How to Stop Spam Comments in WordPress

Lots of bloggers say that comment spam is an unavoidable reality of blogging, but does that really have to be the case?

If you use WordPress, there's many ways in which you can block spam before it lands in your moderation queue. Better yet, you can filter out these unwanted messages without creating barriers which stop genuine users from submitting their comments. Here's our selection of the most useful plugins, setting tweaks and code snippets you can add to your blog to prevent spam comments.

Akismet:

Akismet is a great first line of defence against spam comment, which is why the folk at WordPress pre-install it by default. Although it’s pre-installed you’ll still need to enable this plugin from within your dashboard to take advantage of all it has to offer. Once enabled, Akismet will automatically scan comments posted to your site and delete the most obvious spam, leaving genuine comments to filter through to your moderation queue.

As with all spam filters, Akismet does catch some "false positives" (genuine comments which it think are spam) and miss some "false negatives" (actual spam which survives the filter). However having run this on my own blog I can vouch that the vast majority of comments are correctly filtered.

CAPTCHA:

Although it’s a simplistic defense mechanism, a CAPTCHA is enough to prevent most spam comments. It works by requiring distorted text to be correctly inputted into a free field, in order to submit a comment. The distorted text shown cannot be read by most current computer programs, so a successful input confirms that the comment is from a human.

I highly recommend adding a CAPTCHA to your blog and for this checking out the CAPTCHA plugin by BestWebSoft. It only takes a few seconds to add a basic CAPTCHA to your site, and it offers a number of options for customising your form from the complexity of the text to the error message displayed. You can also add a CAPTCHA to other parts of your blog, like signup, login and contact forms.

Your WordPress Discussion Panel:

WordPress is equipped with many features to stop unwelcome spammers and the settings within your Discussion Settings shouldn’t be overlooked. Here you can adjust the default defense preferences offered by WordPress and outline custom filters to make it harder for spammers to automatically post to your blog.

By default WordPress automatically flags comments that contain more than two links. If you’ve identified link patterns in the spam you’re receiving; you can impose tougher restrictions on the number of links within comments.

Included are sections called the Comment Moderation and Comment Blocklist. Here you can set words contained in comments, comments from certain email addresses and visitors from certain IPs, to be held for further moderation, or even automatically blocklisted. Be careful when using these lists, these filters will match inside words, so adding the word "host" to your blocklist will cause comments including "Tsohost" to be blocklisted as well.

Redirecting Spambots:

The majority of spam comments come from spambots that trawl the web looking for unprotected forms to post comments to.Unlike genuine users, when spambots visit a web page they fail to provide details on the user agent (i.e.: which web browser version they're using) and the referrer (the page they arrived from), making it significantly easier to identify and then block them.

By adding the following snippet of code to your .htaccess file, every newly-posted comment will be checked to see if a referrer and user agent has been provided. If either of these fields are found to be missing at the point of submission, then the connection will be blocked and the spambot will be redirected away to its own machine.

<ifmodule mod_rewrite.c="">RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.name.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]</ifmodule>

Note: Remember to replace "yourdomain.name" with your domain name.

Are there any other great ways to block spam comments on WordPress? I'd love to hear your suggestions in the comments section below.