1. Built-In Features:
• Use Akismet: Akismet is a built-in spam filter for WordPress that helps to protect your website from spam comments. It checks all comments and filters out the ones that look like spam.
• Moderate Comments: You can manually moderate all comments before they are published on your website. This will help to ensure that only legitimate comments are published.
• Use Captcha: Captcha is a type of challenge-response test used to ensure that the user is a human and not a bot. You can add a captcha to your comment form to prevent bots from submitting spam comments.
2. Spam Plugins:
• Antispam Bee: Antispam Bee is a free WordPress plugin that helps to protect your website from spam comments. It checks all comments and filters out the ones that look like spam.
• WP-SpamShield: WP-SpamShield is a premium WordPress plugin that helps to protect your website from spam comments. It checks all comments and filters out the ones that look like spam.
• WP-SpamFree: WP-SpamFree is a free WordPress plugin that helps to protect your website from spam comments. It checks all comments and filters out the ones that look like spam.
3. WAF (Web Application Firewall):
• Sucuri: Sucuri is a web application firewall (WAF) that helps to protect your website from malicious attacks. It checks all incoming traffic and filters out the ones that look suspicious.
• Cloudflare: Cloudflare is a web application firewall (WAF) that helps to protect your website from malicious attacks. It checks all incoming traffic and filters out the ones that look suspicious.
• Incapsula: Incapsula is a web application firewall (WAF) that helps to protect your website from malicious attacks. It checks all incoming traffic and filters out the ones that look suspicious.
We all love WordPress, but one frustrating thing with the platform out of the box is having to deal with large volumes of comment spam. No matter what type of blog your business runs, you will have to figure out or come up with a strategy on how to stop WordPress comment spam at some point.
Thankfully there are a lot of great plugins, tricks, and settings you can easily enable and or install to literally reduce your spam by 99%. Yes, you can really reduce it that much! Stop wasting time managing spam comments and focus on growing your blog and business.
Too much comment spam will harm your site. It can affect your search engine rankings, will impact the credibility of your discussion among legitimate commenters, and could have a security impact. Stopping it is well worth your while.
So how do you stop WordPress comment spam?
Prefer to watch the video version?
7 Ways to Stop WordPress Spam Comments with Built-In Features
The first place to go when combatting WordPress comment spam is the discussion settings, which you access via Settings > Discussion.
Here, you can:
You can also disable comments for individual posts via the post editing screen.
Let’s take a look at each of these methods.
1. Disable Comments Entirely
The first option you have to simply disable WordPress comments altogether. Perhaps your business doesn’t use or want comments, so to protect yourself from getting any spam comments you can just disable them. One of the easiest ways to do this is to simply uncheck the Allow people to post comments on new articles option, which is located under Settings > Discussion.
To disable comments entirely, go to the Default post settings section at the top of the Discussion settings screen, and uncheck the options.
This will turn off comments on all new posts. You can also turn off pingbacks too.
Note that commenting isn’t turned off for posts you already published. If you want to turn these off, you’ll need to do this for each of those posts individually. We’ll show you how to do that shortly.
Scroll to the bottom of the screen and hit the Save Changes button. All commenting will now be disabled.
2. Turn off Anonymous Comments
Another option you have is to turn off anonymous comments. WordPress native comments ask the visitor for four pieces of information: comment, name, email, and website by default.
If anonymous comments are enabled, they won’t be required. This instantly opens up your site to a lot of spambots that constantly crawl comment forms on websites.
To disable anonymous comments in WordPress simply check the Comment author must fill out name and email option under Settings > Discussion.
This will make it harder for bots to leave automated comments (which make up the vast majority of comment spam) – but not impossible. It might also discourage people from leaving malicious comments or trolling your site.
3. Enable Comment Moderation
Your next option to stop WordPress comment spam is to use some of the built-in moderation features.
The first is the ability to manually approve each comment. While this won’t reduce spam, it can be an effective way to ensure visitors to your site only see high-quality comments that you have approved.
The second is the comment moderation queue. For example, you can automatically hold a comment in moderation if it contains a certain number of links or more. You can also build up a list of words, names, URLs, IPs, etc. that are held for moderation as well.
Go to the Email me whenever and the Before a comment appears sections.
- To moderate all comments, check Comment must be manually approved.
- To moderate comments from new commenters, check Comment author must have a previously approved comment.
- To receive an email when a comment is held for moderation (important so you can moderate and approve or trash it quickly), check the Email me whenever… A comment is held for moderation option.
4. Only Allow Comments from Logged In Users
If you want to further restrict the people who can leave comments, you can choose to only allow commenting from people who are logged in users of the site. You might do this if your site is a membership community and you want to encourage debate within that community but keep other commenters out.
To do this, go to the Other comment settings section. Check the Users must be registered and logged in to comment option.
You’ll also need to consider the settings for user registration – will you allow anyone to register or will there be a moderation process for that? You can access registration settings by going to Settings > General.
