Hey, WordPress Comment Spam – Time to Say Goodbye

Do you receive hundreds of spam comment in your wordpress blog? You’re not the only one who struggles. I’ve my personal experience dealing with dozens of them every day.

I came to realize the “spam vs. average” comment ratio is coming down to 3:1. Yeah, that is the truth from my perspective. You will receive doubled, tripled or even more spam comments in numbers than the average. And that enforced me to concern about the matter.

You might be wondering why these spamming? The straight-talk answer is SEO. People think of their mind, putting links in the comment will help ranking higher in search engines, whether it is spammy or not. But who will perceive them, it will decrease their ranking by more in this robusting year.

prevent wordpress spam comments

Wherever they focus, we can’t let our blog lose reputation. So the ideal choice is to put a full stop for spams. Let me describe the possible actions you can take to stop wordpress comment spam.

8-step plan to prevent wordpress spam comments (even without plugins)

Moderate all comments

This is an initial step to fight back spammers. WordPress has a built-in feature to enable comment moderation. Therefore, posted comments will be held for moderation first before showing up. So you will get a chance to review them and filter spams.

You can enable it by going to Settings > Discussions > Before a comment appears and checking the label “Comment must be manually approved”. It means all comments must be approved manually before showing up on articles.

This process is full manual and consumes a lot of your time. Moreover, it is not at all a good choice for your regular commentators. Their regular comments will be held for moderation too. So what’s the perfect solution?

Yeah, there is another checkbox entitled “Comment author must have a previously approved comment”. By checking this option, previously approved commentators can post instant comments without any moderation.

before a comment appears

Hold link containing comments

This is the biggest trap for spam commentators. They will typically include links in their comments for getting seo value. Yes, links are helpful but soon you will come to realize most of them are just for seo, don’t add much to its value.

By holding comments that contain links, you can judge if they will add value or not. So it will be easy to filter out spam comments consuming a bit of time.

Activation is simple as the previous step. Head over to Settings > Discussions > Comment Moderation and put numeric value on the box labeled “Hold a comment in the queue if it contains _ or more links”. It’s ideal to make the value “1” (default value is 2), so comments containing one or more links will be held for moderation.

comment moderation

Enforce rules for commentators

By setting up rules for users, we can throw a sharp challenge to spammers. There are two ready-made rules in wordpress what can be used right away. Just navigate to Settings > Discussions > Other comment settings and check the following two labels:

  1. Comment author must fill out name and e-mail
  2. Users must be registered and logged in to comment

The first rule will enforce commentators to input name and e-mail; the second rule will ask them to login in order to make a comment. So these rules might be efficient to prevent some seasonal spammers.

other comment settings

Close comments on old articles

Do you know where from most of the spammers arrive? “Search Engines.” They will use various strings and queries to come along exact pages. And the next might be yours too.

If you keep comments open for all the time, the spammers will find your old pages to leave spam comment. I’m sure you wouldn’t want to see that happen. So the only solution is to turn off comments on articles after a definite period.

Go to Settings > Discussions > Other comment settings and check the label entitled “Automatically close comments on articles older than _ days” with the appropriate value. I recommend it for 30 days as most of your loyal readers will interact with it between first 30 days.

automatically close comments

Nofollow comment links

In default, wordpress comment links are nofollow. So it is always ideal to leave it nofollow. You might ask me why I’m calling this point out as it is already in default. Yeah, there is a particular reason you need to know.

There are people who think making links dofollow will attract more comments. Yes, they are right; they will get tons of comment. Unfortunately, most of them will be nothing but spam.

I will never recommend giving away a dofollow link just for a comment. Yeah, there are commentators who deserve it, but not all. And that’s so rare. Now Google is smart and giving dofollow links for comments might be under their manipulation system. So it is not at all a good choice.

Disable comments on media

WordPress gives media the same possibilities as a post or page do. Uploaded media will get separated pages. Therefore, comments will stay open for them.

Though the truth is, most of the people do not prefer it. Media are mainly attached to articles. We would like to see all comments in that article. Keeping comments open in media is eventually like tempting the spammers to leave spammy comments.

So this is the best choice to close comments on all media pages. You can do this by adding these few lines to your theme functions.php:

// Close comments on media
function close_media_comment( $open, $post_id ) {
    $post = get_post( $post_id );
    if( $post->post_type == 'attachment' ) {
        return false;
    return $open;
add_filter( 'comments_open', 'close_media_comment', 10 , 2 );

Turn off trackbacks

In proportion, trackback spam is remarkable from all others. A significant amount of wordpress spam comments is trackback. In fact, trackback is not much necessary in general blogs. Most of the time it works like a spamming equipment. So it is rather safe to keep closed.

You can turn it off by navigating to Settings > Discussions > Default article settings and unchecking the label “Allow link notifications from other blogs (pingbacks and trackbacks)”.

prevent trackback spam

Use comment blacklist

Comment blacklisting feature is an advanced stuff and would be effective in the proper configuration. It will fill an extra layer to filter spams.

