There are many open-source content management systems out there. However, WordPress has proved to be the darling for many users, whether creating blogs or websites. To put this into perspective, according to W3Techs, WordPress powers over 40% of all the sites on the internet. However, this percentage could be higher if not for one demon that keeps on haunting the WordPress platform – spam comments!

Yes, it is pretty frustrating for most users when dealing with spam that never seems to go away. So, if you have to use WordPress effectively, you will have to devise approaches to dealing with WordPress comment spam.

Luckily, you are not left in the wild, and with the proper knowledge on how to use plugins, implement settings, and some tricks, you can minimize your spam by 99%. Yes, these are tested techniques that will enable you to reduce spam significantly. Since dealing with spam is an energy and time-consuming undertaking, opting for these approaches will give you more time to focus on growing your blog.

Large volumes of spam comments can affect your website significantly. It can harm your ranking on search engines, keep off some legitimate commenters who would otherwise provide valuable comments to your blogs, and have security implications. As such, any efforts to stop comment spam are absolutely worth it. But the big question remains; how do you stop WordPress spam comments?

Table of contents:

  • What Is a Comment Spam?
  • Is It Worth Dealing With Comment Spam In WordPress?
  • Turn on Comment Moderation in WordPress
  • Minimize the Number of Links Allowed Per Comment
  • Create a List of ‘Blacklisted’ Words
  • Hide the Website URL Field from the Comment Form
  • Restrict Comment Privileges to Registered Users
  • Disable Comments on Media Attachment
  • Disable HTML in Comments
  • Set Maximum and Minimum Comment Length
  • Disable Trackbacks in WordPress
  • Disable Comments on Old Posts
  • Switch off Comments
  • Disable Comments for Individual Posts
  • WordPress Plugin to Stop Spam Email
  • Turn off Anonymous Comments
  • Try Third-Party Comments
  • Why are Comment Spam Bots Targeting Your Website?
  • Checklist for Identifying WordPress Spam Comments

What Is a Comment Spam?

Blog spam is easily recognized by its unique generic content. If we were to categorize it, we would put it in the same family of so familiar email spam. However, it has a unique purpose – to obtain backlinks. Whether through a trackback, comment, or pingback, blog spam aims to get a link published on your website that redirects users to another potentially malicious website.

The spam-redirect website is often not related to your niche and, in most cases, of inferior quality.

When you allow users to comment on your site, you increase the chances of getting spammer comments. Over time, as your website gets established, the spam becomes more problematic to deal with. Most spam is automated and posted by bots that utilize uncanny methods to send short, generic messages as a cover-up for links.

Whether human or bot-generated, comment spams are a real problem because:

  • When spam comments bombard the comment section, it is challenging for genuine users to contribute to your website.
  • Spam comments make your website appear unprofessional.
  • Many of the links in spam comments direct users to malicious sites, or sometimes they may trick them into giving away personal information.

Is It Worth Dealing With Comment Spam In WordPress?

A straightforward answer to this question is YES. You need to stop spam comments if you want to grow your website or blog online. Nowadays, the internet has become a playground for spambots that are automated to send links on behalf of disreputable sites in the form of comment spam. What these comments seek to achieve is that such nefarious websites will get a better ranking in search engines, and gullible users may click on them accidentally.

However, bots are not exclusively used to spam websites. Actual human distributes some spam. In their basic form, these human spam comments are incoherently framed and are harder to recognize, and in most cases, have links that redirect you to nefarious third-party websites.

If you do not keep an eye on your site, these spam comments are published and become visible to search engines and your actual followers, significantly distorting your hard-earned reputation. Visitors will see your site as a spam site or a low-quality website.

That is not all. Your website could be flagged as a dangerous site by search engines if the links contained in those spam comments are found to redirect online users to sites that distribute viruses and malware.

Now you know why you should stop comment spam. Let’s dive into the essential part of this article and learn ways to stop comments from spammers so that you can spend most of your time and energy growing your website.

Turn on Comment Moderation in WordPress

Let’s ensure that any comment that is published on your website gets your approval. This is a great stride to ensure that all comments pass through the filters you have set up. This is only the sure-fire way to take full control of your site and decide on what appears and does not on your site. This is a great solution, especially if you run a business-related website such as human resources, accounting, or a law firm.

