Prevent Comment Spam from Damaging Your WordPress Website

Comment spam is the bane of bloggers. It hurts the user experience, takes up space you need for other things, and can even adversely affect your ranking in the search engines. If you run a WordPress blog and feel like you’re at the end of your rope due to comment spam issues, take heart. This article will show you how to make it a thing of the past.

Comment spam can now be found anywhere on the Internet. The most rampant is “blog comment spam,” which mostly affects WordPress-based sites since this is the most popular blog publishing software used by small to corporate-level bloggers.

Sadly, even though Google introduced the rel=”nofollow” attribute for hyperlinks in 2005, which prevents passing of link juice to those spammy inbound links, blog comment spam has not stopped. Indeed, you may noticed that it might be getting worse, depending on how secure your blog is against these types of issues.

This tutorial will do its best to educate WordPress users on how to prevent comment spam from infesting their own blog using the available tools and resources.

Effects of Uncontrolled Blog Comment Spam

The following are the effects of uncontrolled blog comment spam:

1. Decreases the quality of your website. Your great content is tainted with the stain of blog comment spam.

2. Reduces the quality of the user experience. Once you have lots of low quality comments left by spammers abusing your website’s comment fields, normal visitors will get annoyed and distracted. Thus, they will most likely label your site as spammy, shorten the length of their stay, and much worse, will stay away from it for their own safety — as those links may contain malware.

3. Breaks down your site in the long run. These spammers are using automated bots to make automated comments. Thus, if you notice it, they will start to eat the lion’s share of your MySQL database. In the long run, if you continually ignore this, you might notice that your site is down, or you won’t be able to post because your MySQL disk space has exceed its quota.

4. Can affect search engine rankings. One of the devastating effects of comment spam is its effect on search engine rankings and trust in major search engines like Google. If your site is infested with lots of spammy blog comments, it will lower the website’s trust and authority in the search engines. Then it will start affecting your ranking until you will not be able to get a higher amount of organic traffic due to poor website quality (lots of spam comments that could affect the user experience).

{mospagebreak title=Enable Comment Moderation in WordPress}

The quickest way to control blog comment spam is to enable comment moderation. Although this is not a perfect solution (additional suggestions will be discussed in the succeeding sections), it will prevent any spam comments from being immediately displayed on your website.

If you are using the latest WordPress version, which is 2.9.2 at the time of writing, you can enable comment moderation by taking the following steps:

Step 1: Log in to your WordPress admin panel.

Step 2: Go to “Settings” under Dashboard.

Step 3: Click “Discussion."

Step 4: You can have “check only” on the following items:

  • Allow people to post comments on new articles.
  • Comment author must fill out name and email.
  • Email me whenever anyone posts a comment.
  • Email me whenever a comment is held for moderation.
  • Before a comment appears, an administrator must always approve the comment.

The essence of the above settings is not too strict; it still allows people to comment. The important thing is that before any comment to appears, you need to approve it.

{mospagebreak title=Use the WP-SpamFree Plugin}

Spam bots have evolved and become smarter. Even though you need to moderate, sometimes it is too much. I remember a blog for which I needed to moderate 300 comments a day, and 99% of them were spam. Sadly, I could not turn on Akismet due to hosting restrictions. So what I did is really delete them all at once in the WordPress admin panel, and maintain it on a daily basis.

The problem in this situation is that if I went on vacation for a week, even deleting the spam all at once in WordPress takes time, because a week of comments could occupy seven pages or more, even when most of them are spam anyway.

All of these problems are solved with the WP-Spamfree plugin. The advantage of this plugin is that it will work in a limited hosting environment in which Akismet cannot operate. If you are not in a limited hosting environment, then I suggest that you use Akismet.

However, with the increasing popularity of free web hosts that offer a limited hosting environment, WP-Spamfree should work. Below are the installation procedures:

Step 1: Go to

Step 2: Download it to your desktop, unzip it and upload the folder “wp-spamfree” to the wp-content/plugins directory in your WordPress server.

Step 3: Log in to your WordPress admin panel and go to the plugins section.

Step 4: Activate the wp-spamfree plugin.

