spam bots that automatically spread links for nefarious websites in the form of comment spam. The purpose of these spam comments is to get ranked in search engines and also to get accidental clicks from unsuspecting visitors.
But not all comment spam is submitted by bots. There are actual human submitted spam comments as well. These off-topic and poorly written comments are harder to catch and often contain links to third-party websites.
If you are not monitoring your website and these comments get published, then both your actual users and search engines will be able to see them.
This affects your website’s reputation. Users would consider your website to be a low quality or spam website.
Search engines can also mark your website as unsafe if they found links to websites that distribute malware and viruses.
That being said, let’s see how you can combat comment spam effectively, so that you spend less time worrying about spam and more time on growing your online business.
1. Turn on Comment Moderation in WordPress
Let’s first make sure that no comment on your website is published without your approval. This step will ensure that comments don’t bypass any filters, and it will also give you full control on which comments appear on your website.
This solution is highly recommended for business websites such as law firms, accounting, etc.
Head over to the Settings » Discussion page inside WordPress admin area. Next, scroll down to the ‘Before a comment appears’ section and check the box next to ‘Comment must be manually approved’ option.
Don’t forget to click on the ‘Save changes’ button to store your settings.
All your WordPress comments will now be held for moderation and you will have to manually approve each comment before it appears on your website.
Now you may be wondering how would I go through all the comments? Well in the next few tips, we will show you how to eliminate spam comments so that you only have to go through genuine comments.
2. Activate Akismet Anti-spam Protection
Akismet is an anti-spam plugin that comes pre-installed with WordPress. It filters all WordPress comments on your website through their anti-spam database and catches the most common types of spam comments.
Akismet is available as a free plugin, but you’ll need to signup for their API key. You can get it free for a personal blog or a small website.
To set it up, see our guide on how to set up Akismet for beginners with step by step instructions.
3. Using Sucuri to Combat Spam Comments
While Akismet is able to catch a lot of spam comments, it cannot stop spammers from accessing your website. Too many requests from spammers to submit comments can slow down your website and affect performance.
This is where Sucuri comes in. It is the best WordPress firewall plugin that allows you to block suspicious requests before they even reach your website.
They can prevent automated bots and scripts from submitting comments. This reduces the load on your servers and the number of spam comments you receive.
4. Using Honeypot to Catch Spam Bots
Honeypot technology is an effective method to trick spambots into identifying themselves. Once they are identified their comments can be blocked.
First, you need to install and activate the Antispam Bee plugin. Upon activation simply go to Settings » Antispam Bee page and check the option to mark as spam for all honeypot caught comments.
Don’t forget to click on the save changes button to store your settings.
The plugin will now use the honeypot technique to catch the bad spam bots. It also has other antispam filter such as validate the IP address from your WordPress comment blacklist, look at bbcode, look in local spam database, and more.
5. Add Google reCAPTCHA Verification
Using reCAPTCHA in WP Comments plugin, you can enable Google reCAPTCHA challenge on your comment forms.
ReCAPTCHA is an advanced form of CAPTCHA, which is a technology used to differentiate between robots and human users. CAPTCHA is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”.
Google makes it easy for users to verify their identity by simply clicking on the checkbox button.
For spambots, this technology is quite hard to bypass because when Google detects a spam bot, it gives them a much harder challenge.
See our guide on how to how to add reCAPTCHA to WordPress comments.
Note: while most WordPress comment captcha plugins are annoying, this is the best form of CAPTCHA you can use.
6. Removing Website URL Field from Comment Form
The URL field in the comment form attracts not only spammers (both automated and human), but it also invites people who have absolutely no interest in the discussion at all.
These comments usually contain a line or two of irrelevant nonsense, and the comment author name will contain a keyword or a combination of a real name with keywords like Sally from Dunder Mifflin, or John @SEOconsultants, etc.
