Home > Blog > 6 Dos And Donts For Preventing Wordpress Comment Spam

6 Dos and Don’ts for Preventing WordPress Comment Spam

As bloggers, we constantly deal with the pain of being spammed with comment spam!  Picture a scenario where you’ve put a lot of time and effort into producing an awesome piece of content (such as this blog post you’re currently reading), shared it all over social media and sat down to wait for the comments to start rolling in. After all, comments are engaging, fun to read and result in a two-sided conversation! Oh look, a notification for a new comment! At this point, you’re kind of expecting something that looks a bit like this:


Buffer‘s community champion, Nicole Miller

Unfortunately, it’s nowhere close to Nicole’s comment; it turns out to be something like this:


Thanks, but no thanks dsx0gdm4!

The first thing you need to realize is that you are not alone; many blogs face the same problem! Do not take it personally; spammers are just trying to increase their PageRank. By leaving comments on your blog post, dsx0gdm4 is trying to direct more traffic to his website. In this blog post, we’ll go through some of the important dos and don’ts for preventing comment spam on your WordPress website!

1. DO Activate Akismet

Akismet is a plugin that comes pre-installed with the WordPress installation. The first thing you need to do is activate it, because without it, you would literally drown in spam. Akismet stops spam from being displayed on your page by filtering it under the Spam category but it doesn’t actually stop spammers from getting on your website in the first place (which is something we definitely want to do!)

2. DON’T Follow Comment Links

Spammers get super excited if they come across a website that has Do-Follow links. It’s sort of like you’re giving them link juice on a silver platter. If you allow readers to include links in their comments then make sure you add rel=”nofollow” to the tag. This simple piece of code will tell search engine bots to ignore the link so spammers won’t be gaining anything by adding links:

<a href="" rel="nofollow">Example</a>

3. DO Blacklist Spammers

If you’re being targeted constantly by the same email address, URL or name, just blacklist them! You can do so under Settings – Discussion in the following box:


Once added, they will no longer appear in your moderation tab, they will simply be deleted automatically so make sure you carefully choose your comment blacklist.

4. DON’T Ban IP Addresses

Although advised by many and quite logical, it rarely helps. Most spammers use hundreds of open proxies and so bounce requests off other servers and computers which make it impossible to kill them off your website.

5. DO Add CAPTCHA Verification

There are many WordPress plugins that you can use to generate CAPTCHA images for a reader to input before they can submit a comment. There are pros and cons to adding this verification. The pro is that this method reduces spam significantly as most spam is carried automatically by bots. The disadvantage is that your reader will be required to do one extra step to submit their comment which is not a smart growth hacking technique; it might even result in a high bounce rate.

One way to fix that problem is to use a less annoying version of CAPTCHA, for example, get your readers to do simple maths using this Math Comment Spam Protection plugin.

Random geeky fact of the day: Did you know that CAPTCHA is named after the British mathematician Alan Turing and stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart?

 6. DON’T Enable Trackbacks

A big portion of comment spam is in the form of trackbacks. You can control that by disabling trackbacks either for your entire blog or for an individual post. This has a major impact on reducing comment spam. As with the blacklisting technique, this too can be implemented through the Settings – Discussion tab, simply by un-ticking the below boxes or modifying it in each post:


Or if you’d prefer to have a plugin do the job, check out Simple Trackback Validation. It checks if the IP address of the sender of the trackback is the same as the IP address that the trackback URL refers to, thus eliminating a large portion of trackback spam as spammers won’t use bots running on infected machines. Cool, right?

And there you have it, 6 Dos and Don’ts for preventing WordPress comment spam! Are there any other tactics that you employ on your website? If so, please let me know by leaving a comment below but no spamming allowed!  

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>