Stop WordPress Comment Spam With These Pro Tips

Comment spam and registration spam remain a large problem for WordPress users. It is not uncommon for some WordPress websites to receive hundreds or even thousands of comments every week.

This level of spam can damage your reputation with readers and commentators if you fail to tackle it. It is therefore important to face spammers head on and thwart their attempts at spamming your website.

Thankfully, tackling spammers does not need to be a time consuming endeavor. If you configure your WordPress website correctly, and install a good anti-spam plugin, you can eliminate the vast majority of spam from your website.

Let us take a closer look at how you can tackle WordPress spam.

Note: All of the WordPress plugins in this article are free to download (unless otherwise stated).

Configure Your WordPress Discussion Settings

Before you install any anti-spam plugin, you should configure your discussion settings correctly. These are located in the Settings section of your admin area (i.e. http://www.yourwebsite.com/wp-admin/options-discussion.php).

A fullproof way of stopping comment spam is to manually approve every comment. I am not a big fan of this myself as it time consuming and the discussion is held up until you manually approve each comment.

A more practical solution is to manually approve the first comment of a person. This works well as it allows you to review each commenter and once they are approved, their comments will be published automatically. It is an effective solution as spammers rarely take the time to write a good comment; therefore their attempt at publishing a link in your comment area can be stopped easily.

You can also place any comments with links directly into the moderation queue. Comments can also be marked as spam automatically if they contain any banned words you specify in your blacklist.

WordPress Discussion Settings
Be sure to review your discussion settings.

In an attempt to tackle comment spam, I have tested restricting comments to registered users. It was not a great solution. Although it did help reduce comment spam significantly, it also greatly reduced the number of comments submitted by readers as people do not want to go through the hassle of creating an account in order to publish a comment.

Additionally, in order to allow people to sign up for an account, I had to enable member registration. This allowed thousands of spammers to create fake user accounts on my website.

Although captcha forms and other anti-spam tools can reduce registration spam, I strongly believe that unless you need to enable public registration (e.g. for a discussion forum or membership website), you should disable member registration in the general settings page (i.e. http://www.yourwebsite.com/wp-admin/options-general.php). You can continue to create accounts manually for contributors, authors, and editors.

WordPress General Settings
Disabling member registration will help stop registration spam.

I recommend adjusting your discussion settings to suit your own preference to fighting spam. If you want to ensure that no spam ever gets through, you can manually approve every comment. Those of you who receive a lot of comments might find this configuration too time consuming, so you might want to make your commenting policy less strict. This might mean the odd spam comment gets through; however, it removes the need for you to check every single comment that is published on your website.

Configuring your WordPress discussion settings correctly is the first step towards tackling spam; however there are a number of great anti-spam WordPress plugins available that help you make things even more difficult for budding spammers. Let’s take a closer look at some of the best solutions.

Akismet

akismet

Akismet is such an essential plugin that Automattic includes it with every copy of WordPress. After acquiring a key from the Akismet website, the plugin will stop protecting your website from spam comments.

Akismet checks every comment that is submitted to your website against their spam database. If a comment looks like spam, it will be placed in your spam folder. The plugin does not always get it right, however, if legitimate comments are placed in your spam folder (i.e. a false positive), you can mark them as “Not Spam”. Likewise, you can mark spam comments that slipped through as “Spam”. Over time, this process helps improve Akismet’s strike rate.
The number of approved comments for each commenter can be displayed next to their name to help you moderate comments more effectively. Obvious spam can be deleted automatically, however I always like to play it safe and send all spam comments to the spam folder so that I un-spam any false positives.

In the Akismet settings page, you will see details of how effective the plugin has been at catching spam comments. On most of my websites, Akismet has an accuracy rating over 99.5%. This high rate of success is why millions of website owners rely on Akismet to prevent spam. For me, one of the best things about the plugin is the fact that it plays so nice with other anti-spam plugins.

WP-SpamShield Anti-Spam

wp-spamshield-anti-spam

WP-SpamShield Anti-Spam is an easy to use anti-spam WordPress plugin that tackles comment spam & registration spam. It aims to eliminate all automated spam from your website. There is no need to add a Captcha form to your comment form as the plugin operates in the background.

The plugin features advanced comment logging and comment blacklisting features. This helps you block persistent spammers better. You can also stop anyone from publishing comments on your blog if they are using a proxy.
WP-SpamShield Anti-Spam is a useful anti-spam plugin that works in the background to block spam. It is so discrete, you will forget it is even activated.

Antispam Bee

antispam-bee

Antispam Bee is a large collection of anti-spam filters and tools. The filters allow you to make your comment approval process more difficult. For example, you can automatically mark any comments with BB code as spam. Comments can be filtered further with tools such as blocking comments from specific countries and restricting comments to a particular language.

The plugin also allows you to clean your database of spam after a specified number of days. Statistics about spam blocking can also be displayed on your dashboard.

Growmap Anti Spambot Plugin

growmap-anti-spambot-plugin

Growmap Anti Spambot Plugin aims to stop spambots by adding a checkbox to your comment form that asks commenters: “Confirm you are NOT a spammer”. The developers of the plugin claim that this will stop 99% of all automated bots. They also believe this solution is more user-friendly than a Captcha form. It is hard to disagree with that viewpoint.