Simply add the following code to your WordPress theme’s functions.php file or a site-specific plugin.
function wpb_disable_comment_url($fields) {
unset($fields['url']);
return $fields;
}
add_filter('comment_form_default_fields','wpb_disable_comment_url');
This code simply filters the WordPress comment form fields and removes the website field from the form.
Note: you will need to login to your WordPress hosting via FTP to upload the code above.
7. Disable Comments on Media Attachments
WordPress automatically creates image attachment pages where users can see an image and even leave a comment on it.
If you are linking your images to the attachment page, then after a while you will have a lot of attachment pages with comments enabled on them.
If images are a central part of your content, then that’s fine. But if you don’t want users to comment on images, then you should turn off comments on media attachments.
The easiest way to do this is by installing the Disable Comments plugin. Upon activation, go to Settings » Disable Comments page and check the box next to ‘Media’ option.
Click on the save changes button to store your settings. The plugin will now disable comments on your WordPress media files and attachments.
8. Disable HTML in Comments
Another handy tip to discourage links in comments is disabling HTML in comments. HTML can be used to hide spam links in WordPress comments.
Simply add the following code to your theme’s functions.php file or a site-specific plugin.
function wpb_comment_post( $incoming_comment ) {
$incoming_comment['comment_content'] = htmlspecialchars($incoming_comment['comment_content']);
$incoming_comment['comment_content'] = str_replace( "'", ''', $incoming_comment['comment_content'] );
return( $incoming_comment );
}
function wpb_comment_display( $comment_to_display ) {
$comment_to_display = str_replace( ''', "'", $comment_to_display );
return $comment_to_display;
}
add_filter( 'preprocess_comment', 'wpb_comment_post', '', 1);
add_filter( 'comment_text', 'wpb_comment_display', '', 1);
add_filter( 'comment_text_rss', 'wpb_comment_display', '', 1);
add_filter( 'comment_excerpt', 'wpb_comment_display', '', 1);
remove_filter( 'comment_text', 'make_clickable', 9 );
This code changes HTML code into HTML entities which are displayed as the code and are not parsed by the browser.
9. Minimum and Maximum Comment Length
Another way to combat comment spam is by using Yoast Comment Hacks plugin to set a minimum and maximum comment length.
Recently we ran into a comment spam problem where a spammer was leaving hundreds of comments per hour with a single word: hello.
Akismet and Sucuri were not able to block this because the comment looked natural. Antispam bee honeypot slowed the spammer down, but it too wasn’t able to entirely block the attack.
We simply enabled the Yoast Comment Hacks plugin and set the minimum comment length. This forces the user to leave a more meaningful comment instead of just a one word message.
10. Disable Trackbacks in WordPress
A big portion of comment SPAM is trackbacks. For most blogs, it is not necessary to have trackbacks enabled. You can choose to disable trackbacks on your entire blog or in an individual post. This is an easy way to significantly reduce comment SPAM.
You can find the above option by visiting Settings » Discussion. This will turn off trackbacks for your entire site.
11. Turn off Comments on Old Posts
WordPress allows you to turn off comments on old posts. This particularly helpful for websites publishing content that is more timely like news or events websites.
Simply go to Settings » Discussion, under ‘Other comment settings’ you will see the option ‘Automatically close comments on articles older than’. Check the box next to this option and enter the number of days you want comments to be displayed on a post.
WordPress will now automatically close comments on posts older than the number of days you defined for this option. If you need, you can override comment deadline in WordPress for individual posts where you would like comments to remain open.
12. Switch Off Comments
In case you feel that you don’t need comments on your WordPress site, or comment moderation goes out of your hands, remember that you can always switch off comments in WordPress. All you have to do is go to Settings » Discussion and uncheck the box next to ‘Allow people to post comments on new articles’.
You can also make comments for registered users only by checking the box in your Settings » Discussion page. For more details, see our guide on how to completely disable comments in WordPress.
Frequently Asked Questions by Users
Why are they spamming me?
Spammers want to get better search rankings or lure unsuspecting visitors to dubious and malicious sites. They think that by spamming they can get more links, and it will somehow positively affect their search rankings.
