How To Beat WordPress Spam

In the dark ages, when pigeons delivered the mail or smoke signals were the most efficient form of communication, spam wasn’t a problem. It all started with junk mail in our letter boxes. Piles of advertising that took up space, time and energy. When electronic mail was invented it seemed like maybe we’d beaten the junk mail issue…until even our email inboxes starting filling up with rubbish. In fact, it turned out that it was even easier to spam someone on the net…you didn’t even have to move from your comfy spam-financed office chair. These days they spam you to within a inch of your patience. You get spam on your mobile phone, on your website, and even your WordPress blog.

Why Is WordPress Spam a Problem?

Spam is ugly, and it wastes your time and for a serious blogger, time is at a premium. When you could be creating knew content, reading other blogs, or researching a new article, you are wasting your time, moderating comments, and deleting rubbish. This article will show you how to sort out spam for WordPress.

Default WordPress Spam Fighting Features

WordPress has some built in features which help you deal with spam. These include:

  1. Comment Moderation

    Links are a common feature of spam messages, as most spammers are looking for backlinks to their page. Most legitimate comments will not contain links, so it is a good tactic to set comment moderation to hold all messages that contain links. Even when a legit comment is held because of a link, it is always good to check the links that people are leaving, as legit commenter’s can place uncalled for links to their own sites, especially in do follow blogs.

    Go to the Options > Discussion panel.
    Scroll down to Comment Moderation. Change the value to 1.

    Comment Moderation

  2. Spam Words

    You can add words to be added to the blacklist so comments containing them are pushed into moderation.

  3. Moderate All Comments

    If you have a smaller blog with very few comments you could consider moderating all comments. I have a problem with this as I feel it discourages involvement. A reader makes a comment, then nothing shows up. For all that person knows it’s gone to never be seen again, and unless they check back, they won’t know whether the blog owner approved the comment at all. So in almost all cases, this isn’t a good option.

  4. Disabling comments completely

    If you want to use WordPress as a publishing platform and not a blog, you can easily completely disable comments, which will remove the possibility of comment spam.

  5. Other WordPress Spam Options

    “Pre-approve comments from old commenters” means what is says, people who you have already approved comments for are allowed to leave comments even if you have moderation enabled. “Restrict comments to registered users” is also an option. Although it will help you combat spam, and build a community around your blog, it does discourage comments from those who don’t want to sign up.

WordPress Plug-ins

  • Akismet is the must have spam protection plug-in for WordPress. If you are not using it, you probably should be. It’s a requirement to register at to get an API key used in the system, but for the few seconds it takes you to fill out a form, it is well worth it.

  • reCaptcha is a WordPress plug-in to prevent comment spam using a word verification system.

  • Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots.

  • Spam Karma is a system that grades comments based on information that it collects. It considers things such as who left the comment, are they a known commenter, does the comment have links, and other factors. If the comment scores well it is published immediately. If the comment scores poorly, it is held for moderation.

Akismet Auntie Script

Akismet Auntie is a Firefox script that makes it easier to browse and sort your Akismet spam box. If you are getting 100’s of spam comments a day, and are a Firefox user then this script will help you out. Basically it makes it easier for you to quickly browse through your spam comments to find any legit comments.

Other Forms of WordPress Spam

Contact Form Spam

The contact form on your WordPress blog can also be a target for spammers. If you find that you constantly getting spam from your contact form consider using one that has verification or challenge question on it.

Referral Spam

Bloggers tend to check their statistics to see which sites are referring traffic to them. Referral spam creates an entry in your statistics that shows the spammer’s site as the refer. The idea is that the blogger will then visit the spammers site to see what has been referring traffic.

18 thoughts on “How To Beat WordPress Spam”

  1. I use the pre-approve from old commenters technique, works out fine for me. Usually I check twice a day at least for new comments so they do show up on the blog rather quickly still, after that users are free to do what they want. Along with Akismet to hold out the general spam this has resulted in not a single spam comment actually making it to the public :).

  2. I have a small blog – so I don’t have much spam.
    But I use akisment – and it has caught all but one.
    All other commentors need to have one approved comment.

    That’s about all I have to say…
    Because I don’t have to deal with spam.

    Good for me!

  3. My blog had almost no spam for most of its life, then all of a sudden the spam has gone through the roof. 833 spam comments, and almost all of them in the last few weeks. There is one type that was getting through akismet and was making it onto the blog until I enabled moderation for all posts with links in them. That particular spam comes in the form of a link to a random forum, a different forum each time, I assume the forums have nothing to do with it, and uses a random simple gmail address. i.e. It is always for the same post, a post I did over 2 months ago. It’s not too annoying now that I have moderation enabled. But it makes you wonder what drives the idiots who make what is blatantly just annoyance factor spam. Maybe I upset someone?

  4. I rely on Akismet. It catches a ton of spam comments and then I delete whatever spam gets through. I have no idea how many legit comments get deleted by Akismet because I don’t have time to go through it. I’ve never had anyone tell me they left a comment that got deleted.

  5. We use Akismet and the “Pre-approve comments from old commenters”, but that last one is giving us some problems now 🙁 The other day somebody posted a ‘legitimate’ comment. I approved it and the next day this same person bombarded several posts with spam comments. Because he/she was an old commenter it got through….
    Luckily it was there only a few hours because I pulled the authorization when I saw the spam, but it was still bl**dy annoying.

  6. I base my moderation decisions on Akismet’s “suggestions” :D. I find it more easy to use that other solutions. And it worked really nice until now. Hope it will not disappoint me.

  7. we get about 100 spam comments per day on this blog alone. We have enabled a honeypot plugin ( as well as we keep a blacklist of ips – and send them to a redirect when they try to access any site we run – that however is made by hand and not automated unfortunately.

    We of course use askimet which catches a bunch – but its still annoying.

  8. I have the “old commenters” box checked in my options, but one commenter frequently ends up in my spam and moderation queue anyway.

    My interpretation is that it means that all first-time commenters get moderated, but second/fifth/twentyfifth time commenters can still get moderated.

    I’d like a way to truly pre-approve an email address so that this doesn’t happen to my readers.

  9. Hi
    I have a free blogs hosting site Blogs Pages
    and I get a flood attacks ,is there any plugin to prevent flood spam ?

  10. Best info on WordPress. i learned some of the WordPress Spam Fighting Features, it is excellent. it’s very useful for spaming ……thxxx for information.

  11. I won’t do the Disabling comments completely suggestion. How can you keep a lively discussion of you will disable the comments?

  12. I get lots of email spam which I don’t bother reading – the whole lot is deleted. What I don’t understand is why do spammers persist in an exercise that is basically a waste of everyone’s time? Surely the majority of people do as I do, so I don’t see how it can be a productive exercise.

  13. Spam is a real problem, but may I say that there is a good spam and a bad spam. Bad spam can actually decrease your SEO efforts for your site, whereas good spam can help rank your site. What do I mean by good spam? This is someone who is commenting for a backlink but is taking time to read the post and share something intelligent. This does show interaction on your site, which is a social signal to the Panda. What do you think?

  14. I also meant to share my favorite plugin for spam removal. It is GASP and requires the click of a box to get submitted. Askimet is not recommended since it will put good comments into the spam folder.

Leave a Reply

Your email address will not be published. Required fields are marked *