5 Best Techniques to deal with Comment Spam in WordPress

5 Best Techniques to deal with Comment Spam in WordPress
Like Tweet Pin it Share Share Email

Any blog/website owner will have hours and hours worth of tales retelling their adventures in moderating comment spam and dealing . It’s gruesome, in the way that’s tedious and terrible at the same time.

While you optimistically leave your comment section available to the public in hopes of receiving some constructive criticism and reader opinion, the overwhelmingly large amounts of spam seem barely worth it.

So you internally debate over the pros and cons of disabling comments altogether. That’s a coward’s way out. Why give up positive interaction with readers in lieu of a non-existent comment moderation queue? Why not learn how to effectively deal with spam in WordPress instead?

Yeah, there are better ways of dealing with WordPress comment spam than CAPTCHA, which, let’s be honest, can be outwitted by OCR. But there are other, better ways on WordPress. Simply go to your WordPress admin, Settings >> Discussions and start with:

1. Comment Moderation

There are two possible configuration settings that let you choose what to do before a comment appears (is published on your website).

Enabling the “Comment must be manually approved” setting gives you autonomy and lets you sift through every single comment you have ever received; manually deciding which ones you will publish. While an excellent (and perhaps as close to foolproof as you can get) method of comment spam protection, it’s also minded numbingly tedious, especially when any website is on the receiving end of maybe one genuine comment out of hundreds.

Choose this setting only if:

  • You maintain your WordPress website/blog at least twice weekly (or frequently)
  • You want to add a time lapse to ensure that even the genuine comments don’t go against your site policy

The second option “Comment author must have a previously approved comment” gives you and your commenters more leeway by doing exactly as it says on the tin. Comments from regular commenters on your posts will be published automatically, but you’ll still have to moderate your way through first-time commenters: genuine and spam alike.

2. Banning Comment Spam with Links

Some comment spammers go for a ‘targeted’ approach and generate human readable comments with a link(s) in them for purposes of phishing. But generally speaking, the foremost purpose of comment spam is to get hyperlinks to increase the search result ranking of a given URL, which is usually added in the comment.

These comments aren’t meant for humans. And before you get any ideas, know that this is a black hat SEO practice and will result in your domain getting blocked or banned by the search engine.

WordPress is wary of comments with links in them too, which is why it sends comments with two or more links straight to the moderation queue without exception. That’s the default configuration that you can change to a single link, so every comment with a link will end up in the spam queue. Go to Comment Moderation screen to change these settings.

Keep in mind that even though the probability is low, genuine comments may have a link or two in them too. There are generated for phishing purposes (because why to leave everything to a mindless bot) Enabling this setting will treat those comments as spam too.

3. IP Blocking

This is another out-of-the-box feature in WordPress core for dealing with comment spam.

The feature, when enabled, blocks (blacklists) IP addresses of frequent ‘defaulters’. Basically, if a commenter has a history of spamming your website, the feature blocks their access through URL, registered username, email address, et al. It’s usually done with a REWRITE module on the server side (.htaccess).

Although the feature alone isn’t very effective against obsessive spambots that can change addresses at the speed of light, it’s a simple delaying tactic against basement-dweller spammers. You can also ask your hosting provider or WordPress development service to combine this with aggressive approaches like comment-time tracking (only bots will post a thousand comments per minute).

4. Close old discussions

Let the sleeping dogs lie…

Any of your old posts which have done nicely in terms of search rankings will attract more spam than some of your new ones. This can lengthen your moderation queue to ungodly proportions.

To prevent catastrophes like those, close discussions on a page/post once it’s ‘old enough’ to no longer be considered ‘topical’. This depends entirely on your WordPress blog / website niche and the type of posts in question.

This can be automated through options within your WordPress discussion settings. Just disable comments on previous posts.

5. Anti-Spam Plugins

That’s more like it…

WordPress packs some powerful anti-spam features by Akismet, and a lot of it depends on your own efforts and web host. But it’s always good to have a strong ally like a thorough antispam plugins.

For WordPress, there are plenty. WP SpamShield Antispam is, quite frankly, one of the best. So is Akismet itself, what with features that track your comment moderation ways and mimics them like your own personal spam fighting JARVIS.

Just remember that CAPTCHAs and blocking entire countries is a lazy way out.


Comment spam is an undefeatable foe. You can’t wipe it off the face of the web (because some people just love being a pain to others).

You can fortify yourself mentally (and your WordPress website, technically) to deal with it as it comes.

Author Bio: Tracey Jones provides Custom WordPress development service