An alert is displayed if a visitor does not enable the confirmation checkbox. The alert message that is displayed to visitors who do not check the box can be customized through the setting area. The message that is displayed to possible spammers can be changed too.

A number of additional spam detection tools are available such as stopping a user from submitting another comment if they already have a specified number of comments in the moderation queue. You can also define the maximum number of URLs allowed in comments and the maximum number of words allowed in the name field (because spammers frequently use their website title as their name).

Anti-spam by CleanTalk (no CAPTCHA)

anti-spam-cleantalk

As the name suggestions, Anti-spam by CleanTalk (no CAPTCHA) does not rely on commenters checking any boxes or completing any captcha forms in order to prove they are human.

The plugin integrates with many popular WordPress plugins such as bbPress, BuddyPress, and Contact Form 7. It can be used to stop comment spam, registration spam, trackback spam, and spam emails coming through your contact form. Anti-spam settings for specific types of spam can be disabled through the settings area if necessary.

Anti-spam

anti-spam

Anti-spam is another spam protection WordPress plugin that does not rely on your commenters completing Captcha images. The plugin does not have any settings area; which is quite unique for a plugin of this type.

It works by setting up an invisible input trap for bots. Two hidden fields are added to your comment form. The first field is a date field and will be automatically completed by Javascript. The second field should be empty. Spam bots get tricked by entering the wrong information for these fields. Simple, but effective.

Please note that the plugin does not work with Jetpack comments since that comment solution uses an iframe. A pro version of Anti-spam is available for $14 that has a small settings page with a few additional options.

AVH First Defence Against Spam

avh-first-defense-against-spam

AVH First Defence Against Spam is a feature rich anti-spam plugin that checks the IP of a commenter against the spam databases at Stop Forum Spam, Project Honey Pot, and The Spamhaus. Blocking spammers before they attempt to send a comment can reduce bandwidth and reduce the load on your CPU.

The plugin can also store IP information about hackers in your database. This can make your database grow quickly in size if you receive a lot of spam submissions; which is why the feature is disabled by default. Blacklists and whitelists are also available to help you control who can and cannot publish comments.

Other Anti-Spam Solutions

Due to the severity of the spam problem that WordPress website owners face, there are many anti-spam plugins available online. Below is a small list of other anti-spam plugins that you may want to consider using on your website.

Two other useful plugins worth checking out are WPCommentCleaner and WPDBTotalCleaner. By installing one of these plugins, you can quickly delete spam comments and unapproved comments from your database. This can greatly reduce the size of your WordPress database if it has a lot of spam comments. Therefore, your website will be more efficient and run a little quicker.

WPCommentCleaner
WPCommentCleaner allows you to delete spam comments quickly and efficiently.

Final Thoughts

I follow the same steps with every WordPress website I own. The first thing I do is configure my discussion settings correctly so that comments with links are sent to the moderation queue and ensure that the first comment from each person is moderated. This makes it almost impossible for spam comments to slip through.

The next step I take is to activate Akismet. On some of my websites, it is the only anti-spam plugin I have activated. If, however, I see an increase in spam comments getting through, I install another anti-spam plugin. Apart from Akismet, I do not have any preferred anti-spam plugin that I use every time and have used a variety of anti-spam plugins over the years on different websites. However, I do usually install one of the plugins listed in this article.

Frequently, dealing with spammers is a case of trial and error. If one solution does not work, try another. If that does not work, try something else. I realise that many readers want to know what is the best anti-spam solution available, however I do not think the fighting spam is always black or white. I have found some plugins to work well on one website, but not on another.

It is also important to realise that the best solution for each website is different. It can depend on the level of spam comments the website receives and the level of legitimate comments it receives.

For example, I have an old content website that gets very little traffic. For that particular website, I have installed three anti-spam plugins that collectively eliminate 99.99% of spam. It is very rare that any spam comment gets through. This high level of protection means that there is a higher risk of real comments from humans being marked as spam. It is a small price to pay as the website does not receive a lot of traffic and I place a higher priority on blocking spam comments than the odd legitimate comment not being published.

The situation is different on my own blog. I have written long, detailed comments on blogs I read and have had them marked as spam and deleted because the blog owner’s handling of comments was too severe. I therefore understand the frustration that a blog reader will experience after spending 20 minutes writing a great comment and not seeing it published.

With an active blog, it is vital that real comments are published and spam comments are not. It is therefore worthwhile spending a little time moderating your comments so that real comments are not accidentally marked as spam and deleted.

Review your own situation and choose an anti-spam solution accordingly. Remember that many anti-spam solutions are effective at tackling large volumes of automated spam, while others put in measures to discourage spam by humans.

Tags

Comments (21)

  1. Kevin: Thanks for this useful overview of the issues and options.

    But I think you have an error in the 1st paragraph of the Akismet section. You wrote:

    “After acquiring a key from the Akismet website, the plugin
    will stop protecting your website from spam comments.”

    Pretty sure you meant the plugin will START protecting your website.

