As much as we adore WordPress, the constant stream of spam comments is a major drawback of the software. WordPress comment spam is an issue that will need to be addressed at some time, regardless of the sort of business site you run. Comment spam is a reality of online life, sadly. You will have to deal with spammers if you permit comments on your website. Finding a solution to comment spam is crucial if you don’t want your site to give off a bad first impression.
What comment spam is (and why it’s such a problem)
It’s common practice to spot spam comments by their general nature. You may expect to receive comment spam if you make your site open to user feedback. It’s possible that spam will become more of a problem as your site’s popularity increases. The vast majority of the comment spam online today is generated automatically by spam bots using brief, generic words as a cover to insert links.
Comment spam, in whatever form it takes, is problematic because:
- User Experience: Comment spam can clutter and degrade the quality of online discussions, making it difficult for genuine users to find relevant and meaningful comments. It can create a negative user experience by inundating comment sections with irrelevant or misleading content, reducing the overall value and trustworthiness of the platform.
- Resource Consumption: Comment spam can put a strain on the resources of the website or platform hosting the comments. If there is a large volume of spam comments, it can slow down the website or even cause it to crash, affecting the performance and accessibility for legitimate users.
- Reputation Damage: Comment spam can harm the reputation of the website or platform where it appears. Users may perceive the presence of spammy or irrelevant comments as a sign of poor quality or lack of moderation. This can lead to a loss of credibility, reduced user engagement, and damage to the reputation of the website or platform.
- Security Risks: Some comment spam may contain malicious links or embedded code that can lead to security vulnerabilities. Clicking on such links could expose users to phishing attacks, malware downloads, or other malicious activities. Additionally, comment spam can be a tactic used by hackers to test for vulnerabilities or gather information about potential targets.
- Search Engine Penalties: Search engines, such as Google, strive to provide users with relevant and high-quality content. Comment spam with links aimed at manipulating search engine rankings goes against these principles. Search engines have algorithms that can detect and penalize websites engaged in spammy practices, resulting in lower rankings or even removal from search results.
How to Stop Comment Spam on your WordPress Website:
1. Completely Turn Off Commenting
A simple solution is to prevent WordPress from accepting new comments at all. Disabling comments might prevent you from receiving spam if your company doesn’t utilize or want them. To disable comments on new articles, go to Settings > Discussion and uncheck the box labeled “Allow people to post comments on new articles.”
To turn off comments altogether, uncheck the boxes in the Default post settings section of the Discussion settings screen. All future comments on this post will be disabled. Pingbacks can be disabled if desired. It’s important to remember that disabling comments won’t affect content you’ve already published. You’ll have to disable them one at a time for each individual post if you want to stop receiving them. In a moment, we’ll explain the process in detail.
Move down to the bottom of the page and click “Save” to store your modifications. The ability to leave comments has been turned off.
2. Turn off Anonymous Comments
You can choose to disable comments from strangers. By default, WordPress comments require a user to provide their comment, name, email address, and website. They won’t be necessary if anonymous comments are allowed. Spambots, which are programmed to automatically fill out online forms, will now have easy access to your site.
In WordPress, you may also prevent anonymous comments by activating the feature found in Settings > Discussion called Comment author must fill out name and email.
This will make it more difficult, but not impossible, for automated comment-posting software (the primary source of comment spam) to post comments on your site. It might also prevent users from trolling your site or writing nasty comments.
3. Allow for Comment Moderation
WordPress’s in-built moderation tools are your next line of defense against spam comments. The first is the option to review and approve each remark individually. While this won’t help with spam, it can help guarantee that only high-quality comments that you authorize are seen to site visitors.
The second is the line to have your remark approved. If a remark has too many links, for instance, it might be held in moderation until they are removed. Words, names, URLs, IPs, etc. can be added to a list and held for moderation.
Please visit the Before a comment appears and Email me anytime sections.
