Comment spam and registration spam remain a large problem for WordPress users. It is not uncommon for some WordPress websites to receive hundreds or even thousands of comments every week.
This level of spam can damage your reputation with readers and commentators if you fail to tackle it. It is therefore important to face spammers head on and thwart their attempts at spamming your website.
Thankfully, tackling spammers does not need to be a time consuming endeavor. If you configure your WordPress website correctly, and install a good anti-spam plugin, you can eliminate the vast majority of spam from your website.
Let us take a closer look at how you can tackle WordPress spam.
Note: All of the WordPress plugins in this article are free to download (unless otherwise stated).
Configure Your WordPress Discussion Settings
Before you install any anti-spam plugin, you should configure your discussion settings correctly. These are located in the Settings section of your admin area (i.e. http://www.yourwebsite.com/wp-admin/options-discussion.php).
A fullproof way of stopping comment spam is to manually approve every comment. I am not a big fan of this myself as it time consuming and the discussion is held up until you manually approve each comment.
A more practical solution is to manually approve the first comment of a person. This works well as it allows you to review each commenter and once they are approved, their comments will be published automatically. It is an effective solution as spammers rarely take the time to write a good comment; therefore their attempt at publishing a link in your comment area can be stopped easily.
You can also place any comments with links directly into the moderation queue. Comments can also be marked as spam automatically if they contain any banned words you specify in your blacklist.
In an attempt to tackle comment spam, I have tested restricting comments to registered users. It was not a great solution. Although it did help reduce comment spam significantly, it also greatly reduced the number of comments submitted by readers as people do not want to go through the hassle of creating an account in order to publish a comment.
Additionally, in order to allow people to sign up for an account, I had to enable member registration. This allowed thousands of spammers to create fake user accounts on my website.
Although captcha forms and other anti-spam tools can reduce registration spam, I strongly believe that unless you need to enable public registration (e.g. for a discussion forum or membership website), you should disable member registration in the general settings page (i.e. http://www.yourwebsite.com/wp-admin/options-general.php). You can continue to create accounts manually for contributors, authors, and editors.
I recommend adjusting your discussion settings to suit your own preference to fighting spam. If you want to ensure that no spam ever gets through, you can manually approve every comment. Those of you who receive a lot of comments might find this configuration too time consuming, so you might want to make your commenting policy less strict. This might mean the odd spam comment gets through; however, it removes the need for you to check every single comment that is published on your website.
Configuring your WordPress discussion settings correctly is the first step towards tackling spam; however there are a number of great anti-spam WordPress plugins available that help you make things even more difficult for budding spammers. Let’s take a closer look at some of the best solutions.
Akismet is such an essential plugin that Automattic includes it with every copy of WordPress. After acquiring a key from the Akismet website, the plugin will start protecting your website from spam comments.
Akismet checks every comment that is submitted to your website against their spam database. If a comment looks like spam, it will be placed in your spam folder. The plugin does not always get it right, however, if legitimate comments are placed in your spam folder (i.e. a false positive), you can mark them as “Not Spam”. Likewise, you can mark spam comments that slipped through as “Spam”. Over time, this process helps improve Akismet’s strike rate.
The number of approved comments for each commenter can be displayed next to their name to help you moderate comments more effectively. Obvious spam can be deleted automatically, however I always like to play it safe and send all spam comments to the spam folder so that I un-spam any false positives.
In the Akismet settings page, you will see details of how effective the plugin has been at catching spam comments. On most of my websites, Akismet has an accuracy rating over 99.5%. This high rate of success is why millions of website owners rely on Akismet to prevent spam. For me, one of the best things about the plugin is the fact that it plays so nice with other anti-spam plugins.
WP-SpamShield Anti-Spam is an easy to use anti-spam WordPress plugin that tackles comment spam & registration spam. It aims to eliminate all automated spam from your website. There is no need to add a Captcha form to your comment form as the plugin operates in the background.
The plugin features advanced comment logging and comment blacklisting features. This helps you block persistent spammers better. You can also stop anyone from publishing comments on your blog if they are using a proxy.
WP-SpamShield Anti-Spam is a useful anti-spam plugin that works in the background to block spam. It is so discrete, you will forget it is even activated.
Antispam Bee is a large collection of anti-spam filters and tools. The filters allow you to make your comment approval process more difficult. For example, you can automatically mark any comments with BB code as spam. Comments can be filtered further with tools such as blocking comments from specific countries and restricting comments to a particular language.
The plugin also allows you to clean your database of spam after a specified number of days. Statistics about spam blocking can also be displayed on your dashboard.
Growmap Anti Spambot Plugin aims to stop spambots by adding a checkbox to your comment form that asks commenters: “Confirm you are NOT a spammer”. The developers of the plugin claim that this will stop 99% of all automated bots. They also believe this solution is more user-friendly than a Captcha form. It is hard to disagree with that viewpoint.
