1. Home
  2. Knowledge Base
  3. How to Stop WordPress Comment Spam

Comment spam is a fact of life on the internet. Unfortunate as this may be, it is unavoidable once you have a website with comments enabled. Spam comments are a huge problem, especially if you are not prepared to deal with them appropriately. No matter what type of website you run, you will have to come up with a strategy on how to mitigate WordPress comment spam at some point.

Thankfully, there are lots of great plugins and settings you can enable or install to reduce spam messages on your website. Some of these settings can reduce the margin of occurrence of spams by up to 90%. In this article, we will be looking at some of the measures to put in place to reduce spams on your website.



These tips will save you a lot of time and will significantly eliminate comment spam from your website. Each strategy differs slightly from the other, and the one you decide to employ will be mostly dependent on your site’s setup and goals.

  • Disable Comments Altogether
  • Disabling comments using Plugins (DISABLE COMMENTS)
  • Disabling comments using Plugins (AKISMET)
  • Implementing a WAF 
  • Using HoneyPot to catch spam bots
  • Turn off anonymous comments
  • Enable comment moderation
  • Enable a Captcha
  • Remove the WordPress author comment link 

Disable Comments Altogether

The first and probably most easy option you have is to disable comments entirely. This is recommended for websites and businesses which do not need feedback altogether. To do this, uncheck the “Allow people to post comments on new articles” option, located under settings.

Disabling comments using Plugins (DISABLE COMMENTS)

Another quick method of disabling comments is via the use of plugins created mainly for this purpose. One popular plugin for this purpose is “Disable Comments.” This plugin has flexibility enabling the administrator to disable plugins both globally as well as through post-type filters, all with a single click. This also disables trackbacks and pingbacks.


Disabling comments using Plugins (AKISMET)

Akismet is an anti-spam plugin that comes preinstalled with WordPress. It analyses data from millions of sites in real-time, thus protecting your WordPress site from spam. 

It also filters all WordPress comments on your website through predefined algorithms in their anti-spam database and catches the most common types of spam comments. It is available as a free plugin, but subscribers will need to sign up to get their API key.


Implementing a WAF 

Adding a web application firewall (WAF) such as Cloudflare or Securi can help cut back on the amount of spam your WordPress site receives. This it achieves by filtering out all bad proxy traffic and bots cutting back undesired site visitors. using Securi to combat spam comments

While most of the anti-spam plugins available today are only able to catch spam comments, they are unable to prevent spammers from accessing your website. Too many requests from spammers to submit comments can slow down your website and adversely affect performance. Securi is an excellent WordPress firewall plugin that allows you to block requests before they reach your site. It sits between your WordPress host and your website to block and filter out bad proxy traffic, automated scripts and bots from submitting comments on your website which in turn reduces the number of spam comments you receive. Securi also allows you to easily block traffic from entire countries with a click of a button.


Using HoneyPot to catch spam bots

Honey pot technology is an effective way of tricking spambots into identifying themselves. Once they are identified, their comments can then be blocked. To use honeypot to catch spam bots, your first need to install and activate the “Antispam Bee” plugin. Once activated, go to Settings >> Antispam Bee page and check the option to mark as spam for all honeypot caught comments. After this, click on save changes to make active.

Turn off anonymous comments

Turning off anonymous comments is yet another option for preventing WordPress spam comments. By default, WordPress native comments ask visitors for information like their name, email, comment, and websites before enabling them to access your comment box. But in situations where you enable anonymous comments, visitors to your site would not be required to input such information before allowed access to your comment box. This free access opens up your site, making it vulnerable to spambots that constantly crawl comment forms on your website. 

To disable anonymous comments by checking the option making it compulsory for comment authors to fill out their names and email. This option is found under “Settings” >> Discussion.

Enable comment moderation

WordPress comes with built-in moderation features. These features help in spam prevention. One of such feature is to manually approve each comment. This method though tedious proves to be very useful. It ensures that visitors to your site only see high quality vetted comments. 

Another such technique is the comment moderation queue. For example, you can automatically hold a comment in moderation if it contains a certain number of li link; you should specify a threshold. You can also build up a list of words, names, URLs, IPs, etc. that are held for moderation.

One more option is the comment blacklist. Here, you also build up a list of names, words Ips, and URLs.etc. But this time, instead of holding in moderation, the items listed automatically go straight to trash. To activate comment blacklist, go to Settings >> Discussion on your dashboard.


Enable a Captcha

This is a widely used option which entails the use of some form of question or challenge to prove that a visitor is human. Most CAPTCHA plugins are free and could be quickly deployed on your WordPress site. Although free and easy to deploy, it is good practice to verify that the functionality of each captcha plugin matches your site goals before activating on your website. Some captcha based on their mode of operation can degrade and hurt user experience by asking puzzling questions or showing hard to read letters.

Google Captcha (ReCaptcha): Google ReCaptcha currently has over 200,000 active installs with a 4.5 out of 5-star rating. Google’s version of the CAPTCHA it tags reCaptcha Is probably the finest out there, that can be easily deployed without hurting the user experience. You don’t want someone leaving your site because they got frustrated by the CAPTCHA. The Google (ReCaptcha) by BestWebSoft plugin can be downloaded from the WordPress repository or by searching for it on your dashboard under the “Add new” plugins option. Some features of the google reCatpcha include:


  • Scalability: works on registration forms, login forms, reset password forms, etc.
  • Comes with different themes
  • Enables hiding CAPTCHA for whitelisted IPS has multilingual and RTL

Remove the WordPress author comment link

Whenever a visitor to your site fills out your comment field, by default their name is hyperlinked. These links are nofollow as search engines ignore them. Some visitors with mischievous intent will tend to leave them intentionally for getting these links, probably hoping someone will click on them.

TrulyWp enables you to add a snippet of code to your WordPress site to remove the WordPress author comment links. This helps improve the quality of comments and deters visitors with malicious intent who wouldn’t be motivated to post a comment when they see that the author’s names on existing comments aren’t linked. This ensures that you are getting comments from visitors who only want to engage with feedback. Implement this, you can use the free *Code Snippets Plugin* or add the following code to your WordPress theme’s functions.php file.

Below is an example of how it would look like if you are adding it in the code snippets plugin. Ensure you select “Only run on the front-end” of your site.

To take this step further to entirely disable your website’s comment field, add the following code underneath the code you added above.

after adding the code above, the links (and website field if you added the extra code) will be gone! 

Was this article helpful?

Leave a Reply

Your email address will not be published. Required fields are marked *