We all love WordPress, but one frustrating thing with the platform out of the box is having to deal with large volumes of comment spam. No matter what type of blog your business runs, you will have to figure out or come up with a strategy on how to stop WordPress comment spam at some point.

Thankfully there are a lot of great plugins, tricks, and settings you can easily enable and or install to literally reduce your spam by 99%. Yes, you can really reduce it that much! Stop wasting time managing spam comments and focus on growing your blog and business.

How to Stop WordPress Comment Spam

There are different strategies you can take to stop WordPress comment spam, and they might differ based on your current WordPress site’s setup and goals. We recommend trying one of the following and see which one works best for you:

Disable Comments Altogether

The first option you have to simply disable comments altogether. Perhaps your business doesn’t use or want comments, so to protect yourself from getting any spam comments you can just disable them. One of the easiest ways to do this is to simply uncheck the “Allow people to post comments on new articles” option, which is located under “Settings → Discussion.”

disable comments in wordpress

Disable comments in WordPress

Another quick and easy way to do this is to use a free plugin like Disable Comments. The plugin allows administrators to both globally disable comments, as well as disable them by post type, all with a single click. This also disables trackbacks and pingbacks.

Disable Comments WordPress plugin

Disable Comments WordPress plugin

Don’t want to use a plugin? You can also disable comments with code. Check out our in-depth post on how to disable WordPress comments.

Turn Off Anonymous Comments

Another option you have is to turn off anonymous comments. WordPress native comments by default ask the visitor for four pieces of information: comment, name, email, and website. If anonymous comments are enabled, they won’t be required to input their name or email. This instantly opens up your site to a lot of spam bots that constantly crawl comment forms on websites.

To disable anonymous comments simply check the “Comment author must fill out name and email” option under “Settings > Discussion.”

disable anonymous comments wordpress

Disable anonymous comments in WordPress

Enable Comment Moderation

Your next option to stop WordPress comment spam is to use some of the built-in moderation features. The first is the ability to manually approve each comment. While this won’t reduce spam, it can be an effective way to ensure visitors to your site only see high-quality comments that you have approved.

The second is the comment moderation queue. For example, you can automatically hold a comment in moderation if it contains a certain number of links or more. You can also build up a list of words, names, URLs, IPs, etc. that are held for moderation as well.

The third is the comment blacklist. Here, you can also build up a list of words, names, URLs, IPs, etc. But instead of being held more moderation, they will automatically go straight to trash so you don’t have to worry about them. All of the above options can be found in your dashboard under “Settings > Discussion.”

wordpress comment moderation

Enable WordPress comment moderation

If a visitor fills out the website field when leaving a comment, by default, their name will be hyperlinked. While these links are nofollow, meaning Google ignores them, visitors will still sometimes leave comments solely for the purpose of getting this link. Perhaps they are hoping someone will click it.

WordPress comment author link

WordPress comment author link

You can add a snippet of code to your WordPress site to simply remove the WordPress author comment links. We do this on the Kinsta blog and it helps improve the quality of comments. If visitors see that the author names on existing comments aren’t linked than they might be less encouraged to leave a comment just for that reason. This means you are hopefully only getting comments from visitors who want to engage with your comment.

Simply add the following code to your WordPress theme’s functions.php file. Better yet, to avoid editing your theme directly, we recommend using the free Code Snippets plugin.

add_filter( 'get_comment_author_link', 'rv_remove_comment_author_link', 10, 3 );
function rv_remove_comment_author_link( $return, $author, $comment_ID ) {
    return $author;
add_filter('get_comment_author_url', 'rv_remove_comment_author_url');
function rv_remove_comment_author_url() {
    return false;

Here is an example of what it would look like if you’re adding it in the Code Snippets plugin. Make sure to select “Only run on site front-end.”

Remove WordPress author comment link

Remove WordPress author comment link

You could also take this a step further and disable the “website” comment field altogether. To do this, just add the following code underneath what you just added above.

function remove_website_field($fields) {
   return $fields;
add_filter('comment_form_default_fields', 'remove_website_field');

After you add the code, the links (and website field if you added the extra code) will be gone!

No comment author link

No comment author link

Utilize a WordPress Comment Spam Plugin

Another popular option, that is very easy to implement, is to use a WordPress comment spam plugin. There are a lot of great ones out there, and most of them are completely free.

Akismet Plugin

The Akismet plugin is included by default with every WordPress installation and is developed by the team at Automattic. It analyzes data from millions of sites and communities in real time and protects your WordPress site from spam. It’s completely free for personal use and starts at $5/month for commercial sites.

