Matt Paulson

Entrepreneur, Author, Private Equity Investor
  • Facebook
  • Linkedin
  • Twitter
  • Rss
  • Blog
    • Sioux Falls Startup Community
    • Online Business
    • Startup Q&A Show
    • Web Development
    • Photography
    • Book Recommendations
    • Everything Else
  • About
    • Resume
  • My Companies
    • Angel Investments
  • My Books
    • Online Business from Scratch
    • Automatic Income
    • The Ten-Year Turnaround
    • Email Marketing Demystified
    • 40 Rules for Internet Business Success
    • Business Growth Day by Day
    • Simple Savings
  • Media Appearances
  • Contact
Home» Blog » How to Prevent WordPress Comment Spam

How to Prevent WordPress Comment Spam

Posted on May 21, 2013 by matt in Blog, Online Business, Web Development 7 Comments
Tweet

comment spamIf you run a blog that’s powered by WordPress, inevitably your website will be hit by a deluge of comment spam. More often than not, it comes from automated software tools designed to build links back to the spammer’s website for search engine optimization (SEO) purposes. If you leave your WordPress blog unprotected, your posts will be riddled with useless comments and you could possibly face a ranking penalty from Google for having user-generated spam on your website as Sprint recently did. Fortunately, it’s fairly easy to keep comment spam off your website. Here are the few basic steps to take to prevent comment spam from taking over your website:

Enable Akismet – Akismet comes pre-bundled with WordPress as a plugin, but you do need to activate it and enter an API key to make use of it. Akismet compares your comments to known spam comments and marks it as a spam comment if it looks suspicious. The WordPress Codex has information about how to setup Akismet on your website

Setup Hashcash Extended – One of my favorite anti-spam plugins in WordPress is WP-Hashcash Extended. This plugin relies on the fact that most comments that are generated by spam-bots are done using server-side software that does not work with JavaScript. The plugin forces the user’s web-browser to do some basic arithmetic using obfuscated JavaScript and if the commenter’s browser fails the tests, they’re more than likely a bot, since JavaScript is part of all modern web-browsers.

Configure WordPress’s Discussion Section – WordPress has a number of options to manage how comments are processed. To access these, go to the “discussion” tab in your WordPress Settings. I recommend disabling pingbacks and trackbacks all together, as they tend to almost always be spam. It’s also a good idea to close comments after a specific period of time (60 days or so), so that the original discussion on your posts are preserved and that spammers can’t sneak in comments on your old posts. Finally, I recommend checking “Comment author must have a previously approved comment” in the moderation section, unless you receive more comments than you are capable of moderating. This will allow you to white-list your most-frequent commenters and review posts of new commenters the first-time they show up on your website.

Don’t Install a Captcha – It might be tempting to install a captcha to try to stop spam in its tracks, but captcha’s create for a very bad user experience and tend to discourage actual commenters more than they actually stop genuine spam. The reality is, if you do the list of things above, you probably won’t need a captcha on your website.

Setting up Akismet, Hashcash Extended and configuring your comment settings on WordPress should be enough for most websites. If you find yourself deluged by hundreds of spam comments each day in your moderation queue as one of my sites does, you can consider setting up CloudFlare (a CDN which will block malicious traffic from ever getting to your web-server) or the Bad Behavior plugin, which will reject traffic from IP addresses known to be engaging in malicious behavior.

Tweet

Comments

7 comments on “How to Prevent WordPress Comment Spam”

  1. Dave says:
    May 21, 2013 at 8:46 pm

    Very timely, Matt; thanks! I've been having a problem with spammers adding accounts to one of the blogs on my account; the accounts never get used for comment spam, but it's a pain to have to go in and delete the spam accounts after they've collected for a while. It's a rare day that I don't get at least one new users, and not one of them in the last couple years has been legitimate. Just deleted another 26 of them before installing Hashcash. I already had Akismet installed & set up, but we'll see how the addition of Hashcash does with the problem.

    Reply
  2. Magnus says:
    June 2, 2013 at 6:07 pm

    Looks like a SPAM message got through to your blog (see "Myong"). How did this happen?

    Reply
    • MatthewDP says:
      June 12, 2013 at 3:41 am

      Looks like someone's been spamming my site by hand. I've nuked all of those comments.

      Reply
  3. Alanda says:
    June 14, 2013 at 11:17 pm

    Very good suggestion; totally agree with you on captcha, it definitely makes actual users hesitate in commenting.

    Reply
  4. Jeff White says:
    April 1, 2014 at 4:23 pm

    Very good articles on topic! Shame Google hurt rankings but SEO optimization on words like “used Gucci bags” and “india SEO” is good. Thank you for your wonderful input on topic. I always love reading blog by you. And “used Gucci bags” and “india SEO” topic are good too. Do you need more topic for your blog? Write about “used Gucci bags” and “india SEO” to increase rankings and enjoy used Gucci bags and india SEO.

    😉

    Reply
    • matt says:
      April 2, 2014 at 9:13 pm

      touche.

      Reply
  5. O hai let me wanna-be! pe Trilema - Un blog de Mircea Popescu. says:
    April 26, 2020 at 7:51 am

    […] are seeing this because your blog was recently used as part of a DDOS attack against […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get Email Updates

Enter your email address below to receive a steady stream of tricks, tips and ideas to help you build a better and more profitable business.

Email Marketing Demystified

The second edition of Email Marketing Demystified is now available. This book teaches you how to build a massive email list, write marketing copy that converts and generate more sales in your business.

Click Here to Get Your Copy of Email Marketing Demystified

Recent Posts

  • Seven Lessons I Learned Helping Animal Shelters Raise $18.5 Million Over Seven Years

    January 19, 2021
  • My Quarterly Update: Q1 2021

    January 5, 2021
  • Introducing the MarketBeat Burger (Yes, we made a cheeseburger!)

    December 29, 2020
  • Announcing the Paulson Center at Dakota State University

    December 10, 2020
  • The Two Million Dollar Ideas that Propelled MarketBeat’s Growth and Success.

    November 17, 2020

    Follow me on Facebook & YouTube

    Contact

    • [email protected]
    • Contact Us
    • matthew-paulson
      • Facebook
      • Twitter
      • Linkedin
      • Instagram
      • Rss

    © Matthew Paulson 2003-2021. All Rights Reserved.

    Privacy Policy