An alert is displayed if a visitor does not enable the confirmation checkbox. The alert message that is displayed to visitors who do not check the box can be customized through the setting area. The message that is displayed to possible spammers can be changed too.
A number of additional spam detection tools are available such as stopping a user from submitting another comment if they already have a specified number of comments in the moderation queue. You can also define the maximum number of URLs allowed in comments and the maximum number of words allowed in the name field (because spammers frequently use their website title as their name).
As the name suggestions, Anti-spam by CleanTalk (no CAPTCHA) does not rely on commenters checking any boxes or completing any captcha forms in order to prove they are human.
The plugin integrates with many popular WordPress plugins such as bbPress, BuddyPress, and Contact Form 7. It can be used to stop comment spam, registration spam, trackback spam, and spam emails coming through your contact form. Anti-spam settings for specific types of spam can be disabled through the settings area if necessary.
Anti-spam is another spam protection WordPress plugin that does not rely on your commenters completing Captcha images. The plugin does not have any settings area; which is quite unique for a plugin of this type.
Please note that the plugin does not work with Jetpack comments since that comment solution uses an iframe. A pro version of Anti-spam is available for $14 that has a small settings page with a few additional options.
AVH First Defence Against Spam is a feature rich anti-spam plugin that checks the IP of a commenter against the spam databases at Stop Forum Spam, Project Honey Pot, and The Spamhaus. Blocking spammers before they attempt to send a comment can reduce bandwidth and reduce the load on your CPU.
The plugin can also store IP information about hackers in your database. This can make your database grow quickly in size if you receive a lot of spam submissions; which is why the feature is disabled by default. Blacklists and whitelists are also available to help you control who can and cannot publish comments.
Other Anti-Spam Solutions
Due to the severity of the spam problem that WordPress website owners face, there are many anti-spam plugins available online. Below is a small list of other anti-spam plugins that you may want to consider using on your website.
- WordPress Simple Firewall – An Akismet replacement that catches human spam and blocks spam from bots.
- WP Anti Spam – Has some unique spam prevention tools such as a word count limit and an option of marking comments without Gravatars as spam.
- SI CAPTCHA Anti-Spam – Adds a captcha form to your comment form, registration form, and login form.
- AlphaOmega Captcha & Anti-Spam Filter – Allows you to add a captcha form to your forms and adds many anti-spam filters to reduce automated spam.
- Peter’s Custom Anti-Spam – Force commenters to identify an image before submitting a comment.
- Stop! You Never Have To Fight Comment Spam Again – An anti-spam plugin that catches most spam automatically and allows blocking by continent and by country.
- IP Blacklist Cloud – Lets you block specified IP addresses and usernames from spamming you.
- Spam Free WordPress – An anti-spam plugin that uses zero false positives to catch automated spam bots.
Two other useful plugins worth checking out are WPCommentCleaner and WPDBTotalCleaner. By installing one of these plugins, you can quickly delete spam comments and unapproved comments from your database. This can greatly reduce the size of your WordPress database if it has a lot of spam comments. Therefore, your website will be more efficient and run a little quicker.
I follow the same steps with every WordPress website I own. The first thing I do is configure my discussion settings correctly so that comments with links are sent to the moderation queue and ensure that the first comment from each person is moderated. This makes it almost impossible for spam comments to slip through.
The next step I take is to activate Akismet. On some of my websites, it is the only anti-spam plugin I have activated. If, however, I see an increase in spam comments getting through, I install another anti-spam plugin. Apart from Akismet, I do not have any preferred anti-spam plugin that I use every time and have used a variety of anti-spam plugins over the years on different websites. However, I do usually install one of the plugins listed in this article.
Frequently, dealing with spammers is a case of trial and error. If one solution does not work, try another. If that does not work, try something else. I realise that many readers want to know what is the best anti-spam solution available, however I do not think the fighting spam is always black or white. I have found some plugins to work well on one website, but not on another.
It is also important to realise that the best solution for each website is different. It can depend on the level of spam comments the website receives and the level of legitimate comments it receives.
For example, I have an old content website that gets very little traffic. For that particular website, I have installed three anti-spam plugins that collectively eliminate 99.99% of spam. It is very rare that any spam comment gets through. This high level of protection means that there is a higher risk of real comments from humans being marked as spam. It is a small price to pay as the website does not receive a lot of traffic and I place a higher priority on blocking spam comments than the odd legitimate comment not being published.
The situation is different on my own blog. I have written long, detailed comments on blogs I read and have had them marked as spam and deleted because the blog owner’s handling of comments was too severe. I therefore understand the frustration that a blog reader will experience after spending 20 minutes writing a great comment and not seeing it published.
With an active blog, it is vital that real comments are published and spam comments are not. It is therefore worthwhile spending a little time moderating your comments so that real comments are not accidentally marked as spam and deleted.
Review your own situation and choose an anti-spam solution accordingly. Remember that many anti-spam solutions are effective at tackling large volumes of automated spam, while others put in measures to discourage spam by humans.