For an instance, you might’ve seen too many spam comments related to gambling, sexual and pharmaceutical items. The proper blacklist can exclude almost 99.99% of them.

This is as easy as the other methods. You can head over to Settings > Discussions > Comment Blacklist and put your words in the box for blacklisting. If comments contain any of these words, they will be marked as spam.

An updated blacklist is available on DigWP. You can use it here.

For your kind information, there is another box just above it to send comments to moderation, not to fill under spam category. By using it in the same way, you can be sure either it is a spam or not through moderation.

Some rough steps you might consider too

As I’ve already stated in the title, here are some rough steps, might affect your commenting experience, but still some worthy actions to make it permanent. I will recommend them too if you want zero comment spams.

Remove website field from comment form

We all know, allowing authors to attach a website attract more and more comments. But we need to admire one thing, comment is not just for link or promotion. It is an opportunity to share the opinion,

By removing the website field, you can suddenly know about the intentional commentators. Those, who comment for links, will leave right away. And those, who comment for sharing opinions, will keep going. So it will be sometimes tactical and sometimes crappy.

You can wish to remove it by adding a few lines to your theme functions.php:

// Remove website field from comments
add_filter('comment_form_default_fields', 'clear_url_box');
function clear_url_box($fields){
    return $fields;

Disable HTML in comments

So far I’ve seen, the normal commentators do not use HTML in comments. If they need to insert link or something, they will typically put it as text. On the other side, the spammers use HTML most of the time especially <a> tag for making clickable links.

By disabling HTML in the comments, you can prevent few more spams. It’s useful even though could hurt user experiences in some special cases. I will recommend it for the usual blogs where it doesn’t make any difference except the spams.

You can disable HTML in comments by adding these lines to your theme functions.php:

// Disable HTML in Comments
function plc_comment_post( $incoming_comment ) {
$incoming_comment['comment_content'] = htmlspecialchars($incoming_comment['comment_content']);
$incoming_comment['comment_content'] = str_replace( "'", '&apos;', $incoming_comment['comment_content'] );
return( $incoming_comment );
function plc_comment_display( $comment_to_display ) {
$comment_to_display = str_replace( '&apos;', "'", $comment_to_display );
return $comment_to_display;

Switch off comments

Comment is a vital part of every single blog, but there are exceptions. If you want to guide one-way lesson, it might not be necessary. An ordinary blog can keep it closed if they think it is making no difference.

It is all up to you what you want. But I can assure you one thing, by switching comments off there will be no more spam in wordpress. So many of you could decide to keep their platform spam-free by turning it off.

The process is very straightforward. Go to Settings > Discussions > Default article settings and uncheck the label “Allow people to post comments on new articles”. It will stop showing comments from all new articles.

disable comments

3 additional plugins for the death of spam

I don’t prefer using plugins for every single task expect the critical. It creates heavy loads to host and site performance, which is not at all recommended. You can see here I’ve provided the methods to work without plugins. But we couldn’t miss out a few handy plugins. This is to confirm the death of wordpress spam.


Akismet, yet one of the most important plugins for wordpress. It comes pre-installed with all wordpress installations while wordpress individually recommends to use it. So this is among our must-to-use list.

This plugin works some extra layer to filter spam comments. Though you will need to get Akismet API key to make it work. It is highly recommended for you to get the API key and active the plugin for spam prevention.

Cookies for Comments

Cookies for Comments is another advanced feature to fight spams. It sets a cookie for comment agents. If it exists the agent will be allowed to comment, otherwise it wouldn’t. The typical users will get pass through it without any harassment.

But it works like a charm to detect spambots. The comment bots do not load an entire page to leave a comment. Eventually, they wouldn’t load the stylesheets. When the plugin is activated, it will add an extra stylesheet or image. So the bots, who didn’t load them, will be blocked to comment.


Captcha is another useful plugin to confirm the existence of human beings. It will generate random maths for commentators. In order to leave a comment, it has to be correct.

So the humans will get passed through it quickly where the bots have no choice to work with it. So this is a good filter for comment bots.

Build the great wall of China: Switch to Disqus

Disqus is my favorite comment system and the editorial’s choice. This is an ideal solution for blogs who want usability, security and performance at the same time. People would complain it loads a bit slower, but I think it deserves it.

First of all I will recommend you to read our early post “Why do we like Disqus?” By reading it, you will come to realize it has robust spam filtering. All the features, I discussed here, are built-in on Disqus comment system. So you can switch to it for better spam preclusion.


WordPress is the king of platforms. It has fantastic features, some we know and some we don’t. Yeah, spam seems unbearable but a few steps can get you rid of it forever.

So my advice is to try following the steps I discussed without plugins. And when you’re not yet satisfied, proceed to use those three plugins. I think, they are enough to shut off the door of spam.

What do you say, How to stop wordpress comment spam. We would love to hear your voices.

Did you find this post helpful? Get our best business blogging tips via email (it's free)!


  1. Wong Chendong January 11, 2015
    • Abrar Mohi Shafee January 11, 2015
  2. Ashutosh Jha January 11, 2015
    • Abrar Mohi Shafee January 12, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest

Share This