In most cases, it is not a personal attack against you rather it’s a systematic process that targets many blogs.
What happens to comments that are marked as “Spam”?
The comments that you mark as spam, are not displayed on your website. You can delete Spammed comments in batch and/or recover good comments from the SPAM list.
Why is every comment going into the moderation queue?
You enabled the comment moderation as the first tip in this article. This gives you absolute control on any comment that gets published on your website.
We hope this article helped you find useful tips and tools to combat comment spam in WordPress. You may also want to see our guide on how to block contact form spam. Or, see our tutorials on how to grow your website traffic and convert users into subscribers by creating an email newsletter.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
I copied and pasted the url filter code into a site plugin, however, the website field still displays. Wondering if this could be caused by another plugin or if there is something missing.
You may want to try some of the other methods for removing it in our article below:
https://www.wpbeginner.com/plugins/how-to-remove-website-url-field-from-wordpress-comment-form/
Thanks for the article. Can you explain about the comment spam industry; who and why and where. Almost all of the spam comments on my website or innocuous comments about “you’ve done a great job here! I was just reading about this topic.” Two or three each day; always with different wording but similar grammar and syntax, etc.
It is mainly people attempting to get backlinks to different sites and when programs start marking them as spam they send those thanks messages to try to make the different spam checkers think they are not spammers when people approve those comments. There are tools out there to automate what they are doing so not all of the comments are manual.
Just a quick question. In item 8 Disable HTML your code snippet uses “wpb-” as its functions prefix. I am guessing that is your “WPBeginner” wordpress installation prefix. And that each user here should edit that to reflect their installations prefix. For a standard installation of WordPress that would be just “wp-“.
You would want that to be a unique identifier, we use wpb in ours and others can too, we would not recommend using wp in case there is a future update to WordPress with a similar function.
nice excellent thanks…
You’re welcome
Yesterday, my website was spammed with a “new service” that described some type of software or online service where by a person pays to spam websites via their “contact us” forms. Apparently this is the “new” and up and coming attack, because yesterday alone I received 56 of these on my site. When I received your newsletter today with this article highlighted–I dropped by wondering if you have a specific trick or tip to overcome this new “Contact Us” spam attack which is unfortunately so common right now?
For that, you would want to check with your comment plugin to see if they have honeypot or CAPTCHA/reCAPTCHA that you can add to your form.
It is really helpful.
On my new blog spamers are more active than real visitor. Some times it is difficult to distinguish between spam comment and real comment. At that time These plugins are very useful.
Glad our guide could be helpful
this article will help you to solve your problem of spam comments on your WordPress website. you can control that.
Thank you for sharing the good news in preventing this happen to every one who have accounts in social media or in the blogs that we are posted in this internet world. Many are spam that making the sites a game for them to make your works turn down. You did the great job and I am thankful reading this article.
this post has been helpful and validation of some of the things I am doing right now. Thanks. I am facing some issue with my comment captcha, maybe you can help me. I am not using any plugin for captcha. Only JetPack and Akismet, and they both are doing a great job to block spam. The captcha for comments is proving to be a headache. It is a math kind and most of the people have complained about it not functioning well. I have not been able to replicate the issue. But i want to get rid of any captcha for comment. Please help me how to do so. Thank you so much!
Hi Binny,
Try our WordPress troubleshooting tips to figure out where the captcha is coming from and how to disable it.
This was great – very helpful. Thank you!
As a new WordPress blogger, this article was extremely informative.
I only have a small amount of spam so far, which is why I Google and found this article, but wanted to get ahead of it.
I’ve implemented a few suggestions from this article.
If the spam increases, I will implement more.
Great article for WP Newbie!
– Rich
The cookies for comments plugin seems outdated. Can you suggest a more recent plugin with up to date support?
I find adding an expiration date to comments and a good captcha option slow down the spam comments quite a bit. I recently installed Google’s “Recaptcha”. It’s pretty un-intrusive and doesn’t seem to bother commenters.