To turn on comment moderation in WordPress, go to Settings>Discussion section in the WordPress admin area. On the discussion page, there are three sections. Choose the second section, which says, “Before a comment appears,” and select the box near “Comment must be manually approved.”

At the bottom, select “Save Changes,” which pops up to store the settings you have made.

After implementing these changes, all the comments left by the commenters will be put on hold for moderation until you approve them to be published on your site.

Due to the high volume of comments on your website, going through them manually can be time-consuming and strenuous. Well, you do not have to go through all the comments (genuine and spam); some tips can help you throw away spam and only deal with legitimate ones.

Minimize the Number of Links Allowed Per Comment

We noted earlier that most spam comments contain malicious links that redirect unsuspecting users to other nefarious websites when they click on them. As such, one effective way to stop spam is dealing with the way it is spread, and in this case, you have to limit links in comments. This setting will apply to all the visitors, including the genuine ones, but it is pretty effective in dealing with spammers and, therefore, a worthwhile undertaking.

To set this feature, proceed to the WordPress dashboard and then to Discussion. You will see the Comment Moderation section.

Here, you can set the number of links allowed in a post to be eligible for moderation. This means that if you set the number to zero, all comments with a link will be held for moderation. In the screenshot, all the comments containing two or more links will be flagged for moderation.

Note that spammers are aware of this setup in WordPress and leave malicious links in the website field in the comment form. On the comment page, these links are usually in the form of a username.

Create a List of ‘Blacklisted’ Words

You can quickly identify keywords in spam comments because most spam comments use familiar words. Therefore, you can flag and prevent them from being published on your website when you recognize them. One of the most effective ways is by setting up a “blacklist” of words.

To set it, open the WordPress dashboard and go to Settings> Discussion. You will see the Comment Blacklist section:

In the comment blacklist blank space, you can type the list of words you want to blacklist. If the words listed here are spotted in commenters’ comments, they will be automatically sent to the Trash.

The process of looking for and adding the words commonly used by spammers can be time-consuming.  CleanTalk Anti-Spam has its own dictionary of words and it can be updated in the service control panel.

However, you need to exercise some moderation when selecting the phrases to blacklist, so you do not send to trash the comments from genuine users or some words that spammers use, but you need them on your website. For instance, spammers use the word ‘handbag’ often on spam sites. So, if you are running a handbag store, this is not one of the words you would want to blacklist!

To make sure you don’t make this mistake, you can send them to the Comment Moderation section. This setting allows all the comments containing any blacklisted words to be held for moderation rather than delivered to the Spam field. Alternatively, you can set a combination of the two by adding some words to one field and others to the other field.

You can also add particular IP addresses, words, names, and URLs to put comments on hold in moderation to curb WordPress spam comments. You can access all these options on your WP Dashboard under the Settings > Discussion section. See below.

In the blank box, list the names, IP addresses, words, and URLs. If a comment contains these items, it will be put on hold for moderation.

To implement the changes, scroll down and click on Save Changes.

Hide the Website URL Field from the Comment Form

Both human and automated spammers are looking for platforms where they can feed their trash, and your comment form’s URL field provides just that. That is not all; it is a great attraction for idlers who do not have any interest in contributing to the discussion.

These spam comments on WordPress sites have at least two useless lines, and often the comment author name has a keyword or a combination of the name with keywords, e.g., Walker@SEOpro or James@healthexpert, etc.

But you don’t have to worry about this anymore. The CleanTalk plugin helps you to hide this feature on WordPress in just two steps.

To accomplish this, here are steps to follow:

Step 1: Open your WordPress and go to Plugins >Installed Plugins.

Next to the CleanTalk Anti-Spam plugin, click on the Settings.

Step 2: At the bottom of the panel click on the Advanced Settings. You will see more settings.

Scroll down to  Hide the <Website> field in Comments and Messages and save the changes.

Done! It is as simple as that.

Now open your WordPress website page and you will notice the difference as shown below:

Restrict Comment Privileges to Registered Users

Most spammers aim to capitalize on as many websites and blogs as possible. This implies that if you can make it hard for them to comment on your website or page, they may just give up and try elsewhere.