- Click the box labeled “Comment must be manually approved” to enable comment moderation.
- New commenters’ posts will be held for approval if you choose Comment author must have a prior approved comment.
- If you want to be notified by email anytime a comment is awaiting moderation (so you can swiftly approve or delete it), make sure the Email me whenever… box is checked. The choice to have one’s comment kept for moderation.
4. Require registration for making comments
If you wish to limit commenting access even further, you may set your site such that only logged-in users can leave comments. A membership community site that wants to foster discussion among its members while restricting access to outsiders may implement such a system.
This may be done under the Settings tab’s Other comment area. Mark the box labeled “Commenting is restricted to registered users only.”
You should also think about the options for user registration, such as whether or not registration will be open to anybody or subject to moderation. Settings > General is where you’ll find your account registration options.
5. Create a List of Blacklisted Words
You can define a list of blacklisted terms if you wish to enable comments but prevent them on certain topics. Common spammer keywords and other things you don’t want to display on your site (such as swear words) will be included. Be careful not to go overboard if you decide not to discuss or connect to your rivals’ products or websites.
Enter the words or phrases you want to prevent others from seeing in the Comment Blacklist section, one per line. They may be anything you want them to be, not just words. This includes email addresses, web addresses, IP addresses, etc.
You may speed things up by making use of a preexisting list of spammers’ favorite terms. First, it’s prudent to see if the terms you wish to keep around are on the list. One of the words is “handbag,” which is not one you would want to restrict if you own an accessories business.
You can add the list to the Comment Moderation box if you’d rather moderate comments containing these terms than completely prohibit them. This will prevent spam filters from automatically deleting comments containing the identified keywords. You may also use both fields by entering some words in one and the rest in the other.
6. Limit or Eliminate the Use of Links in Discussions
Links are commonly included in spam comments because that is the main goal of the spammer. You have the option of disabling all linkable comments or limiting the amount of permitted links per remark.
In the remark Moderation area, you may choose the threshold at which a remark will be kept for moderation based on the number of links it contains. Select 2 to allow for one link, or 1 to disable all comments containing links.
You may also increase this amount to permit comments with multiple links. If you try to post a comment with more than the allotted amount of links, it will be held for moderation.
7. Turn Off Commenting on Single Posts
WordPress’s post editing screen is where you’ll go if you want to deactivate comments after a post has been published to your site, or if you simply want to disable them on certain articles.
This is helpful if you’re about to write an article on a sensitive topic, or if you already have one that has garnered a lot of spam comments.
To update a post, navigate to Posts > Find > update Post > Edit Post Name.
Locate the Discussion tab in the right-hand Document window and click to open it. By deselecting Allow comments, comments will no longer show up on this post.
If you edit a post and then click Update, comments will no longer appear or be visible for that post. You may also choose to disable the option to submit a website address in the comments section. Put this into your plugin’s source code:
Download the plugin, then activate it through your site’s administration’s Plugins page. Depending on how comments are programmed into a theme, this plugin may not function properly with it. It will function if your WordPress theme use the default comments form. If you don’t see the filter hook, you may try inspecting the comments form code in your theme’s theme folder.
When in doubt, resort to a third-party plugin. Also, unless you’ve created your own theme, you shouldn’t modify the theme files; doing so may cause any customizations you’ve made to be lost when you update the theme (here’s our comprehensive tutorial on developing child themes).
8. Using a Plugin to Disable WordPress Spam Comments
Installing a plugin can be an effective means of controlling WordPress comment spam. This allows you to keep comments turned on without worrying about receiving or publishing spam comments.
Some anti-comment-spam plugins for WordPress are listed below.
The Automattic team has created the Akismet plugin, which is installed with WordPress by default. Protects your WordPress site in real time by analyzing data from millions of sites and communities.
