If you run a blog that’s powered by WordPress, inevitably your website will be hit by a deluge of comment spam. More often than not, it comes from automated software tools designed to build links back to the spammer’s website for search engine optimization (SEO) purposes. If you leave your WordPress blog unprotected, your posts will be riddled with useless comments and you could possibly face a ranking penalty from Google for having user-generated spam on your website as Sprint recently did. Fortunately, it’s fairly easy to keep comment spam off your website. Here are the few basic steps to take to prevent comment spam from taking over your website:
Enable Akismet – Akismet comes pre-bundled with WordPress as a plugin, but you do need to activate it and enter an API key to make use of it. Akismet compares your comments to known spam comments and marks it as a spam comment if it looks suspicious. The WordPress Codex has information about how to setup Akismet on your website
Setup Hashcash Extended – One of my favorite anti-spam plugins in WordPress is WP-Hashcash Extended. This plugin relies on the fact that most comments that are generated by spam-bots are done using server-side software that does not work with JavaScript. The plugin forces the user’s web-browser to do some basic arithmetic using obfuscated JavaScript and if the commenter’s browser fails the tests, they’re more than likely a bot, since JavaScript is part of all modern web-browsers.
Configure WordPress’s Discussion Section – WordPress has a number of options to manage how comments are processed. To access these, go to the “discussion” tab in your WordPress Settings. I recommend disabling pingbacks and trackbacks all together, as they tend to almost always be spam. It’s also a good idea to close comments after a specific period of time (60 days or so), so that the original discussion on your posts are preserved and that spammers can’t sneak in comments on your old posts. Finally, I recommend checking “Comment author must have a previously approved comment” in the moderation section, unless you receive more comments than you are capable of moderating. This will allow you to white-list your most-frequent commenters and review posts of new commenters the first-time they show up on your website.
Don’t Install a Captcha – It might be tempting to install a captcha to try to stop spam in its tracks, but captcha’s create for a very bad user experience and tend to discourage actual commenters more than they actually stop genuine spam. The reality is, if you do the list of things above, you probably won’t need a captcha on your website.
Setting up Akismet, Hashcash Extended and configuring your comment settings on WordPress should be enough for most websites. If you find yourself deluged by hundreds of spam comments each day in your moderation queue as one of my sites does, you can consider setting up CloudFlare (a CDN which will block malicious traffic from ever getting to your web-server) or the Bad Behavior plugin, which will reject traffic from IP addresses known to be engaging in malicious behavior.
Very timely, Matt; thanks! I've been having a problem with spammers adding accounts to one of the blogs on my account; the accounts never get used for comment spam, but it's a pain to have to go in and delete the spam accounts after they've collected for a while. It's a rare day that I don't get at least one new users, and not one of them in the last couple years has been legitimate. Just deleted another 26 of them before installing Hashcash. I already had Akismet installed & set up, but we'll see how the addition of Hashcash does with the problem.
Looks like a SPAM message got through to your blog (see "Myong"). How did this happen?
Looks like someone's been spamming my site by hand. I've nuked all of those comments.
Very good suggestion; totally agree with you on captcha, it definitely makes actual users hesitate in commenting.
Very good articles on topic! Shame Google hurt rankings but SEO optimization on words like “used Gucci bags” and “india SEO” is good. Thank you for your wonderful input on topic. I always love reading blog by you. And “used Gucci bags” and “india SEO” topic are good too. Do you need more topic for your blog? Write about “used Gucci bags” and “india SEO” to increase rankings and enjoy used Gucci bags and india SEO.
😉
touche.
[…] are seeing this because your blog was recently used as part of a DDOS attack against […]
i have read your blog website and i am happy to see your user friendly content.
thanks for sharing.please keep it up.
Thank you for sharing good information with us.
I like your post and everything you share with us
is up-to-date and very intel limitable, I want to
bookmark the page so I can come back here to read you,
because you did a wonderful job.
I like your post and everything you share with us
is up-to-date and very intel limitable, I want to
bookmark the page so I can come back here to read you,
I like your post and everything you share with us
is up-to-date and very intel limitable, I want to
bookmark the page so I can come back here to read you,
because you did a wonderful job.