15 Ways to Stop WordPress Spam Comments (100% Proven Methods)

How to block spam comments in WordPress

Every morning I log onto my WordPress websites and respond to dozens of comments. It’s something I always find satisfying.
Coffee (Nespresso or Nespresso alternatives depending on my mood) and comments are a great way to start a day.

Coffee and comments are a great way to start a day.

It was a usual morning, and upon seeing 100+ comments on a post I published a day earlier on a freshly installed website, I thought it went viral overnight.

But soon, I realized they were all spam comments. This spoiled that usually great start to my day. So, to avoid it ruining every day, I had to make it spam proof like all my other sites.

WordPress spam comments have been around for almost two decades.

I can tell you how the blogger community, the fans of WordPress, have battled spamming throughout those years.

The widespread presence of WordPress and its engaging power have always excited spammers.

They can post hundreds or even thousands of spam comments on your website, compromising its health and reputation.

Fortunately, we have ways to stop spam comments on our sites for good.

In this article, I will share the best techniques used on hundreds of websites to combat spam comments successfully.

You can freely use any single solution or combination of solutions as you see fit to help make it spam proof.

If you are unsure why spammers target your website and how you can recognize a spam comment, let’s discuss that first.

Why Does Your Website Get Spam Comments?

You get spam comments on your website because commenters want to put a backlink to their own websites for search engine ranking.

They shamelessly exploit loopholes on your site for their little gain.

They work on the belief that the more backlinks they get higher their website will rank in search engines.

It’s not true of course, as Google and other search engines are fully aware of this tactic and don’t use this type of backlink as a ranking signal.

But to get what they want, they buy thousands of spam comments to post on different websites, including yours.

They don’t single out a website. Instead, spammers also use bots to post spam comments automatically on different websites across the internet.

How to Catch a Spam Comment

Here are some proven techniques you can use to identify a spammy comment.

Commenter Name

Genuine commenters will have a real name posted with their comment. They don’t usually hide real names behind fake IDs or keywords.

For example, you may notice a commenter’s name in a comment as Johns Car Cleaning Service.

Trust me, The Car Cleaning Service is a keyword, and the whole comment is spam.

Spam comments will most likely land with:

  • Strange names, including random alphabets and numbers
  • Keywords in the names
  • Blank Gravatars to hide the identity

Web Links

WordPress comment systems allow commenters to post their email and website links when posting.

I know the WordPress team should do something about it, but for now, it’s there, and it’s a reality.

Sometimes you would notice links with a bunch of numbers and letters that won’t make sense. They aren’t actual URLs.

They can also camouflage links inside the comment’s body. In such cases, you will see HTML tags inside comments pointing to a site that might look related to your niche.

Don’t be fooled. It’s likely a spam comment.

Generic Comments

Spammers don’t care about the topic of your blog. That’s why you will see them posting irrelevant comments no matter your subject.

You will spot it immediately as their comment wouldn’t talk about anything you wrote about.

It happens because spammers hit websites with a standard message they post on every site they target.

Imagine you accidentally approve such a comment under a popular article on your site that already gets loads of comments from some serious readers.

How will they take it?

My 15 Best Ways to Stop WordPress Spam Comments

Here are some of the best ways to stop spam comments on your website.

I will start with what WordPress offers us in its default state and move on with other solutions I’ve found very effective.

1. Hold Comments, Publish Later

One of the first strategies to deal with WordPress spam comments is to hold them for moderation.

It’s better to read them first before you approve them to go public.

You can activate the filter from the Settings > Discussion page.

Once there, go to the segment Before a comment appears and check the box beside Comment must be manually approved.

comment moderate setting to stop spam comments

I suggest you also check the option just above that says A comment is held for moderation.

Press the Save Changes button at the bottom.

With this option, you will get an email whenever WordPress holds a comment for moderation.

This will not stop spammers from commenting, but you will be able to approve only legitimate comments.

I always use this technique on blogs where the frequency of comments is lower.

