How to Block Spam Comment in WordPress?

February 10, 2016 Emily Johns Wordpress


With website establishment comes the pain of comment spam. Whether you are running a small website or a well-established online store, they remain a big problem for webmasters. Unfortunately, you cannot do anything to completely stop it. However, thankfully with the passage of many years, webmasters have learned many ways to deprive comment spam of their websites.

Today, in this article, we are going to share some of the best and proven ways that have been used by many websites (including our own) to stop comment spam in your WordPress website.

However, before we dive into implementing different strategies and tactics to stop it, let’s briefly get to know about comment spam.

What is comment spam?

Well, comment spam does not need any introduction. A majority of webmasters are well aware of it. Comments spam are the irrelevant comments posted by the spam bots to either advertise websites or obtain backlinks. These spam comments do nothing good for website rankings since they affect the quality of your website and drags its rankings drastically down.

However, for beginners and novices, comment spam may be something that encourages them to keep going since they can’t differentiate between the real and spam comments. Beginners often find themselves stuck in the maze with no way out.

How does comment spam affect your website?

Comment spam not only affects your website’s quality but also its search engine rankings, as we discussed in the previous paragraph. As a matter of fact, many search engines estimate your rankings depending on the links you share with other websites. And if you are sharing your site’s linking to a spammy website, you are considered to be a spam too.

Having spam comments on your website means allowing spammy websites to link back to your website and earn a backlink while making your website look suspicious. Your site starts looking like a site that was solely built to link to these spam sites.

Therefore, it is always suggested to keep an eye on your comments and filter out any spam comments.

Now, without further ado, let’s dig into the strategies to combat spam comment.

1. Moderating comments


WordPress gives you the freedom to moderate your comments before allowing them to get published. WordPress websites have an option named “discussion” where you can hold your comments to check whether they are spam or genuine.
Click on discussion from your WordPress dashboard and you will be redirected to a settings page where you can manually moderate comments. Discussion settings page has many different comment options which can be easily changed as per your personal preferences.

However, there are two most important options that need to be enabled to hold comments for moderation. You will see “before a comment appears” option in which you have to enable “comment must be manually approved”. This setting gives complete control over all the comments that are posted on your comments and whether they should be posted in the first place or not.

There is one more option that can be enabled i.e. “comment author must have a previously approved comment” in which the comment author who has any previously approved comment can post a comment without undergoing the moderation. You can choose any option depending on your requirement. However, we highly recommend you to enable the first option to keep every comment under your control.

2. Editing .htaccess file to prevent comment spam

.htaccess is a configuration file which is one of the most important files of your website. From improving your website security to editing authorities, .htaccess file allows you to do a lot of things. And preventing comment spam is no exception.

Copy this code and paste it into your .htaccess file to stop bots with no referrer:

# Protect from spam bots
RewriteEngine On
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Make sure that you change “” with your own website link.

3. Blacklisting Comments


A majority of webmasters are usually unaware of the fact that they can actually blacklist comments. The comment blacklist is yet another great feature of WP which allows you to blacklist particular IP addresses of the comment authors who are consistently attacking you. However, you can also use content, name, email address and URL to blacklist commenters as well.

Comment blacklist option is available in the same Discussion settings page where you held comments for moderation. The blacklist option comes with a large blank text area where you can input the IP addresses or other relevant content to combat spam comments.

4. Install anti-spam plugins

The best thing about WordPress is that it offers a wide range of themes and plugins to extend the functionality of your website. With WordPress, there are hundreds and thousands of plugins for everything be it user feedback, caching, SEO, image slider and more. And anti-spam plugins are no exception. Just googling “anti-spam WordPress plugins” yields thousands of results.

These plugins help you protect your website against spamming and hacking while improving its overall performance. However, with thousands of plugins available, you may find it difficult to choose a particular anti-spam plugin for your website. Therefore, we are listing the best plugins here to help you make wise decisions.
Best anti-spam plugins:

Akismet: Akismet is certainly the best anti-spam WordPress plugin that filters out trackback spam and comment spam. Every WordPress version comes installed with Akismet; however, you do need to provide an API Key to get started with it. If you are running a small personal blog or website, you can access this plugin for absolutely free. However, business websites do have to pay a small fee to use it.

Simple TrackBack Validation: Though Simple TrackBack Validation plugin is not so popular, it’s still worth spending time and efforts on. The plugin filters out spam trackbacks by comparing the IP address of the comment author with the web server IP address the trackback URL is referring to.

5. Using Honeypot spam prevention technique


Honeypot is a great spam prevention technology that tricks comment spam bots into disclosing themselves. Honeypot works on a methodology where it checks whether the commenter is a bot or a human. Unlike other spam prevention technique, it gives fake challenges to the bots and when the bots fill up the challenge, they wind up disclosing themselves before they could even comment on your blog.

To make this technique, you need to install WP Spam Fighter WordPress plugin. Once you
have installed and activated it, you need to configure its settings where you will see a honeypot option.

Click on settings → WP Spam Fighter. Enable the Honeypot Protection under HONEYPOT. Hit save changes to see it work.

How it works:
Now whenever a user tries to post a comment, the settings will bring up a Javascript popup which would not let them post a comment quickly.

The techniques and ways we have mentioned in the article do prevent your website against spam comment. But keep it in mind that any user can manually post a comment which, however, can be resolved with comment moderation option.
If you know any method of combating spam comment, you are welcome to share your thoughts and ideas in the comment section below.