Luckily, WordPress software has made it easier for users to target this through limiting privileges to comment to registered visitors on your website. This adds more stumbling blocks between your comment section and spammers. As a spill-off effect, it motivates your users to create an account or subscribe for a membership.

You can access this option on Settings>Discussion panel on WP Dashboard. It is found under “Other comments settings.”

Just check the box close to “Users must be registered and logged in to comment” and click on Save Changes.

However, this setting has a limitation. It discourages commenters to leave comments on your website, which is not recommended, especially when aiming to grow your blog/site.

Disable Comments on Media Attachment

Another effective way to stop spam comments is by disabling comments on media attachments. By default, WordPress creates image attachment pages to make the image visible to users. Apart from seeing the image, users can also leave a comment on it.

Depending on the type of website and its content, most users often link images to the attachment page. However, there is always a downside to this. After some time, they get many attachment pages and remember comments are enabled on them by default.

If images form a significant contribution to your post, then that is okay. However, if you want to know how to keep visitors off from commenting on your images, we recommend that you turn off comments on Media attachments, which is straightforward to do.

To start, install the CleanTalk Anti-Spam plugin and go to the Advanced Settings. Select the option for closing comments on the Media attachment.

Scroll down and select Save Changes to save these modifications. From now, the plugin will prevent comments on your WP media attachments and files.

Disable HTML in Comments

Disabling HTML in comments is also a great way to prevent spam links in comments.

To achieve that, add the code below to WP theme’s functions.php file or a site-specific plugin.

1234567891011121314function wpb_comment_post( $incoming_comment ) { $incoming_comment[‘comment_content’] = htmlspecialchars($incoming_comment[‘comment_content’]); $incoming_comment[‘comment_content’] = str_replace( “‘”, ‘&apos;’, $incoming_comment[‘comment_content’] ); return( $incoming_comment ); } function wpb_comment_display( $comment_to_display ) { $comment_to_display = str_replace( ‘&apos;’, “‘”, $comment_to_display ); return $comment_to_display;}add_filter( ‘preprocess_comment’, ‘wpb_comment_post’, ”, 1);add_filter( ‘comment_text’, ‘wpb_comment_display’, ”, 1);add_filter( ‘comment_text_rss’, ‘wpb_comment_display’, ”, 1);add_filter( ‘comment_excerpt’, ‘wpb_comment_display’, ”, 1);remove_filter( ‘comment_text’, ‘make_clickable’, 9 );

Typically, this code changes HTML code into HTML entities, which are shown as the code and fail browser parsing.

Set Maximum and Minimum Comment Length

Another effective tip to stop comment spam is by installing the Yoast Comment Hacks plugin. This WordPress spam comments blocker is used to set a maximum and minimum comment length.

If you have not set this feature in WordPress, some spammers may take this opportunity to leave numerous comments with a single word. WordPress comments blocker plugins may not block a single word because the word looks natural anyway.

However, if you set the minimum comment length, any single word comment will be blocked. This encourages visitors to write a more sensible comment rather than a one-word comment.

Apart from setting max and min word length, this plugin adds some effective hacks around main WP comments to moderate them:

  • It offers an option that redirects new commenters to a Thank You page.
  • An option on the Comment Edit panel to modify the comment parent ID.
  • An option in the WordPress toolbar to send emails to all commenters on a blog.
  • Comment option routing. This includes a dropdown in a blog’s discussion settings to allow you to route comment emails to other users.
  • An option in the Admin Comments panel to send emails to individual commenters.

See the screenshot below to understand better the functions of this plugin.

Disable Trackbacks in WordPress

One thing you won’t want to deal with is trackbacks. They form the biggest chunk of comment spam, and the irony is that they do not positively impact your SEO ranking in any way. Most blogs do not need you to enable trackbacks. You can opt to disable them on an individual page or the entire blog.

The option for disabling trackbacks is found on the Settings> Discussion. This disables trackbacks for the whole site.

Disable Comments on Old Posts

Through the Settings on WordPress, you can disable comments on old posts. This is a great feature, especially for sites that publish timely posts such as events and news blogs.

To accomplish this, go to Settings>Discussion page, and under “Other comment Settings,” the third line reads “Automatically close comments on articles older than” Check the corresponding box and key in the number of days you want the comments to be shown on the blog.

