Reduce WordPress Comment Spam to a Trickle :-)

Comment spam is a fact of life if you have a blog. But by using WordPress, you have not only some good built-in tools at your disposal, but also some excellent plugins and methods you can use, which are constantly being developed.

Please do not think that you can ignore the issue of comment spam – you cannot! if you don’t use some method of protection and don’t moderate comments then your blog will soon be flooded with comment spam.

There is no ‘one size fits all’ method that will protect your comments; spammers use many tactics. So you will need multiple defences. Remember too that spammers change the way they attack so you must keep whatever your install up-to-date.


The following are a few different approaches:

1. Use the free automated Akismet plugin service by the makers of WordPress. When a new comment, trackback, or pingback comes to your blog it is submitted to the Akismet web service which runs hundreds of tests on the comment and returns a thumbs up or thumbs down. You don’t have to maintain a blacklist because the idea of Akismet is that you’re always protected up-to-the-second from the latest dirty tricks of spammers. There’s no maintenance, no upgrading, no hassle.

2. Use the wordpress plugin which Automatically shuts off comments for WordPress posts after it becomes XX (user configurable) days old. When i used to use it I set it to 14 days as most comments are made when a post is new, and has a higher rank in search engines.

3. But by far the most effective method I use to reduce comment spam is an idea i got from Jeff Barr WordPress Comment Verification (With Source Code), a simple intelligence test that stops automated comment spam without needing to use complicated Black lists or inaccessible javascript capchas by telling people you must enter my name when you post a comment which automated spammers are incapable of understanding 🙂

One caveat is that Jeff’s code has a few errors: To make it work you must make sure every double quote and single quote in his code is correct like this " and ' , not slanted like this ’ or ”. Also in newer versions of WordPress like 2.0.3 you need to edit comments.php and wp-comments-post.php respectively.

To demonstrate the effectiveness of each method:

  • When I used to use the Auto shutoff comments plugin, it obviously let in comment spam while the post was fresh and then turned off all comments spam or otherwise after 14 days. Overall not a great solution
  • When I recently upgraded to WordPress 2.0.3 I decided to see how well the akismet service worked so I disabled the WordPress Comment Verification hack for 1 hour and akismet correctly marked 40 comments as spam.
  • However the best method is the WordPress Comment Verification hack because in 1 whole week it only let through 1 comment spam which must have been manually entered and it was marked as spam by my Akismet 2nd tier of defence anyway 🙂

The lesson learnt is that you should use several layers of defence including moderating all comments like I do, because even very intelligent services like Akismet will let through a lot of comment spam which you have to sort through.

The WordPress codex contains a page representing all mainstream methods available to protect your site from comment spam. Strangely they don’t mention Jeff’s technique even though I have found it to be the most effective.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.