Note that there are 2 methods used by spammers to spam your comments: Automated ‘spambots’ – program and tools (robots) that can rapidly submit their spam to the same or multiple blogs. If your site is targeted by a spambot you may get hundreds of comments from it in a single day. Fortunately, this is the easiest type of spam to block because it is not a human doing the posting.
Manual spam – actual people visit your site and manually post their useless comments. These are more difficult to prevent because you have to distinguish this type of comment from the normal comment left by a genuine reader.
How To Block Spam Comments Using WordPress
1. Block Pingbacks and Trackbacks – This step blocks both automated and manual spam. Pingbacks and trackbacks are a specific type of ‘remote comment’ which, in our opinion, are so frequently abused by spammers they are now of little benefit – many blogs (like ours) no longer allow them for that reason.
Log into WordPress and in the menu go to Settings / Discussion. In the Discussion Settings, untick the ‘Allow link notifications from other blogs (pingbacks and trackbacks)’ option and then Save Changes. This blocks all future pingbacks and trackbacks. Stay in the Discussion Settings ready for the next step.
2. Block New Comments On Old Articles – This step blocks both automated and manual spam.
Once an article is more than a few months old, genuine new comments are rare – most will be from spammers. It therefore makes sense to block all comments on old articles (if you want to update an old article and think it may generate new comments, just rewrite it and repost as a new article).
In the Discussion Settings, tick the ‘Automatically close comments on articles older than … days’ option and type in the number of days you want then Save Changes. For many sites, 180 days will be about right so that new comments are blocked on any article posted more than 6 months ago – but the number of days is up to you and depends on how often you get comments on old articles. Bear in mind that a limit of 180 days on a 2 year old site immediately blocks all potential spam on three quarters of the articles, greatly reducing the overhead required by automated tools in the later steps.
3. Install Growmap Anti Spambot Plugin (GASP) – This step blocks automated spam.
We use GASP here at TechLogon (you can see it in the Comments section below – it’s the ‘Before Submitting…’ tickbox) and it has never let any automated spam through. A check is made that the tickbox has been ticked before the comment is submitted so there’s no chance that a comment will be lost if it’s being submitted by a legitimate human user.
4. Activate the Akismet Plugin – This step filters both automated and manual spam.
Akismet is used by millions of sites to filter comments and is especially useful for very high traffic sites – it is included in WordPress plugins but needs to be activated and you must register with Akismet for an API key. To do this, log into WordPress and in the menu go to Plugins then follow the instructions in the Akismet plugin description.
Note: Aksimet is free to use for one personal blog (voluntary donation up to $120/year requested if you want to support it) but it costs $5/month for a commercial site or $50/month for use on multiple sites.
Akismet takes a bit of configuring and, unlike the previous steps, it filters comments rather than blocks them. Suspected spam comments are put in a queue and not published unless you review and accept them. Akismet is remarkably good at filtering out spam but can never be 100% – so it may occasionally let some through or put legitimate comments in the spam queue.
We therefore highly recommend using GASP to block automated spam first or Akismet’s spam queue will soon contain thousands of possible spam comments. That is a problem because if the queue has too many comments to manually review, you will end up having to just delete the whole queue – even though it may possibly include a few genuine comments.
Because Akismet sends each comment to its web service to run tests and return a ‘spam verdict’ in order to filter the comment, it does have slight overhead (on speed and bandwidth) on your blog – if you can get away without it then do so but if you are spending more time deleting spam than writing articles then you really need to add Akismet to the previous steps!
Blocking spam comments before they are posted is the best solution to stop automated spam on a WordPress site – combine that with subsequent spam filtering and you can also stop manual spam from clogging up your blog comments, wasting your time and alienating your readers.