This means that all the comments older than the stated number (in this case, 30 days) will be deleted automatically. If necessary, you can override this number for individual blogs where you want the comments to remain on display.

Switch off Comments

What about switching off comments altogether to stop spam comments from users on a WordPress site? Sometimes you may feel moderating comments in your WordPress is draining you and taking much of your time. If that is the case, the Anti-Spam plugin can help you disable all the comments on your website. First, you should install the CleanTalk Anti-Spam plugin.

 Open your WordPress admin screen >Plugins then Add new.

Enter CleanTalk in the search box and then select the Install button for <Spam protection, Anti-Spam, FireWall by CleanTalk>.

Now select the <Activate> button after the installation is complete.

After the activation, access plugin Settings and select the < Get Access Key Automatically> button, and then save the changes.

Now it is the time to disable WordPress Comments. This can be done in just three steps as follows:

Step 1: Go to Plugins> Installed Plugins.

Next to the CleanTalk Anti-Spam plugin, you will see Settings. Click on the icon to drop more information.

Step 2: Below the information that drops, you will see the Advanced Settings button. Click on it to display more settings.

In the Comments and Messages panel, click on the Disable all comments button.

Step 3: Select wherever the comments will be disabled(1) and click on the Save Changes button to save all your changes.

Disable Comments for Individual Posts

Sometimes users may publish their blogs and then disable comments in WP, or they just want to stop visitors commenting on a particular site blog. In these scenarios, disabling comments for individual posts comes in handy. Here you will need to do this in the post-editing panel for each post.

This setting is also essential if you have a post that has attracted a lot of spam in the past or if the post you want to publish is inherently controversial.

To set this feature, go to Posts. To access the blog that you need to edit, click on it to open the post-editing panel.

On the right next to Block, you will see the Document screen. Scroll down, and you will see Discussion. Click on the box next to it to uncheck Allow Comments.” This disables comments on the post.

Click on Update to save changes, and you will never see comments on that post.

WordPress Plugin to Stop Spam Email

Even though there is a default plugin in WordPress, that does not mean there are no excellent alternatives. For instance, Anti-Flood and Anti-Crawler anti-spam plugins from Cleantalk are highly proficient spam protection plugins with various customizable settings and features.

So, how do these two CleanTalk anti-spam plugins work? Here is how:

CleanTalk Anti-Crawler: This universal plugin blocks all the bots coming to your site pages. The first visit of your site by any IP triggers the plugin to check for spam. In the event of the checking failing, a user is shown the CleanTalk blocking screen for three seconds. This is a screen spam checking technique and the user only gets to access the site if nothing suspicious is detected after three seconds elapses.

To know more about setting the CleanTalk anti-Crawler plugin, click here.

CleanTalk Anti-Flood:  This plugin is specifically designed for dealing with aggressive bots. To start, you should indicate the max number of site pages your visitors can access within a minute.  If an IP goes beyond this set max number, then CleanTalk blocks the screen for 30 seconds. During this time, the IP cannot access any site pages. When this time window elapses, the IP can now visit the pages, and the Anti-Flood option starts keeping the count of pages accessed again.

For instance, this maximum number is set by default at 20 per minute. The implication is that any visitor who accesses 10 site pages within a minute will be blocked for 30 seconds, and they cannot access your site during this time.

Whatever anti-plugin option you opt for, you will be helping to protect yourself from comment and email spam on your site and dedicate more time towards building your site and business.

Turn off Anonymous Comments

This is another tip that can help you to keep off spam comments from your website. Generally, WordPress native comments ask the visitor to provide four key information: website, comment, email, and name by default. However, visitors won’t be asked to provide this information if you have enabled anonymous comments in your WordPress.

To turn off anonymous comments in WP, simply go to Settings>Discussion, and you will see the ‘Other comments’ section. Click on the box next to “Comment author must fill out name and email.”

Save changes to store the changes you have made. From now on, it will be harder for spam bots to add automated comments (these form the most significant percentage of comment spam), but not entirely impossible. It will also make it challenging for people to leave ill-intentioned comments or troll your website.