    - GB

  2. I’ve found the anti-spam feature that comes with Bulletproof Security Pro to be a good deterrent against both comment and registration Spam. It creates a field that the user needs to click on and, once clicked upon, informs the user what to type in the field. It’s very effective. I had to turn off BPS Pro on one site and, within an hour, had a spam registration. With BPS Pro on, I haven’t gotten any.

  3. Hi Kevin,

    Stopping spam is a really important theme. I’m glad you took it up. That’s exactly why we coded our FV Antispam plugin.

    Originally we used to use WP Spam Free but we were kicked off of shared hosting as it created such a high server load. So our goal was a very low overhead spam plugin.

    Next, we believe in “intelligent defaults”: a software user (in this case the site owner) should not have to configure anything for the software to work correctly.

    What we found was happening with spam is that bot spam was getting past Akismet but Akismet is very good at catching human spam. So now our sole goal with FV Antispam is to catch bot-spam (about 90% of spam actually). The other 10% is caught by Akismet. We are big users of WPMU Dev plugins ourselves which are designed to be simple and powerful.

    I think other WPMU Dev members would like FV Antispam’s simplicity and power. No server load and nothing to configure (unless you want to).

    Alas, spammers don’t sit still so we have to update FV Antispam very regularly to keep ahead of them. We are using FV Antispam on some very popular websites (as wellas our own) so we keep it very up to date. As soon as effectiveness starts to slip, we’ll usually have an update within a few days.

    Thanks again for your article highlighting the importance of an effective antispam solution.

  4. I use WangGuard, Are You A Human, FunCaptcha (either this one or AYAH cause AYAH doesn’t work with BuddyPress), and WP SpamShield (and on one site Akismet) to stop all types of spammers – but mostly registration spammers cause I always make sure I enable ‘Must be logged in to comment’. I’m quite proud to say that I rarely have to deal with any spam these days.

  5. Cheers Kevin. I think some captcha plugins work well too. One of my sites started getting a lot of spammy form completions and comments. I installed the Sweet Captcha plugin and it has worked well so far. I also think it looks pretty cool and it’s quite fun (relatively speaking of course).

    Thanks, Neil

    • I used to use captcha plugins, though I have been put off them a little as although they are effective at reducing spam, I also believe they discourage comments.

      That is why I am more inclined to install anti-spam solutions that work in the background.

  6. Hi Kevin,

    Captcha plugins do reduce spam but forced registration does as well. I am leaning more and more Neil’s solution though for a reasonably popular site: force visitors to register once and then enjoy hassle free commenting.

    In the end, most comments come from 1% of your visitors. Those people will probably register and will appreciate not having to fill in captchas going forward.

    When one is starting a site or even in the first year of radical growth, lowering the barrier to commenting via anti-spam is definitely the way to go. In any case, I’m less and less fond of the anonymity of the internet. Driveby commenters (like shooters) disrupting your site can really be a problem unless you put all comments on approval only (I strongly recommend preemptive moderation, especially for controversial or even personal sites).

  7. Akismet became a fail for me on my older sites. These are sites that have been active WP sites for 9 years and counting now, and Akismet blocked spam effectively for most of that time… more than 10 million spam comments on 2 combined sites.

    Akismet was fine until version 2.5 came out, and they added comment histories.

    I thought nothing of it at the time, until 2 years ago when I needed to move hosting for those sites, and discovered that my database tables for commentsmeta ranged from 35-55Mb.

    It only took a single Google search to discover that Akismet’s “feature” to clean up comment histories after 30 days didn’t work, and never has, and about a dozen WP tips sites have SQL snippets that you can run manually to clean that cruft out. The fact that Akismet tells users/admins that it’s cleaning up after itself and never has since day one is irresponsible and unacceptable.

    Since then, I have tried several combinations of other anti-spam plugins, and WP Spamshield has been my favorite this year… it absolutely works like a dream. The only drawback is it doesn’t hook into Gravity Forms to provide spam protection for the forms.

    So on sites where I use Gravity Forms, I still have Akismet active, but I also use a plugin called WP Conditional Captcha, which has a feature to clean up the comment histories that Akismet fails to, and on those 2 aforementioned sites, my commentsmeta tables dropped to less than 2Mb each.

    Otherwise, I’m using WP Spamshield only, and in one case I’m testing out Zero Spam.

  8. Hi Kevin
    I thought that you’d missed my favourite but there it is in the list at the bottom…

    “WordPress Simple Firewall – An Akismet replacement that catches human spam and blocks spam from bots.”

    Catches all my spam and does a whole lot more.

  9. Good point, atouchofsummer. It slipped my mind how Akismet bloats the database. Our FV Antispam also has options to clean up the Akismet database regularly so you don’t slow your database.

    You’re dead right though: it’s very bad manners for Akismet to hang on to that much data and not clean up after itself.

  10. Hello Kevin,
    thanks for your article, I am happy with CAPTCHA-Plugin too.

    Please which plugin you use here to have
    - Notify me of followup comments via e-mail
    - Notify me of new posts by email.
    under your post ?

    Best regards, Uwe

Participate