5. Create a List of Blacklisted Words
If you want to allow comments but don’t want comments on specific subjects, then you can set a list of blacklisted words. This will include words commonly used by spammers as well as words you don’t want appearing on your site where relevant, such as profanity.
If you don’t want your competitors’ products or websites mentioned or linked to, you could also include those (although beware of taking this too far).
To create a list of blacklisted words, go to the Comment Blacklist field and type in the blacklisted words or phrases, one per line. They don’t have to be limited to words: they can include email addresses, website URLs, IP addresses, or anything you want to include.
You can speed this up by using an existing list of words commonly used by spammers. It’s sensible to check the list first as it might include words you don’t want to ban. For example one word in there is ‘handbag’ – if you’re running an accessories store that’s a word you won’t want to ban!
If you don’t want to ban comments containing these words entirely, but want to moderate them instead, then you just add the list to the Comment Moderation field instead. This way, any comments using those words will be held for moderation instead of being sent to spam. Or you could use a combination of the two, with some words in one field and some in the other.
6. Reduce or Ban Links in Comments
Spam comments often contain links because they’re posted with the purpose of driving traffic to the spammer’s website. You can ban comments with links entirely or reduce the number of links allowed in a comment.
In the Comment Moderation section, select the number of links a comment needs to have before it’s held for moderation. To allow one link, use 2, or to prevent any comments with links, select 1.
Alternatively, select a higher number if you want to allow comments with more than one link.
Comments with more than the permitted number of links will be held for moderation by an administrator before they can be published.
7. Disable Comments for Individual Posts
If you disable comments in WordPress after you’ve already published posts to your site, or if you only want to prevent comments on specific posts, you need to set this up in the post editing screen for the relevant post.
This can be useful if you’re publishing a post on a controversial subject or if you have one which has attracted a lot of spam.
Go to Posts, find the post you want to edit and click on its name to open the post editing screen.
In the Document pane on the right, scroll down to the Discussion tab and open it. Uncheck Allow comments to disable comments on that post.
Save changes to the post by clicking the Update button and comments will no longer be displayed or enabled on that post.
Stop WordPress Spam Comments with a Plugin
If you want a more powerful way to stop WordPress comment spam, then you can install plugins to manage it for you. This means you can keep comments enabled in your site but prevent spam comments from being notified to you for moderation or from being published.
Here are some of the plugins you can use to stop WordPress comment spam.
Akismet
The Akismet plugin is included by default with every WordPress installation and is developed by the team at Automattic. It analyzes data from millions of sites and communities in real-time and protects your WordPress site from spam.
It’s one of the best WordPress plugins, it’s completely free for personal use and starts at $5/month for commercial sites.
It currently has over 5 million active installs with a 5 out of 5-star rating. You can download Akismet from the WordPress repository or by searching for it within your WordPress dashboard under Plugins > Add New (although it should be on your site already unless it was removed).
This plugin has a long history of building up spam rules and filters which do a great job of ensuring you see the good comments and not the bad.
If you’re running a commercial site, you’ll need to pay for an Akismet license, but it’s free for hobby bloggers. It’s extremely powerful and will banish over 99% of comment spam from your WordPress site.
Disable Comments
Disable Comments is a free plugin that lets you globally disable comments for a post type. It’s useful if you want to disable comments on a WordPress site with existing content and you don’t want to manually go through it.
How to Remove Comment Author Link with a Plugin
You can add a snippet of code to your WordPress site to simply remove the WordPress author comment links.
We do this on the Kinsta blog and it helps improve the quality of comments. If visitors see that the author’s name on existing comments isn’t linked, then they might be discouraged from leaving a comment just for that reason. This means you are hopefully only getting comments from visitors who want to engage with your content.
To do this, you can write your own simple plugin.
Start by creating a file in your wp-content/plugins directory for the plugin. Call it something like kinsta-comment-author-link.php.
Then in the plugin file, add this code:
/*
Plugin Name: Remove Comment Author Links
Plugin URI: https://kinsta.com
Description: This plugin removes links to comment author websites, as a way of reducing the impact of comment spam.
Version: 1.0
Author: Rachel McCollin
Author URI: https://rachelmccollin.com
Textdomain: kinsta
License: GPLv2
*/
function kinsta_remove_comment_author_link( $return, $author, $comment_ID ) {
return $author;
}
add_filter( 'get_comment_author_link', 'kinsta_remove_comment_author_link', 10, 3 );
function kinsta_remove_comment_author_url() {
return false;
}
add_filter( 'get_comment_author_url', ‘kinsta_remove_comment_author_url');
If you want, you can also remove the field for entering the website in comments altogether. Just add this code to your plugin:
function remove_website_field($fields) {
unset($fields['url']);
return $fields;
}
add_filter('comment_form_default_fields', 'remove_website_field');
Save the plugin file and activate it in the Plugins screen in your admin screens.
This plugin may not work with some themes, depending on the way comments are coded within them. If your WordPress theme is using the standard comments form, it will work. If not, try checking out the code for your theme’s comments form to find the filter hook being used.
If in doubt, use a third party plugin instead. And don’t edit your theme files unless it’s a theme you developed yourself or you’ll lose your changes next time you update it (here’s our in-depth guide on creating child themes).
