How To Stop WordPress Spam Comments?

Are you hate Spammers, especialy WordPress comments and trackbacks spam? Me too, I received 500 – 1000 comments, trackbacks and registration spammers. For most blogs, comment spam is the biggest issue they have to deal with and they’re deleting it manually each and every day.

Fortunately, there are simple measures that can be taken to keep this from becoming a massive problem. Now it’s time to protect wordpress site from spammers. In this post you will learn how to prevent spam comments and known how I have successfully locked down comment spam using several diff techniques that work for me.

How To Stop WordPress Spam Comments
How To Stop WordPress Spam Comments

Stop WordPress Comments and Trackbacks Spam by setting your WordPress

Disable Pingbacks and Trackbacks

Disable pingbacks and trackbacks
Disable pingbacks and trackbacks

Pingbacks and Trackbacks are useless. There is not much to deal with that and most of them are spam. So better is to uncheck Allow link notifications from other blogs (pingbacks and trackbacks) from Dashboard >> Settings >> Discussion.

Moderate all comments

Comment author must have a previously approved comment
Comment author must have a previously approved comment

Spammers always includes links in their content for the purpose of getting backlinks. So I prefer Hold a comment for moderation if it contains 2 or more links and turn on the option Comment author must have a previously approved comment to make sure they are human.

Automatic mark comments as spam if it’s contain blacklist keywords

WordPress allow you check all the comments content then mark it as spam if it’s contain blacklist keywords. Any comment containing the words in the blacklist will be sent automatically to the spam queue without any notification. The beauty of this technique is its simplicity but you need choose your blacklist words careful to prevent missing real and value comments. Sometimes a simple solution is a better solution.
Currently, I’m using splorp’s Comment Blacklist for WordPress, it contains over 11,000 entries, optimized several entires to avoid false positives and updated frequency.

Copy the list of keywords found in the blacklist.txt file, paste it into the Comment Blacklist field of your WordPress Discussion Settings panel, and click the Save Changes button.

That’s it.

Prevent WordPress Spam Comments with advanced theme functions and server settings

Here are WordPress hacks and snippets to efficiently reduce spam but it’s required some PHP knowledge.

Disable URLs in comments

To disable URLs in comments, you can disable Website field or unl URLs in comment’s content. Then here’s a trick I’m using on NARGA.NET. (This code have to be pasted in your functions.php file to work.)

// Unlink urls in comment text
remove_filter('comment_text', 'make_clickable', 9);

//Remove the url field from your comment form
function remove_comment_fields($fields) {
    return $fields;

Now, all your comment’s URLs has marked as unclickable like normal text without anchor link to target keyword which spammers posted to your website.

Reject comments that is non-referrer request

Spammers can use softwares, tools, bots to commenting on your WordPress websites. It sends spam content without referrer, just detect and reject all comments like that.
You need past these codes below into .htaccess file:

# block comment spam by denying access to no-referrer requests
RewriteEngine On
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.** [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ ^http://the-url-that-you-want-to-send-spammers-to/$ [R=301,L]

If you don’t want modify .htaccess file, you can use these codes below in your functions.php file:

//Block Referal URL exploit for Comments
function verify_comment_referer() {
    if (!wp_get_referer()) {
        wp_die(__('You cannot post comment at this time, may be you need to enable referrers in your browser.'));
add_action('check_comment_flood', 'verify_comment_referer');

Deny WordPress Comment Spam with a Nonce

Nonce was a term that was developed to mean for or used on one occasion. A nonce value is generated on every page request, and validated on the next subsequent action or additional page request to ensure any request or action to be performed came from your web site.
This will require any comment spam bots to have a valid nonce value before allowing their comment to be submitted for processing. Seeing as this field is generated and unique for each and every request, it is highly unlikely that a comment spam bot will be able to replicate it, effectively removing spam comments form your web site.
To enable the nonce field within your WordPress comment form add the following code snippet to your functions.php file, within your WordPress theme folder, to enable the nonce field support for your comment form.

// Create Nonce
function add_nonce_field_to_comment_form() {
// Include Nonce To Comment Form
add_action('comment_form', 'add_nonce_field_to_comment_form');
// Check Nonce Field Validity
function check_nonce_field_on_comment_form() {
    if (!wp_verify_nonce($_REQUEST['_wpnonce'], 'comment_form_nonce_field')) {
        die('Nonce Check Failed - Killing Request');
// Add Nonce Check To Comment Form Post
add_action('pre_comment_on_post', 'check_nonce_field_on_comment_form');

A nonce does not offer absolute protection, but will and should provide protection against invalid requests in most cases.

Active plugins to controls WordPress comments spam

There are too many plugins which can help you control the Spam Comments, I listed some solution (not best, it may works with my site but it may not works on your site).

Use captcha to valid commenters as human

The captcha plugins allows you to implement a super security captcha form into web forms. It protects your website from spam by means of math logic, character identification, … easily understood by human beings. You can find some good Captcha plugins on WordPress.ORG Plugins Repository.

