We all love WordPress, but one frustrating thing with the platform out of the box is having to deal with large volumes of comment spam. No matter what type of blog your business runs, you will have to figure out or come up with a strategy on how to stop WordPress comment spam at some point. Thankfully there are a lot of great plugins, tricks, and settings you can easily enable and or install to literally reduce your spam by 99%. Yes, you can really reduce it that much! Stop wasting time managing spam comments and focus on growing your blog and business.
How to Stop WordPress Comment Spam
There are different strategies you can take to stop WordPress comment spam, and they might differ based on your current WordPress site’s setup and goals. We recommend trying one of the following and see which one works best for you:
Disable Comments Altogether
The first option you have to simply disable comments altogether. Perhaps your business doesn’t use or want comments, so to protect yourself from getting any spam comments you can just disable them. One of the easiest ways to do this is to simply uncheck the “Allow people to post comments on new articles” option, which is located under “Settings → Discussion.”
Disable comments in WordPress
Another quick and easy way to do this is to use a free plugin like Disable Comments. The plugin allows administrators to both globally disable comments, as well as disable them by post type, all with a single click. This also disables trackbacks and pingbacks.
Disable Comments WordPress plugin
Don’t want to use a plugin? You can also disable comments with code. Check out our in-depth post on how to disable WordPress comments.
Turn Off Anonymous Comments
Another option you have is to turn off anonymous comments. WordPress native comments by default ask the visitor for four pieces of information: comment, name, email, and website. If anonymous comments are enabled, they won’t be required to input their name or email. This instantly opens up your site to a lot of spam bots that constantly crawl comment forms on websites. To disable anonymous comments simply check the “Comment author must fill out name and email” option under “Settings > Discussion.”
Disable anonymous comments in WordPress
Enable Comment Moderation
Your next option to stop WordPress comment spam is to use some of the built-in moderation features. The first is the ability to manually approve each comment. While this won’t reduce spam, it can be an effective way to ensure visitors to your site only see high-quality comments that you have approved.
The second is the comment moderation queue. For example, you can automatically hold a comment in moderation if it contains a certain number of links or more. You can also build up a list of words, names, URLs, IPs, etc. that are held for moderation as well.
The third is the comment blacklist. Here, you can also build up a list of words, names, URLs, IPs, etc. But instead of being held more moderation, they will automatically go straight to trash so you don’t have to worry about them. All of the above options can be found in your dashboard under “Settings > Discussion.”
Utilize a WordPress Comment Spam Plugin
Another popular option, that is very easy to implement, is to use a WordPress comment spam plugin. There are a lot of great ones out there, and most of them are completely free.
The Akismet plugin is included by default with every WordPress installation and is developed by the team at Automattic. It analyzes data from millions of sites and communities in real time and protects your WordPress site from spam. It’s completely free for personal use and starts at $5/month for commercial sites.
Akismet WordPress comment spam plugin
We highly recommend trying this plugin first as it is very lightweight and does one thing well, and that is protecting you from spam. Other features include:
- Automatically checking all comments and filters out the bad ones
- Status history to see which ones were blocked
- Discard feature to save on disk space
It currently has over 3 million active installs with a 5 out of 5-star rating. You can download Akismet from the WordPress repository or by searching for it within your WordPress dashboard under “Add New” plugins (although it should be on your site already unless it was removed). This plugin has a long history of building up spam rules and filters which do a great job at ensuring you see the good comments and not the bad. As you can see on the site below, it blocked over 3,800 comments from even needing moderation.
Akismet protecting from spam
Here are some additional popular comment spam plugins you might want to check out. However, it is important to note that some of these might hurt your performance due to the fact that a few of them are trying to provide all in one security features, not just spam protection.
Also, make sure you read this in-depth guide on the 10 best WordPress security plugins to lockout the bad guys.
Enable a Captcha
Another popular option is to use a CAPTCHA, which is some type of form or question to challenge a bot and or rather prove that the visitor is a human. There are a lot of great plugins out there that allow you to implement this strategy into your WordPress site, and most of them are completely free.
Google Captcha (reCAPTCHA) by BestWebSoft
We are big fans of Google’s take on the CAPTCHA, or rather what they call the reCAPTCHA. Google’s is probably one of the cleanest and easiest ones to use without hurting the user experience by asking puzzling questions or showing hard to read letters. You definitely don’t want someone leaving your site simply because they were frustrated by the CAPTCHA. The Google Captcha (reCAPTCHA) by BestWebSoft plugin works great for implementing this on your WordPress site.
Google Captcha (reCAPTCHA) WordPress plugin
It currently has over 100,000 active installs with a 4.5 out of 5-star rating. You can download Google Captcha (reCAPTCHA) by BestWebSoft plugin from the WordPress repository or by searching for it within your WordPress dashboard under “Add New” plugins. Other features include:
- Also works on registration forms, login forms, reset password forms, etc.
- Hiding CAPTCHA for whitelisted IPs
- Different themes
- Multilingual and RTL ready
Here is an example below of what the comment section on your WordPress site would look like with Google’s reCAPTCHA enabled. A visitor simply has to click once to prove they are not a robot and then submit their comment.
Google reCAPTCHA on WordPress comments
Here are some additional popular captcha plugins you might want to check out:
Use a 3rd Party Comment System
And last but not least, another easy way to stop WordPress comment spam is to forego the default native comments and use a 3rd party comment system. We previously used the Disqus platform on our blog here at Kinsta and we can honestly say that it cut out 99% of spam. We never had to spend time cleaning up spam comments.
According to Disqus, it uses its own anti-spam software to smartly combat comment spam. It was designed to learn over time and becomes increasingly accurate with moderation activity. They also partnered up with Akismet. This is probably why it is so powerful because you have two different systems all combating spam. They do additional things such as:
- Multiple checks on the same comments to improve the accuracy of classifications over time.
- Commenting requires email verification. This stops many fake accounts with throwaway email addresses.
- Commenters mistakenly marked as spam can request to be reviewed by moderators. This keeps the system healthy when our detection is occasionally too aggressive.
Disqus also has some great comment moderation tools. One we personally like is any comments with links must be manually approved.
Disqus comment moderation
However, that is not to say Disqus doesn’t have some issues. You can read our blog post about Disqus ad changes. And if you want to use Disqus on your blog, we highly recommend using the free Disqus Conditional Load plugin. This was developed by Joel James as a way to lazy load comments so that it won’t hurt the performance of your WordPress site.
Disqus WordPress comment plugin
It currently has over 10,000 active installs with a 5 out of 5-star rating. You can download Disqus Conditional Load from the WordPress repository or by searching for it within your WordPress dashboard under “Add New” plugins.
Here are some additional WordPress comment systems and plugins you might want to check out that have their own spam rules:
Implement a WAF
Adding a web application firewall (WAF) such as Sucuri or Cloudflare can help dramatically cut back on the amount of spam your WordPress site receives. Why? Because these services sit between your WordPress host and your website to block and filter out all the bad proxy traffic and bots. They also allow you to easily block entire countries with a click of a button.
A WAF can also help decrease your bandwidth and visits usage, in turn, helping you save on your monthly web hosting bills.