I considered removing the site URL link-back, but thought it would slow or stop people from commenting. It looks like that’s not the case here. Did you notice a slow down in comments when you did this?
Love the site. Keep up the good work. Do you ever accept guest posters?
Thanks for the post! I have a question – I have been getting a lot of spam comments recently, most of them are rambling irrelevant posts about camping equipment or cam sites etc and I mark those as spam straight away. However some of the comments are actually relevant to the post and make sense but then have a random spam link thrown in at the end or in the ‘URL’ field – for those posts, I have been editing them – making sure that any links are removed and also changing the name to a non-keyword name (they usually use real email addresses so I can get their name from that) and then posting/approving the edited comments.
Does this effect my rankings in any way? And is it a clean way to post the comments or should I just trash/spam them all and not both editing?
Thanks for your help!
It does not effect rankings. However, perhaps it would be better if you don’t edit and fill in the name field yourself. If a user has used keyword in their name, then you should trash such comment. Editing comments to make them more readable is OK.
Why though? Is there a reason that I shouldn’t be adding/approving these comments for my site? Will it effect me negatively? I am just removing any links and *occassionally* changing their name to their actual name based on their email address. Does this effect my website in any way?
It doesn’t. But changing the name a user has chosen to identify themselves seems a bit inappropriate. If their name was like ‘John Smith From Example.com’, then you can remove ‘from example.com’ off the name field. However, if their name was example.com or a keyword, then the user has given you no name to show. You can of course try and find out names, but may be the user didn’t want to use a name and by doing so you will be violating their privacy and rights. We think all this trouble is not worth the effort. There are other ways to get more and better engaged users to comment.
Wow,Thanks For The Informative WordPress Comment Spam, Tutorial, Keep Sharing
Wonderful article. Thanks so much for sharing it!
Hi,
I’ve just installed Akismet plugin, what should I do? It doesn’t do anything.
May you introduce more captcha plugins(easy for uneducated fools to fill)
Thanks
Akismet works in the background as a filter. Soon you will start noticing spam comments appearing under the SPAM filter on your comment moderation screen.
You can use CAPTCHA, but CAPTCHA is bad for user experience and discourages your users from commenting.
Just installed Askimet, Thank you very much!
Good information. Hope to have less spam. Thanks
Thanks for the information. Have just installed Askimet. Hope it works for me.
I’m coming to this post after 5 months approximately, according to your recommendation I started using using Cookies for Comment plugin and today I’m not getting a single spam comment. Thank you so much.
Hello, this is a little bit off theme…
I want some of my posts to be protected with password. It is OK that i give a password, but i want the excerpt of the post to be readable for all the visitors. is there a plugin for it or do u have any other idea to solve it? thx in advance.
Thanks for the article. Great info and helped me stop a spam assault on my new blog instantly.
this is a very informative guide sir,i have a niche blog even after installing askimet and other plugins i’m getting atleast 5 spam comments per day from one pager seo companies[mostly scam].I guess these comments are coming from bots.how could i ban those bots on my blog ?
akismet is enough to stop spam…
It actually depends on each site. If a site owner feels that comments are not contributing to the discussions on their site, or not helping them grow, then they can decide to remove them.
Very comprehensive post – and I see you are still using Disqus for comments. There’s been some debate around closing comments all together recently (Copyblogger closed their comments in late 2014) – what do you think? is it something to consider for new blogs with little traffic/comments too?
I just uploaded Disqus to fight spam for my company blog, but these are a much better solution I guess. Thank you for this article.
Hello, this is a little bit off theme…
I want some of my posts to be protected with password. It is OK that i give a password, but i want the excerpt of the post to be readable for all the visitors. is there a plugin for it or do u have any other idea to solve it? thx in advance.
I still don’t understand why they spam comments in 2014. Ok, 20 years ago, but now ? wasting energy for them and blogger.
I think, still they are thinking that kind of spammy links will work for them.