It’s one of the greatest plugins for WordPress, and it’s free for individual blogs and costs as little as $5 a month for businesses. It has a perfect 5-star rating and has been downloaded more than 5 million times so far. Although Akismet should already be installed on your site, if it isn’t, you can get it from the WordPress repository or by searching for it in your WordPress dashboard under Plugins > Add New.
This plugin has been around for a while, so it has had plenty of time to accumulate spam rules and filters that do an excellent job of screening out the bad comments and leaving you with only the positive ones.
Akismet requires a paid license for business sites but is free for personal blogs. It’s potent enough to get rid of 99.9 percent of all comment spam on your WordPress site.
The free plugin Disable Comments allows you to turn off comments entirely on a certain post type. It’s helpful if you don’t feel like manually going through all of the material on your WordPress site to deactivate comments.
The Antispam Bee plugin is designed to stop spam comments and trackbacks from being posted. It also has protections in place to prevent fake signups and contact form submissions. The AntiSpam Bee program is totally open-source and costless to use.
D. WPBruiser {no-Captcha anti-Spam}
WPBruiser is a spam protection plugin that employs a number of filters and algorithms to prevent spam comments and spam trackbacks without needing users to answer a captcha. Both a free and a premium version of WPBruiser (with more features) are available.
9. Using a Plugin to Hide Your Name From a Comment’s Author Link
Simply adding a line of code to your site will disable the WordPress author comment links. If visitors see that the comment authors’ names aren’t linked, they may be dissuaded from leaving their own comments. That is to say, you should only get feedback from readers who want to engage with your work.
You may accomplish this by creating a basic plugin.
Then, insert this code into the plugin’s source:
Download the plugin, then activate it through your site’s administration’s Plugins page.
Depending on how comments are programmed into a theme, this plugin may not function properly with it. It will function if your WordPress theme use the default comments form. If you don’t see the filter hook, you may try inspecting the comments form code in your theme’s theme folder.
When in doubt, resort to a third-party plugin. Also, unless you’ve created your own theme, you shouldn’t modify the theme files; doing so may cause any customizations you’ve made to be lost when you update the theme (here’s our comprehensive tutorial on developing child themes).
10. Add a Captcha to Your WordPress Comments to Prevent Spam
A common practice is to employ a CAPTCHA, which is a form or question used to verify that the user is human. You can easily include this tactic into your WordPress site using one of the several high-quality plugins available, the vast majority of which are offered at no cost.
Users may not like them, especially if they require them to recognize certain things in photos. A growing number of sites, however, are using captchas that only need users to click a “I’m not a robot” box before submitting. You can integrate this method into your WordPress site with the help of a number of excellent plugins; the vast majority of them are also free.
We think Google’s reCAPTCHA is a great improvement over the original CAPTCHA. Google’s is one of the tidiest and easiest to use, since it doesn’t confuse the user with obscure questions or garbled fonts.
Someone abandoning your site because of a frustrating CAPTCHA is something you want to avoid at all costs. If you use WordPress, you can easily integrate this with the Google Captcha (reCAPTCHA) by BestWebSoft plugin. This plugin does not require the user to read unreadable text or identify objects in photos; rather, it just has them check a box to certify that they are not a robot. The box must be checked by hand.
Google’s Captcha API must be used to register your site, and from there you may choose between reCAPTCHA v2 (a checkbox) and reCAPTCHA v3 (a captcha that utilizes JavaScript to check for spam without the user having to do anything).
A button on the plugin’s preferences pages will lead you here.
After that, you’ll receive a site key and a secret key that you’ll need to enter on the plugin’s settings page. In the Enable ReCAPTCHA for section, choose Comments Form. Then, hit the Save Changes button.
Users will now be required to verify their humanity by clicking a “I’m not a robot” box before posting a remark.
Besides, forms like this include registration, login, password reset, etc. Disguising CAPTCHA for trusted networks. Variations on a theme. It’s RTL-ready and supports several languages.