Other Spam Plugins
Akismet is by far the most popular spam plugin (largely because it’s preinstalled in most WordPress installations), but that doesn’t mean it’s the only one. You might prefer to try one of these options instead:
Anti-spam has a free or paid version, with the premium plugin offering spam checking on existing comments and 24/7 technical support.
WPBruiser {no- Captcha anti-Spam} uses algorithms to spot spam comments, avoiding the need for captcha images.
Antispam Bee blocks comment spam for free without sending your data to a third-party website.
Spam protection, AntiSpam, FireWall by CleanTalk is designed to work not just with comments but also with forms plugins including Contact Form 7, Gravity Forms, and Mailchimp.
WordPress Zero Spam is another plugin that avoids the use of captchas, and also supports forms plugins including Contact Form 7 and Gravity Forms.
All In One WP Security & Firewall is an all-in-one security plugin that also stops comment spam.
These plugins are designed to be compatible with the WordPress default comments form: if you use a third-party commenting system, you’ll need to use the spam-prevention that comes with that system.
Stop WordPress Spam Comments with a Captcha
Another popular option is to use a CAPTCHA, which is some type of form or question to prove that the visitor is a human. There are a lot of great plugins out there that allow you to implement this strategy into your WordPress site and most of them are completely free.
These can be unpopular with users, especially if you use the variety that asks people to identify images with certain objects in them. But more and more sites are using captcha fields with a simple ‘I am not a robot’ checkbox now, that is impossible for a bot to fill out.
There are a lot of great plugins out there that allow you to implement this strategy into your WordPress site, and most of them are completely free.
Google Captcha (reCAPTCHA) by BestWebSoft
We are big fans of Google’s take on the CAPTCHA, or rather what they call the reCAPTCHA. Google’s is probably one of the cleanest and easiest ones to use without hurting the user experience by asking puzzling questions or showing hard to read letters.
You definitely don’t want someone leaving your site simply because they were frustrated by the CAPTCHA. The Google Captcha (reCAPTCHA) by BestWebSoft plugin works great for implementing this on your WordPress site.
Instead of making you read illegible letters and numbers or identify elements in photographs, this plugin just asks the user to tick a box confirming that they are not a robot. The box can only be ticked manually.
To set it up, you’ll need to use Google’s Captcha API to register your site and select reCAPTCHA v2 for a checkbox or reCAPTCHA v3 for a captcha that uses JavaScript to check for spam without the user having to do anything.
You can access this from a link in the plugin settings screens.
You’ll then be given a site key and a secret key, which you copy into the plugin settings screen on your site. Select Comments Form in the Enable ReCAPTCHA for section and click the Save Changes button.
Now when a user tries to add a comment, they’ll have to check the I’m not a robot checkbox first.
Other features include:
Other ReCaptcha Plugins
There are plenty of reCaptcha plugins available, some of which are designed to work with specific third-party plugins such as forms plugins. Many also work with comments.
Stop WordPress Spam Comments Using a Third-Party Commenting System
Last but not least, another easy way to stop WordPress comment spam is to forego the default native comments and use a third-party comment system.
We previously used the Disqus platform on our blog here at Kinsta and we can honestly say that it cut out 99% of spam. We never had to spend time cleaning up spam comments.
However, that is not to say Disqus doesn’t have some issues. You can read our blog post about Disqus ad changes. You’ll now have to pay to remove ads from the Disqus interface, which could add up and may impact on your site’s performance and credibility.
Disqus Conditional Load
If you want to use Disqus on your blog, we recommend using the free Disqus Conditional Load plugin. This was developed by Joel James as a way to lazy load comments so that it won’t hurt the performance of your WordPress site.
Install the plugin the normal way, activate it, and register with Disqus. This plugin is more reliable than the official Disqus plugin, so if you still want to use Disqus, you should use this one in its place.
Alternatives to Disqus
If, like us, you’re not impressed by the changes with Disqus, there are alternative third-party commenting plugins you can use instead. Some of these improve on the built-in comments system and others replace it with an alternative one. Here’s a selection.
Stop WordPress Spam Comments with a Web Application Firewall
Adding a web application firewall (WAF) such as Sucuri or Cloudflare can help dramatically cut back on the amount of spam your WordPress site receives.
Why? Because these services sit between your WordPress host and your website to block and filter out all the bad proxy traffic and bots. They also allow you to easily block entire countries with a click of a button.
A WAF can also help decrease your bandwidth and visits usage, in turn, helping you save on your monthly web hosting bills.
Summary
It’s great that WordPress comes with a commenting system out of the box, but sometimes that system isn’t as effective as we need it to be.
If you want to keep your site secure from comment spam, you’ll need to take extra steps to prevent it. These could be:
- Configuring WordPress to block or moderate comments for you.
- Installing a third-party comment and spam plugin.
- Creating your own plugin to prevent spam on your site.
If you use one of these methods to stop WordPress comment spam, you’ll make your site more secure and improve its credibility and performance.