2. Create a Blacklist for Spam Comments

In my experience, I’ve found Disallowed Comment Keys a very effective tool to filter out spam comments.

It can fix the issue in most cases for small blogs if used correctly.

It’s a powerful native tool and acts more like a blacklist.

WordPress filter matches every word we mention in the list with the comments spammers leave on a site, including the name, email and IP address.

It then throws away the suspicious comments in the Trash folder.

The folder size grows as more spam comments are checked against the blacklist. Make sure to clean it periodically by accessing Comments > Trash.

To create the list, go to the Discussion page and scroll down to find the Disallowed Comment Key field. Press the Save Changes button at the bottom.

Enter each possible suspicious word or string in a separate line. You can always come back and update the list with more spam words.

disallowed comment key to stop spam comments

The example list in the image will filter out any comment that carries a URL. That means anyone trying to insert an external link will not get in.

Similarly, it will also trash all the comments with the word “cheap” in them.

3. Allow Comments From Logged in Users

You can also apply an extra filter to allow only registered users to comment.

It’s an effective tool and an excellent idea for community sites and forums. This way, only logged in users can leave a comment.

Spammers can still try to breach through the login form by guessing different combinations. I will get to it shortly in another technique below.

logged in user setting to fight wordpress spam comments

To enable this feature, open the Discussions page and go to Other comment settings.

Look for the option Users must be registered and logged in to comment.

Check the box and press the Save Changes button.

4. Disable Comments on Old Posts

Sometimes you may want to disable comments on a specific post because it has become an easy target for spammers.

It could be due to popularity, a controversial topic, or something else.

Whatever the reason, the spammers have somehow tagged it as their favorite for spam bombardment.

turn off comments single post

Open a published post in edit mode, reach out to the Discussion widget from the right side panel.

Uncheck Allow comments, and allow Pingbacks & trackbacks.

Press the Update button. You should find it in the top right corner.

You can repeat the process for other posts.

5. Turn off Comments on Your Website

It’s an extreme measure and ideal in scenarios where businesses don’t prefer to engage with users through comments.

I’ve seen lots of companies, including tech and media outlets, with no way to comment on their blog posts.

It doesn’t mean they don’t value user feedback, but it’s just that their business requires a different way to interact.

turn off comments to fight wordpress spam comments

For turning off comments all the way, go to Settings > Discussion and look for the option Allow people to submit comments on new posts.

You should find it in the top area. Simply uncheck it.

Press the Save Changes button at the bottom of the page.

This action will disable comments on new posts. It will not affect the posts you published earlier.

You can disable comments on each post individually if you have a few old posts. In case you have a lot of posts, it can be a lot of work.

For older posts, you can also try a much easier technique that I will mention shortly.

6. Akismet Spam Protection

akismet spam protection

Akismet is one of the most popular solutions to stop spam comments on your website. The plugin is developed by Automatic and comes as a part of every WordPress install.

It matches every comment on your site with a global spam database to effectively remove the most common spam comments.

Akismet is free for small blogs and hobbyists, but it’s premium version starts from $5 per month, which is ideal for commercial sites.

Both versions require an API Key you can get by signing up with Akismet. You can use a single key on multiple sites.

akismet setting page

Akismet offers a straightforward interface that allows you to choose between two security options – remove comments automatically or put suspicious comments in a spam folder.

Honestly, with the help of WordPress default filters and Akismet, I’ve seen some good results in fighting against spam comments on a number of sites.

7. Disable Comments – Remove Comments & Stop Spam

Disable Comments – Remove Comments & Stop Spam

It’s easier to turn off comments on the new posts from the WordPress discussion settings, but what if you have older posts in the hundreds and thousands? Disabling comments for each post will be a heck of a job.

Disable Comments can do this for you in a few clicks.

You can also stop comments globally for the entire site or for specific post types such as posts, pages, media and landing pages.

It is a helpful control for sites where admins don’t want to disable comments on regular posts but want to stop seeing comments spammers post on other pages.

Unless you run a photo specific website, comments appearing under images aren’t really useful.