Step 5: Configure the wp-spamfree plugin.

In the configuration section (under “Settings” – “WP-SpamFree”), this seems to be the most important: under "General options” check ” M2: Use two methods to set cookies.”

Let everything else be configured by default. The good thing about this plugin is that it does not require the user to input a captcha, and almost 99.99% of spam-automated comments are trapped. And even using Recaptcha will not work in a limited hosting environment (due to the use of fopen or other restricted PHP functions).

You can even know how many spam comments are trapped by going into the WordPress dashboard, where you can see the wp-spamfree statistics:

As you can see from the screen shot above, since I installed the WP-Spamfree plugin, it has already blocked 1,619 spam comments.

What if the damage is already done?

What if you log into your WordPress blog and find that you have 60,000+ comments to be moderated? And what if most of those comments contain the phrase “Buy Viagra Online- Cialis” ? You can delete all of those unmoderated comments all at once using a MySQL database. Follow the procedure explained at the link.  

The important thing is to log in to your WordPress MySQL database using phpmyadmin and then issue a single MySQL query to delete those spammy comments all at once.

Do not forget to secure your blog against spam comments using the suggestions made earlier in this article (moderate + wp-spam free or Akismet). This way, any automated attempts will be automatically blocked.

Of course, if you notice severe ranking issues along with spammy comments, you are always free to submit a Google reconsideration request using Google Webmaster Tools to report that your blog is now free of spam comments.

{mospagebreak title=Discourage Spammy Commenters by Having a Comment Policy}

Strictly implement rel=nofollow in your blog comments. Do not worry, as it is enabled by default. Careful though; there are some plugins that will remove the rel=nofollow tag, for example the DoFollow plugin. You need to ensure that all links in the comment fields use rel=nofollow.

Below are some tips on how to discourage spammy commenters:

1. If your blog regularly attracts comments which are good, before any user can post a comment, have them read and agree to your comment policy.

2. Make sure your comment policy includes the following points:

a. In the name field, let them use their real name or nickname , strictly “no keywords” or “business related terms.” (WordPress websites using the KeywordLuv plugin are an exception).

b. Have the comment directly convey substantial information related your post. Deny approval to comments that contains:

Thanks, Great Post!

Hey nice blog!

Great and wonderful research, thank you for sharing this.

You must have done some hard work in coming up with this post.

Hi, thanks for the post, just dropping by.

If you see unmoderated comments (those that are already screened by wp-spam free still need to be moderated) that look like the ones above, disapprove them.

3. State in your policy that you need to moderate comments.

4. State in your policy that links to offensive or completely unrelated websites will be removed — and follow through.

How do you separate the good from the spammy commenters?

There are some brilliant commenters that add life, insights and knowledge to your existing post. Keep them loyal to your blog. Below are some of the tips that I recommend:

First, you can include a note in your comment policy that the top commenters will be rewarded with an editorial post (written by yourself) about their blog with a link pointing to it.

Second, there are an increasing number of WordPress users using KeywordLuv ( ). This is a WordPress plugin that can be used to reward good commenters by having a dofollow link pointing to their website. You can consider using it on your blog for the same purpose.

Indeed, this can be a good plugin to encourage blog comments and attracts a good commenter as long as:

1. The comment is original, related and substantial.

2. The person strictly uses an original name in addition to their targeted keywords (for example: Peter from Florida Laptop Repairs says:)

3. The anchor text should be perfectly relevant to your page’s content.

4. The linked website is clean and directly related to the blog post’s content.

5. Since this system is susceptible to spam, I recommend that this system should be entirely moderated before any comment is approved to ensure its quality and value.

As a summary, spammy commenters cannot penetrate WordPress blogs as long as the following is true:

1.You implement basic guidelines in your commenting policy to prevent spam (outlined above).

2.You enable Akismet.

3.You moderate comments.

4.You use Wp-Spamfree.

5.Most of all, while you are rigid in combating spam comments, you also reward good commenters.

One thought on “Prevent Comment Spam from Damaging Your WordPress Website

[gp-comments width="770" linklove="off" ]