11. Stop WordPress Spam Comments Using a Third-Party Commenting System
A)Disqus
Among bloggers and website owners, Disqus is perhaps the most popular comment management solution because of its maturity. The service, which debuted in 2007, now supports over 750,000 websites. 75% of websites employing a third-party commenting system are powered by Disqus, according to a recent survey conducted by the people over at Lijit.
Either starting fresh with Disqus or switching over from another commenting system, incorporating the service into your website may be accomplished with relative ease. Immediately after signing up for Disqus, you should go on over to the Import / Export area to learn how to import your comments from other platforms (such as WordPress, Blogger, Movable Type, or other commenting systems) into Disqus.
2. IntenseDebate
If you want to convince people to use IntenseDebate, just tell them who created it. The same people that brought you WordPress, PollDaddy, and Akismet are also responsible for IntenseDebate. Since it is developed and managed by the same folks that constructed your blog platform, WordPress, it stands to reason that it would be the ideal option if you are searching for a third-party commenting system.
3. Livefyre
New to the market of third-party commenting and debate systems is Livefyre. Despite their inexperience, they are hardly the weakest members of the team. It’s easy to use, human-friendly, and streamlined, with most of the same functionality as popular commenting platforms. The ‘@’ sign may be used to “tag” other users in a comment on Livefyre, much in the way it is used on Facebook. Users can be tagged on LiveFyre, Facebook, and Twitter.
12. Stop WordPress Spam Comments with a Web Application Firewall
Web exploits and bots may have a significant impact on availability, security, and resource consumption, but these assaults can be mitigated with the aid of Amazon’s AWS WAF. Through the WAF’s security rules, you can manage bot traffic and prevent typical attack patterns (such SQL Injections) from reaching your apps.
1. AWS WAF
As part of your CDN setup, this WAF is hosted on Amazon CloudFront. The beauty of this WAF is in the fact that it charges you only for the rules you really use. Furthermore, there are charges related to the volume of web requests your application experiences.
Amazon’s AWS WAF offers top-notch security for your websites at a low price. It’s also simple to set up and keep up with. Depending on how you build your apps, security may be built in as well, offering you more flexibility than with other WAFs.
Best For: Businesses of all sizes, as long as they’re AWS clients.
Helps Mitigate: DDoS attacks, SQL Injections, and Cross-Site Scripting (XSS).
2. Cloudflare
Cloudflare is widely regarded as the industry standard in cloud-delivered application security. Of course, it’s also protected by a robust WAF. Each day, its WAF stops approximately 57 billion different cyberattacks.
When it comes to servicing your websites, its worldwide 100 Tbps network can handle it with ease, since it processes 30M requests per second. It provides comprehensive application security from a single cloud network, making it convenient and standard in terms of security.
Cloudflare’s network provides unrivaled visibility into threats, resulting in the most accurate and efficient machine learning. Features that stand out include a multi-layered security system that includes Cloudfare controlled rules for protecting against zero-day exploits. In addition, it uses custom rule sets, keeps an eye out for and prevents the use of compromised credentials, and may react in a variety of ways. It also includes logging and reporting, problem monitoring, data analytics, and application-level management.
Best For: Personal use to small and mid-sized businesses. Also, it’s excellent for high-level enterprises and companies. Plus, it has WordPress WAF rules, so it’s great for WordPress sites.
Helps Mitigate: OWASP Top 10, Comment Spam, DDoS attacks, SQL injections, HTTP Headers, and more.
3. Microsoft Azure
Microsoft Azure is one of the most popular cloud platforms and a cloud-native WAF developed by the company. The WAF is only one product among several that Azure provides as a service to other systems. It monitors for the OWASP top 10 most reported vulnerabilities and allows for the addition of user-defined criteria as well.
The cost is determined by the amount of time used and the amount of data sent and is billed monthly. The initial investment is substantially less than with competing WAF suppliers.