Try Third-Party Comments

Suppose your WordPress comments are full, and implementing comment moderation settings and plugins proves futile, you can give a shot to third-party systems. The platforms provide anti-spam methods that are pretty effective in stopping spam comments on WordPress. Their foolproof anti-spam systems make it almost impossible for automated bots to detect, so they come in handy.

CleanTalk is one such platform. It offers a myriad of features that users can implement on their WordPress.

Why are Comment Spam Bots Targeting Your Website?

The reason why comment spam bots are targeting your website melts down to the ease of using a bot. The black market is flooded with networks known as “botnets” and platforms where anyone interested in spamming can hire a not for spamming comments. Do you know that only 10 botnets account for 80% spam?

Well, here are reasons these comments spam bots are used:

  • To direct your traffic to unsolicited websites – Unsolicited sites typically rely on spam comments to attract more traffic to their sites. When users click on the links in comments posted on your site (trusting it), they are pivoted to these nefarious sites.
  • To piggyback a link – One of the most used Black Hat SEO approaches to create backlinks to a website is spam comments. Low-quality websites use bots to post spam comments with links in order to get those SEO points.
  • To burden your website server – when hackers want to crash your site, they employ bots. They achieve this by sending bots to attack your login page while spamming your server with requests. These requests take different forms, the common one being comments. As you try to get your website working normally, they exploit this window using other techniques to hack your site.

This shows how spam comments can be employed to reap off legit sites. We know you have employed almost all the techniques mentioned here to ensure spam comments don’t get to your site. However, you are not yet out of the woods. Spammers never stop working on the next new ways to get through your anti-spam measures.

As such, it is essential to understand how to know spam comments whenever you see them. These tips will help you:

Checklist for Identifying WordPress Spam Comments

Whenever you identify a comment with any of these characteristics, there is a high chance it is a spam comment.

  • Check the IP and email of the user in the blacklist base: CleanTalk has made it easier to identify emails and active IPs used to spam sites. It also provides a list of domains that are promoted using spam. You can access this list here to see the spam activity of these IPs and emails.
  • The comment contains a suspicious link: often, a spam link will be shortened and sometimes contains numbers. These links usually redirect visitors to unsolicited sites that spread viruses or deal with drugs.
  • The comment is very flattering and neither here nor there: if you come across such flattery comments like “A captivating post” or ” A great article, I will re-read it,” etc., but you notice that they are actually irrelevant according to the blog, that is undoubtedly a spam comment.
  • The comment contains unusual keywords: it is a spam comment if it includes a particular keyword such as those utilized for SEO building. Often, the keyword is not used naturally.
  • A short and generic comment: Just like in the second checklist, spammers post very brief comments like ” An educative write-up,” “Great write-up,” etc. Bots send the same comments on many multiple sites.
  • The name of the user is a Company name: Spam commenters use this trick to blackmail visitors into thinking that they belong to the company and not acting in an individual capacity. In this case, they seek to redirect traffic to the company website.


Building a website or a blog on WordPress is not an easy task, and when it is finally up and running, you don’t want it to be cluttered by spam comments. They make your site look unprofessional, and if you don’t know how to stop them, soon you will see a significant decrease in the number of real users on your website. That is an experience you don’t want to encounter!

Therefore, take action as soon as possible to stop spam comments before everything goes south. This means coming up with impenetrable anti-comment spam strategies.

To curb comment spam on your WP site, you can:

  • Turn on Comment Moderation in WordPress
  • Minimize the Number of Links Allowed Per Comment
  • Create a List of ‘Blacklisted’ Words
  • Hide the Website URL Field from the Comment Form
  • Restrict Comment Privileges to Registered Users
  • Disable Comments on Media Attachment
  • Disable HTML in Comments
  • Set Maximum and Minimum Comment Length
  • Disable Trackbacks in WordPress
  • Disable Comments on Old Posts
  • Switch off Comments
  • Disable Comments for Individual Posts
  • Turn off Anonymous Comments
  • Try Third-Party Comments

Ready to make your site appear more professional, maintain your visitors, and attract new ones? The above WordPress anti-spam strategies can do the magic if well implemented.

How to Stop Spam Comments on WordPress

Leave a Reply

Your email address will not be published. Required fields are marked *