Comment spam is an ongoing problem for WordPress bloggers and webmasters. Because WordPress is so popular, it's a big target for spammers.
They can use comment forms, discussion forums, and wikis to spam your readers with unreliable links. This can damage your site's reputation, and since comments take up space on your database, they can slow your site speed - even if they're not displayed live on the site.
Luckily, combating comment spam doesn't need to take up a lot of time. Here are several ways you can prevent comment spam on your WordPress website.
Configure Your Discussion Settings
From your WordPress dashboard, go to Settings > Discussion. Here, you will find several settings that can help reduce comment spam.
For example, you can choose to require the commenter to fill out their name and email in the comment form before they can submit their comment. You can also choose to only accept comments from registered users of your site.
However, you'll want to weigh the pros and cons of this option since it can discourage legitimate commenters.
Configure comment settings from WordPress admin panel
Another option is to manually approve the comments that come through your site. Since this process can be time-consuming, consider choosing the option that says "Comment author must have a previously approved comment".
That way, you only have to approve a person's comment the first time they engage on your site. If their first comment is spam-free, then you can assume their future comments will be, too.
You can also hold a comment in your moderation queue if it contains links, and WordPress lets you choose how many links to set this threshold to.
Beneath that setting, you'll also find the option to hold comments in moderation or send them straight to the trash when they contain certain keywords in the person's name, content, email, etc. You can create your own blacklist of keywords.
See Also: 6 Ways To Keep the Wordpress Comment Spammers Cornered
Install An Anti-Spam Plugin
An easy way to reduce the time spent sifting through comments held in moderation is by installing a WordPress anti-spam plugin. One of your best options is Akismet . This plugin uses unique algorithms to filter comment spam into its own folder on the backend of your website. That way, you can focus on moderating legitimate comments.
However, you'll still be able to look through your spam folder to identify spammy trends or to make sure genuine comments didn't fall through the cracks. When you see comments in your spam folder, all it takes is one click to delete them all.
Akismet is installed on WordPress by default, so all you need to get started is to obtain an API key and activate the plugin on your WordPress site. Visit your plugins page, and access the "Settings" options under Akismet to learn more about setting up this anti-spam plugin on your site.
See Also: 15 Essential WordPress Security Plugins
Nofollow Comment Links
Oftentimes, new WordPress users allow dofollow links in their comment section, which means search engines will consider these links in their ranking algorithms.
The idea is that if you make comment links dofollow, it will encourage users to interact with you. While this may be true, it also attracts spammers because they're looking to get that dofollow link back to their website in hopes of boosting their search engine rankings.
Not only does that mean more spam comments to sift through, but it can drop your own website ranking since search engines look at what you're linking out to. If your outgoing links are of poor quality, search engines will think your site is on that same level.
Luckily, WordPress automatically adds the nofollow tag to all comment links. However, if you have changed your settings in the past or have a plugin installed that allows dofollow links, go back to nofollow links.
An example of this is the CommentLuv plugin. This plugin allows users to link back to their most recent blog post. It was once a recommended plugin to promote engagement, but now it can only devalue your site by attracting spammers.
If you have this plugin, disabling it may help reduce the amount of spam comments you get on your site.
Add Captcha Verification Or Quizzes
If you continue to receive spam comments after following the steps above, consider adding captcha verification or quizzes to your website. To implement captcha codes, download the WP-reCAPTCHA plugin. This plugin will display an image of characters, which users have to type into a text field to prove they are human.
If you don't like that option, a simple math quiz (such as 1+2=?) can prove a person's humanity, too. You can add this verification field to your comment form with the Math Quiz plugin. After installing it, go to Settings > Math Quiz to configure your settings.
These options create fields that spambots can't fill out, so their comments never go through. However, be aware that these solutions don't eliminate manually submitted spam comments. They can also make it frustrating for legitimate users to submit their comments, so you'll have to weigh the pros and cons.
See Also: Smart Tips on Wordpress Security - How to Improve WP Security
Block Spam Bots
There are several solutions that can help you block spam bots (or computer programs designed to spam your site) from commenting on your site.
The first is to block their IP addresses. If they can't access the site, they can't leave a comment. All you have to do is add a few lines of code to your root .htaccess. It will look like this:
# blockip
order allow,deny
deny from 123.45.678.90
deny from 09.876.54.321
allow from all
You can block multiple IP addresses by adding more "deny from" lines to the code. If you've signed up with a good web host that offers free security add-ons like an IP address blocklist (Siteground is one option), then you can also use your host's security features to implement this solution.
Another option that can tighten your WordPress security is to add the following code to your root .htaccess. This code will deny bots with no referrer. However, it doesn't block humans who are manually trying to spam you.
# Protect from spam bots
<IfModulemod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.yourwebsite.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>
Make sure to replace "yourwebsite.com" with your URL.
See Also: WordPress Hacks and Code Snippets for Reducing Spam Efficiently
Finally, you can use the WP Spam Fighter plugin to trick spam bots and block them. After installing the plugin, go to Settings > WP Spam Fighter, and enable the "honeypot" protection option.
This adds a hidden field to your comments form that's only visible to spam bots. Since they're typically programed to fill out all fields, it tricks them into identifying themselves so you can block their comments.
The bottom line is that there's no one-stop solution to preventing comment spam on your WordPress site. However, with these mentioned methods, you can reduce the amount of spam you have to deal with so you can save time reading and responding to the genuine users who matter to your site's success.
So what are you waiting for? Implement these solutions on your WordPress site now to reduce comment spam, save time, and preserve your reputation.