Top features include OWASP protection, environment visibility in real time, and security warnings, all of which Azure provides. In addition, it can automate DevOps procedures thanks to its comprehensive REST API support. Furthermore, it protects against distributed denial of service attacks.
Best For: Major and small businesses, alike.
Helps Mitigate: OWASP Top 10, DDos Attacks, and any custom rules (and more).
4. WPMU Dev
WPMU DEV’s own highly optimized WAF is too good of a product not to include in this post. With this hosting, you can utilize our WAF for free, and it comes optimized for WordPress with daily updates. Since WAF is not written in PHP, it requires fewer system resources. It also doesn’t require any coding, so there won’t be any slowdown in your site’s speed.
More than 300 firewall rules (or policies) are in place. To identify and prevent web application threats, these rules use rule-based logic, parsing, and signatures. This WAF is 25% quicker than the most popular plugin-based firewall, according to independent benchmarks. We have a firewall with over 300 rules that includes protection against the OWASP Top 10. What’s more, it’s included at no cost with every hosted account!
Best For: Small to major WordPress sites, hosting resellers, and any agency or individual that manages multiple websites.
Helps Mitigate: Attacks ranging from SQL injections, XSS, and many more.
5. Imperva
When it comes to false positives, Imperva’s WAF effectively blocks assaults. It also features a worldwide SOC to ensure your business is secure the instant an issue is uncovered. It’s a one-stop shop for protecting your website, with everything you’ll ever need. Data classification and database vulnerability testing applications are available at no cost.
Security for both cloud and on-premises apps is a strength of Imperva’s. It protects against the Top 20 Automated Attacks, the Top 10 OWASP Attacks, and it provides attack detection, SIEM integration, and reporting.
Best For: Small to large-sized companies.
Helps Mitigate: OWASP Top 10 and Automated Top 20 and more.
6. Prophaze
Security is a large part of what Prophaze WAF manages. It’s a WAF with RASP, CDN, DDoS, and other protections in one convenient package. It provides continuous website security by utilizing robust cloud-based solutions that are effective against modern attacks in real time. It will instantly check your site against the OWASP Top 10 and hundreds of other vulnerabilities. Furthermore, it automatically updates and requires no further setups to deal with emerging threats.
Limitless rulesets are available in Prophaze. Additional features include support for all public clouds (including AWS) and specific integrations with SIEM Solutions.
Important security features include a bot migration tool, a real-time dashboard, around-the-clock phone and email assistance, and machine learning-based threat intelligence.
Best For: A range from midmarket to high level enterprise.
Helps Mitigate: OWASP Top 10 API, DDoS, Bot Protection, and more.
Conclusion:
In conclusion, if you care about the reputation and trustworthiness of your website’s content, you must take steps to eliminate spam comments. Fortunately, WordPress has a number of useful plugins that can assist prevent spam comments from being posted.
Keep in mind that no plugin, including Akismet, WP SpamShield, Antispam Bee, CleanTalk, WP Bruiser, SI CAPTCHA, or any others, will totally eradicate spam comments. Fighting spam is an ongoing effort, and you may need to employ several tools and methods to keep one step ahead of the problem.
Therefore, think outside the box when deciding how to prevent spam comments. If you want real comments and input from your audience, you should try out different plugins and settings, check your site for spam frequently, and interact with them. Maintaining a spam-free website and providing a pleasant experience for visitors requires some work and the correct tools.
Learn about other common mistakes here.
FAQs on Preventing Comment Spam on WordPress:
Do I have the option to prevent comments from particular users?
Using a user’s IP address or email address, you may disable their ability to leave comments on your site. To do so, navigate to the “Comments” area of your WordPress dashboard, click on the remark you wish to delete, click “Quick Edit,” and then enter the user’s IP address or email address into the “Author” form.
What are some typical examples of spam comments?
Spam comments can take many forms, such as those that link to irrelevant or low-quality websites, don’t add anything to the discussion at hand, contain only generic or incoherent text, or are obviously the work of automated bots.