8. Comment Link Remove and Other Comment Tools

Comment Link Remove and Other Comment Tools

You can fight spam bots with tools like CAPTCHAS. But how will you deal with spammers who can pass the CAPTCHA test and leave comments?

This is less than ideal for a site admin who wants to allow the audience to comment on their posts as genuine readers without allowing them to spam.

Comment Link Remover is an underrated but powerful plugin to fight spam comments on any website.

The free version can deal with a number of issues website admins usually face from legit commenters or spammers.

You can remove the website field from the comment form, disable the comment author hyperlink and disable any link inside the comment body.

Without these things, spammers tend not to leave a comment on your site.

You can also activate the spam protection module that will auto detect a comment’s health and delete it for you.

9. Stop Spammers Security | Block Spam Users, Comments, Forms

Stop Spammers Security | Block Spam Users, Comments, Forms

This plugin is a complete suite for stopping spam on your website. It not only fights spam comments, but you can use it to combat spam bots that target emails, registration and other forms.

Stop Spammer Security plugin is ideal for busy sites and eCommerce stores where you can’t afford to be hit by spammers.

The default settings are enough to stop spam comments on your site through tons of checks and filters.

You can always get into more details as the plugin offers over 50 customization features to protect your site.

Some of the highlighting features I like in the free version are:

  • Auto spam detection and blocking ability
  • Block specific country
  • Allow/Block list for IPs and IDs
  • Lots of CAPTCHAS available including Google
  • Connect third-party spam defense services

10. Spam Protection, AntiSpam, FireWall by CleanTalk

Spam Protection, AntiSpam, FireWall by CleanTalk

Like Akismet, this plugin by CleanTalk is easy to manage for fighting spam comments right off the bat.

It protects registration forms, comments, contact forms, and custom forms. It can also validate the email the user provides.

It simply needs an access key to work which it gets automatically by pressing the Get Access Key button from the plugin setting area.

anti spam plugin by Cleartalk

The key connects your site with the anti-spam database in the cloud, allowing the plugin to smell the spam comment immediately.

It keeps the spammer away from the site by enabling a firewall designed to detect bots before they access the website.

I like this approach because it puts a lot less load on the CPU, which is the best thing for websites on less powerful hosts. At least you wouldn’t want bots to slow down your website.

This anti spam plugin does the whole job without using lazy CAPTCHA, which also speeds things up for the user.

11. Antispam Bee

Antispam Bee

Antispam Bee is a useful plugin to fight spam comments using a very effective technique.

It uses a hidden CAPTCHA that only spam bots can see, and when they try to solve the challenge, the plugin immediately understands it’s a bot.

Antispam Bee offers a simple setting page but powerful enough to deal with spam comments. You can choose to mark the suspicious comments as spam, or you can delete them right away.

You can also block and allow people to comment on your site from specific countries. It is a convenient feature for geo-specific sites.

For example, if you get too much spam from a particular country, just disallow it. You can also place a filter to allow comments only in specific languages.

Antispam Bee is a free plugin to use on any number of sites.

12. Simple Google reCAPTCHA

Simple Google reCAPTCHA

You can keep the spam bots away from your site by using Simple Google reCAPTCHA, an advanced form of CAPTCHA.

You will notice a checkbox under the comment form on your site with the text I’m not a robot. A user has to check to prove it’s not a spambot activity.

Google can display an advanced challenge if it needs further verification. It usually presents a set of images to select the right ones based on some condition.

We know Google is tough on spambots, and reCAPTCHA ensures they don’t plague your comment database.

13. WP Armour – Honeypot Anti Spam

WP Armour – Honeypot Anti Spam

WP Armour is a brilliant anti spam comments plugin that requires no setup. You only need to install it and that’s it.

The plugin uses the honeypot technique to stop spam comments on your site.

In contrast to Antispam Bee, it works seamlessly with all popular forms, including Contact form 7, Gravity forms, Elementor forms, Divi theme contact forms, WooCommerce Review Pro and Caldera Forms.

