WordPress comment spam is a common challenge for site owners. If left unchecked, they can make your site look unprofessional to visitors and may even lead search engines to flag it as unsafe.
This article will explore practical and easy ways to stop comment spam on your WordPress site.
What Is WordPress Comment Spam?
Comment spam happens when spambots leave random, irrelevant comments on your site. These comments often include links that promote other websites or try to trick visitors into clicking on them. The goal is to boost their search engine rankings or carry out phishing attacks.
In short, spam comments clutter your site and can put your visitors at risk.
How to Prevent WordPress Comment Spam From the Admin Dashboard
Allow comments from logged-in users
You can set your site to allow comments only from users who are logged in.
1. Log into your WordPress dashboard.
2. Navigate to the Settings > Discussion.
3. In the "Other comment settings" section, check the Users must be registered and logged in to the comment option, then save your changes.
Turn On Comment Moderation
Managing comments is an effective way to keep your website safe from spam. With WordPress's built-in moderation feature, you’ll have complete control over the comments posted on your site.
1. Go to Settings → Discussion.
2. Navigate to “Email me whenever” and “Before a comment appears”.
3. Here, you can set WordPress to send you an email notification whenever a new comment is posted, so you can check if it's spam.
You can also approve each comment manually before it’s published by checking the Comment must be manually approved option.
If you want approved users to comment without needing manual approval, check the Comment author must have a previously approved comment option.
Create a List of Blacklisted Words
If you want to allow comments but avoid specific topics, you can create a list of blacklisted words. This will block words commonly used by spammers and any terms you don't want to appear on your site.
You can add blacklisted keywords, and any comments containing those will be automatically deleted. Be careful when selecting words to avoid accidentally deleting legitimate comments.
In WordPress, the Disallowed Comment Keys feature lets you block specific words from appearing in the comments section. To use this, go to the Discussion menu, scroll down to “Disallowed Comment Keys,” and enter the keywords, phrases, URLs, or IP addresses you want to block.
If you're concerned about specific keywords but don't want to delete comments automatically, you can set WordPress to notify you every time such a comment is posted.
Alternatively, the “Comment Moderation” feature allows you to add specific keywords; comments will go into the moderation queue instead of the trash. This way, you can review and approve comments manually, ensuring you don’t miss legitimate ones while filtering out potential spam.
Limit or Block Links in Comments
Spam comments often include links, as they’re intended to drive traffic to the spammer’s site. You can either block comments with links entirely or reduce the links allowed in each comment.
In the “Comment Moderation” section, set the number of links a comment can contain before it’s held for moderation. For example, select 2 to allow one link, or choose 1 to block comments with links entirely.
Set a higher number if you prefer to allow comments with multiple links.
An administrator will review comments with more links than the allowed limit before publication.
Disable Comments Completely
Disabling the comments section might cause you to miss out on valuable feedback or questions from your visitors, but it will eliminate the risk of spam appearing on your site.
To disable comments entirely, go to the Settings > Discussion page and scroll down to the “Default post settings” section. Then, uncheck the Allow people to submit comments on the new posts option.
Remember, this will only apply to new posts. To turn off comments on older posts, you'll need to update the settings for each one individually.
Turn Off Anonymous Comments
Another option is to disable anonymous comments. By default, WordPress requires visitors to provide four details: their comments, name, email, and website.
If anonymous comments are allowed, visitors don’t have to provide their name or email, which makes your site vulnerable to spambots that target comment forms.
To disable anonymous comments in WordPress, simply check the Comment author must fill out the name and email option under Settings > Discussion.
This will make it more difficult for bots to post automated comments (which make up most of the spam) and may also discourage malicious or trolling comments.
Disable Comments for Individual Posts
If you’ve already published posts on your site and want to disable comments on specific ones, or if you want to turn off comments after publishing, you can easily adjust this in the post editing screen for each post.
This can be helpful if you’re publishing a post on a controversial topic or one that’s attracting a lot of spam.
To do this, go to Posts, find the post you want to edit, and click on Edit to open the post editing screen.
In the Post pane on the right, please scroll down to the Discussion tab, expand it, and check Closed to disable comments on that post.
Stop WordPress Spam Comments with a Web Application Firewall
Using a web application firewall (WAF) like Sucuri or Cloudflare can significantly reduce the amount of spam your WordPress site receives.
These services sit between your WordPress host and your site, blocking malicious traffic, bots, and spam before they even reach you. They also let you block entire countries with just a click.
In addition to blocking spam, a WAF can help reduce your bandwidth usage, ultimately saving you on your monthly web hosting costs.