  • WP-reCAPTCHA: reCAPTCHA is probably the most popular and widely accepted CAPTCHA systems by both end-users and site-owners. This plugin integrates reCAPTCHA anti-spam methods with WordPress including comment, registration, and email spam protection.
  • Captcha: This plugin allows you to implement super security captcha form into login, registration, password recovery, comments forms. All you need is to do one of the three basic maths actions – add, subtract and multiply.
    There is also a premium version of the plugin, allowing compatibility with BuddyPress and Contact Form 7.
  • KeyCAPTCHA: Instead of guessing symbols, our WordPress CAPTCHA offers visitors to complete an easy interactive task. f CAPTCHA hasn’t been solved correctly, page refreshing doesn’t take place that allows the user not to fill in the form repeatedly. It occurs since there is an initial checkup of CAPTCHAs in our CAPTCHA servers before sending a filled-in form to the protected web server. That’s promising new Captcha solution and worth to try.

There are thousands of anti-spam plugins but you don’t want them all and most will slow down your blog and as a matter of fact. These three helpful WordPress CAPTCHA plugins which I’ve used can help you get rid of trolls and spammers on your WordPress blog.

Automatic Spam Detection

There are anti-spam plugins that will automatically identify and send most unwanted comments to the spam folder for you using a better filter system. These plugins consider different factors to determine whether or not each comment is spam.

  • Akismet: Akismet comes pre-installed with wordpress so you don’t have to install. Just activate and enter your Akismet API key to filter your spam comments. In theory, the process by which Akismet filters spam sounds impressive.
    Akismet Stats
    Akismet Stats

    But with me, Akismet is not good as I expected because it stored all spam comments and increased my database too much. For some reason, Akismet is not working anywhere near as well as it use to and I am having to manually process things. Akismet may be popular but that does not mean it is the best solution.
  • AntiSpam Bee: Antispam Bee protects blogs from digital rubbish. It is made up of sophisticated techniques and analyzes comments including pings.
    AntiSpam Bee
    AntiSpam Bee

    It takes a few days until it works correctly, but after those days it’s amazing. This is my pick. It’s free and I find with default settings it works very well.
  • Growmap Anti Spambot: This plugin will add a client side generated checkbox to your comment form asking users to confirm that they are not a spammer. It is a lot less trouble to click a box than it is to enter a captcha and because the box is genereated via client side javascript that bots cannot see, it should stop 99% of all automated spam bots.Growmap is great at doing one thing – blocking automated spam, it does a near-flawless job and preventing spambots from submitting comments. It’s worth to try if you feel Akismet far less effective that your expected.
  • Stop Spam Comments: Dead simple and super lightweight anti-spambot WordPress plugin. No captcha, tricky questions or any other user interaction required at all. Just install, active and forget about it.

What is best solution to stop WordPress Spam Comments?

Nor of anti-spam solution above are perfect. You need try by yourself to find most effective tricks that works perfect on your site.
I hope that these techniques helped that you use to fight spam on your blogs. If you have something that might help others, don’t forget to share them below and we can slowly eradicate the annoyance of spam as dedicated blog owners. Let us know in the comments section!

16 thoughts on “How To Stop WordPress Spam Comments?”

  1. Very helpful post, I’ve had a lot of questions about comments and how to determine the difference between legitimate and spam. Askimet has so far been great. I might add that if the syntax and grammar are atrocious in the comment, it’s a good sign that it’s spam, lol.

  2. I would like a function which automatically deletes comments containing any links.
    Any suggestions ?

  3. Is it any plugin or other softaware or method for automat removing all blocked spam comments? So it helps a lot when not needed every day to delete manually.

    Many thank for helping with this problem.

  4. Sure, spam comment are still blocked also in my WP. But how to detele new spam commet list from administration panel automaticly, not manual way?

  5. Hi, thanks for the great post.

    I’m interested in more info about the ‘website’ field in comments. Wouldn’t it help reduce spam to disable the ‘website’ field in comments? And if so, how exactly does one do that?

    Unfortunately, I can’t see anything on my wordpress dashboard settings that just lets me disable this.

    I get such an insane amount of spam…. tens of thousands.

    • Hi Chris,
      Yes, by hiding the ‘website’ field in comments will help reduce a lot of spam. I found that Goodbyecapctha plugin has the option to hide the web site filed from comments.
      Also, it has another cool feature letting you to hide the “our email address will not be published” text and the “Allowed THML tags” fields from your form.


  6. Thanks :) I have just put some of this into one of our multi site installs to hopefully combat the 100+ per day spam comments that come through. Cheers!

  7. Due to your incomplete information about combat method, I lost comments from people up to 2-3 months. After then, I came to know in details that there I should replaced your url. Please update it. Hope it will be useful.

  8. Thanks for sharing this great information.

    It will be very helpful for bloggers and beginners. We can avoid spamming by these techniques which you have mentioned above. I admire your work.

Comments are closed.