Stop Comment Spam in WordPress

Stop WordPress Spam

If you own a website that has a blog on it then there’s no doubt in my mind at some point your blog has fallen victim of the spammers, practically more so if your site happens to be powered by WordPress.

Why do spammers bother with comment spam exactly?
Most people who have no sense of how search engines actually work will automatically assume that spammers do this because they hope that your site readers will click the links, sadly this is not the case and actually apart from site administrators hardly anyone clicks spammy links unless they are relevant to the page.

Comment spam occurs mainly for one reason only… search engine rankings. Google and Bing work on a complex algorithm which first establishes what the page is about, it then uses other signals to work out how popular the page is. A website page that has more people talking about it and linking to it will most definitely out rank a page on other site that has no external signals.

However… the comment spammers seem to be stuck in this mind-set that any link is worthy, this used to be the case but Google and Bing have come a long way since they first emerged. Nowadays backlinks from websites are still the bread and butter but… they must be relevant to the page, for example: a site link from a car article to an article about a dog has no relevancy, enough of these useless links will no doubt result in negative SEO (search engine optimisation). Negative SEO isn’t something any webmaster wants as it can damage one page or worse… your entire site.

This can occur at both ends:

  • Outbound: Sites can be penalised for linking out to so many non-relevant sites or ones that have been penalised.
  • Inbound: Sites can be penalised for having too many non-relevant links.

Methods to combat WordPress Spam

Sadly there is no product or service on planet that will 100% stop all comment spam, however there are a few things that are easy to interment that will help you fight against the spammers. Below is a vast array of methods, plugins and information that will help you combat spam on your WordPress site.

  1. Akismet

    Akismet is one of the most valuable and easiest spam prevention plugins for WordPress, you don’t need to download it as it comes bundled with your WordPress install, you do however need to register with WordPress and obtain an Akismet API key.

    Simply head over to Akismet and create a WordPress account and then request your API key. This service is free for basic usage but they do provide more advanced features for paying customers and businesses.

  2. No Follow

    To avoid receiving a penalty from the search engines for linking out to dodgy sites you should ensure that your WordPress links use the nofollow attribute.

    A nofollow link will look something like this:

    <a href="" title="Visit Example" rel="nofollow"></a>

    However with this said, Google and other search engines do expect you to do some administration on the page, after all a website with a useful article with useless comments effects the user experience, therefor you should expect your page to rank lower than a page that links out to helpful sites therefor increasing the user experience and the relevancy of the page.

    If you use Mozilla as your browser of choice then you can download our Firefox Hover Nofollow addon that will highlight links as you hover over them.

  3. Cookie Comments

    When an automated spam bot visits your site they generally only download the HTML and ignore CSS, JavaScript and Cookies. The idea of this method is to plant a cookie for comments on the user’s computer and if they don’t have that comment they can’t submit a comment.

    This method is pretty good, you should however be aware that in EU you will need to use a Cookie Consent Disclaimer or notice.

  4. Captcha Service

    One of the easiest ways to prevent spam is to use a Captcha service; sadly they aren’t bot proof as there are many online services that will crack the code for as low as 0.01USD each. But, it does stop the majority, only the best spammers will get through.

    I highly recommend Google reCAPTCHA and there is even a WordPress reCAPTCHA plugin which should make installing this service easier.

  5. Bait for Spammers

    A more advanced method to block spammers within WordPress is to setup bait for spammers, AKA honeypots. This involves setting up a form that only spammers will see and any attempt to fill in that form will result in a comment post rejection. This sounds complex but thanks to WP Spam Fighter this method is made easy.

  6. Remove the URL field

    Most spam bots will only be interested in your blog if they can leave a URL to their website, this can either be in the comment field or the website field. You can disable the WP URL field but bare in mind this can enhance the user experience for legit users, so I’m personally against this idea.

  7. Disable HTML in Comments

    Allowing users to use HTML in the comment field can attract spammers, by disabling the comment HTML you automatically scare off a lot of spammers, but please note that his can dampen the user experience, because some links and use of HTML can be useful for enhancing the page.

  8. Pingbacks and Trackbacks

    Unless you know what these are you can go ahead and disable them, most blogs and websites don’t need trackbacks or pingbacks, it attracts a huge amount of spammers. You can disable these by login to your WordPress site and clicking discussion within the setting tabs.

    Simply uncheck Allow link notifications from other blogs (pingbacks and trackbacks)

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>