The Pro version offers 2 level spam check, which ensures no spambot passes through the firewall.

If the spambot attack worsens, the plugin adds an extra level of anti spam filters and blocks suspicious IPs. This way, WP Armour does not allow bots to consume server resources.

14. Comments – wpDiscuz

Comments – wpDiscuz

If you want to improve the design of your default WordPress comments system, Comments – wpDiscuz is the way to go.

The plugin can handle spam comments automatically and doesn’t allow any of them to pass through its filters.

Comments WpDiscuz really helps to increase user engagement through its interactive features. They can comment through social media IDs, rate comments, and sort them using dates.

The lazy load feature ensures the comment module doesn’t affect the website loading time.

Users can also press the Load More Comments button to see more comments and read what others are talking about the topic.

15. Add Code Manually to Stop Spam Comments

If you want to discourage spammers from posting a comment, you can make your comment form less attractive to them.

For example, you can hide the website field, leaving fewer options for the spammer to place their URL inside comments.

Some of the plugins I mentioned above offer these features. But if you are not the guy who likes adding too many plugins, you can do this by adding small snippets of code in your functions.php file.

You can access the file through the FTP manager or the WordPress dashboard.

It’s easier to access it inside your WordPress dashboard for many reasons.

access function.php from wordpress admin

Whatever theme you use, you can locate functions.php by reaching Appearance > Theme File Editor.

Once found, go to the end of the file and add the desired code.

Once done, press the Update File button.

A. Remove Website Field

This small piece of code removes the website field from the WordPress comment form so there’s no backlink.

add_filter('comment_form_default_fields', 'unset_url_field');
function unset_url_field($fields){
    if(isset($fields['url']))
       unset($fields['url']);
       return $fields;
}

B. Remove Comment Author Link

This code removes the comment author link which discourages spammers.

function Astra_remove_comment_author_link( $return, $author, $comment_ID ) {
            return $author;
}
add_filter( 'get_comment_author_link', 'Astra_remove_comment_author_link', 10, 3 );

function Astra_remove_comment_author_url() {
    return false;
}
add_filter( 'get_comment_author_url', ‘Astra_remove_comment_author_url');

C. Disable HTML Tags in Comment Body

This code disables HTML in comments to force any HTML tag into text so any links are disabled.

function astra_comment_post( $incoming_comment ) {
    $incoming_comment['comment_content'] = htmlspecialchars($incoming_comment['comment_content']);
    $incoming_comment['comment_content'] = str_replace( "'", ''', $incoming_comment['comment_content'] );
    return( $incoming_comment );
    }
    function astra_comment_display( $comment_to_display ) {
     $comment_to_display = str_replace( ''', "'", $comment_to_display );
     return $comment_to_display;
}
add_filter( 'preprocess_comment', 'astra_comment_post', '', 1);
add_filter( 'comment_text', 'wpb_comment_display', '', 1);
add_filter( 'comment_text_rss', 'astra_comment_display', '', 1);
add_filter( 'comment_excerpt', 'astra_comment_display', '', 1);
remove_filter( 'comment_text', 'make_clickable', 9 );

Final Thoughts

Spammers believe they have the right to attack any site. They use multiple ways to penetrate and take advantage of good sites people love.

Though WordPress comes with several built in tools and filters to discourage spammers. Sometimes you need a much stronger hand to deal with them.

I’ve created a list of some best solutions you can think of to fight WordPress spam comments.

Use them to see your site’s health getting better.

If you are already using a tool to fight spam comments, I would love to hear from you.

3 thoughts on “15 Ways to Stop WordPress Spam Comments (100% Proven Methods)”

  1. Hi Adam! FYI They have taken down wp-spamshield. Am curious what would you most recommend now for someone looking to build an online business. Akismet? CleanTalk? Other? Looks WangGuard is going down soon, too..

    Thanks!

Leave a Comment

Your email address will not be published. Required fields are marked *

Want To Know My Go-to Tech Stack for Building WordPress Sites?

Get immediate access to my top recommendations for hosting, themes, plugins, and more!