Akismet WordPress comment spam plugin

Akismet WordPress comment spam plugin

We highly recommend trying this plugin first as it is very lightweight and does one thing well, and that is protecting you from spam. Other features include:

  • Automatically checking all comments and filters out the bad ones
  • Status history to see which ones were blocked
  • Discard feature to save on disk space

It currently has over 5 million active installs with a 5 out of 5-star rating. You can download Akismet from the WordPress repository or by searching for it within your WordPress dashboard under “Add New” plugins (although it should be on your site already unless it was removed). This plugin has a long history of building up spam rules and filters which do a great job at ensuring you see the good comments and not the bad. As you can see on the site below, it blocked over 3,800 comments from even needing moderation.

akismet spam comments

Akismet protecting from spam

Here are some additional popular comment spam plugins you might want to check out. However, it is important to note that some of these might hurt your performance due to the fact that a few of them are trying to provide all in one security features, not just spam protection.

Also, make sure you read this in-depth guide on the 10 best WordPress security plugins to lockout the bad guys.

Enable a Captcha

Another popular option is to use a CAPTCHA, which is some type of form or question to challenge a bot and or rather prove that the visitor is a human. There are a lot of great plugins out there that allow you to implement this strategy into your WordPress site, and most of them are completely free.

Google Captcha (reCAPTCHA) by BestWebSoft

We are big fans of Google’s take on the CAPTCHA, or rather what they call the reCAPTCHA. Google’s is probably one of the cleanest and easiest ones to use without hurting the user experience by asking puzzling questions or showing hard to read letters. You definitely don’t want someone leaving your site simply because they were frustrated by the CAPTCHA. The Google Captcha (reCAPTCHA) by BestWebSoft plugin works great for implementing this on your WordPress site.

Google Captcha (reCAPTCHA) WordPress plugin

Google Captcha (reCAPTCHA) WordPress plugin

It currently has over 200,000 active installs with a 4.5 out of 5-star rating. You can download Google Captcha (reCAPTCHA) by BestWebSoft plugin from the WordPress repository or by searching for it within your WordPress dashboard under “Add New” plugins. Other features include:

  • Also works on registration forms, login forms, reset password forms, etc.
  • Hiding CAPTCHA for whitelisted IPs
  • Different themes
  • Multilingual and RTL ready

Here is an example below of what the comment section on your WordPress site would look like with Google’s reCAPTCHA enabled. A visitor simply has to click once to prove they are not a robot and then submit their comment.

google recaptcha on wordpress comments

Google reCAPTCHA on WordPress comments

Here are some additional popular captcha plugins you might want to check out:

Use a Third-Party Comment System

And last but not least, another easy way to stop WordPress comment spam is to forego the default native comments and use a third-party comment system. We previously used the Disqus platform on our blog here at Kinsta and we can honestly say that it cut out 99% of spam. We never had to spend time cleaning up spam comments.

According to Disqus, it uses its own anti-spam software to smartly combat comment spam. It was designed to learn over time and becomes increasingly accurate with moderation activity. They also partnered up with Akismet. This is probably why it is so powerful because you have two different systems all combating spam. They do additional things such as:

  • Multiple checks on the same comments to improve the accuracy of classifications over time.
  • Commenting requires email verification. This stops many fake accounts with throwaway email addresses.
  • Commenters mistakenly marked as spam can request to be reviewed by moderators. This keeps the system healthy when our detection is occasionally too aggressive.

Disqus also has some great comment moderation tools. One we personally like is any comments with links must be manually approved.

disqus comment moderation

Disqus comment moderation

However, that is not to say Disqus doesn’t have some issues. You can read our blog post about Disqus ad changes. And if you want to use Disqus on your blog, we highly recommend using the free Disqus Conditional Load plugin. This was developed by Joel James as a way to lazy load comments so that it won’t hurt the performance of your WordPress site.

Disqus WordPress comment plugin

Disqus WordPress comment plugin

It currently has over 10,000 active installs with a 5 out of 5-star rating. You can download Disqus Conditional Load from the WordPress repository or by searching for it within your WordPress dashboard under “Add New” plugins.

Here are some additional WordPress comment systems and plugins you might want to check out that have their own spam rules:

Implement a WAF

Adding a web application firewall (WAF) such as Sucuri or Cloudflare can help dramatically cut back on the amount of spam your WordPress site receives. Why? Because these services sit between your WordPress host and your website to block and filter out all the bad proxy traffic and bots. They also allow you to easily block entire countries with a click of a button.

A WAF can also help decrease your bandwidth and visits usage, in turn, helping you save on your monthly web hosting bills.

If you enjoyed this tutorial, then you'll love our support. All Kinsta's hosting plans include 24/7 support from our veteran WordPress developers and engineers. Chat with the same team that backs our Fortune 500 clients. Check out our plans