How to Prevent Comment Spam in WordPress

Comment spam is one of the most irritating problems for bloggers like you and me. Unless you take active precautions, you will soon discover your website is flooded with irrelevant, obscure comments containing links to suspicious websites.

To make things worse, there’s no effective way to prevent all the spam messages. Yes, you can disable comments altogether, but any sensible website owner wouldn’t want to do that. So, what’s the solution?

Luckily, there are some proven techniques to reduce the number of spam comments on your WordPress site. In today’s post, I am going to introduce you to the seven best techniques for preventing comment spam in WordPress.

Use the Default Akismet Plugin

Akismet should be your first line of defense against the spam comments. This plugin is so important that it is readily included in all new WordPress installations. You need to activate the plugin by going to the Plugins > Installed Plugins page.

You will need a free API key to use Akismet. Once you place the key in its place, the plugin will check all the new comments against the spam database and mark suspicious comments as spam. However, you can review the comments and mark any spam comment as safe or vice versa.

Akismet has an interesting feature that displays the number of approved comments for the visitors. This makes it a bit easier for you to manage the comments. The settings page will display how effective the plugin has been in detecting spam comments.

Use the Antispam Bee Plugin

Antispam Bee is one of the most popular anti-spam plugins for WordPress. This free plugin will block spam comments on its own. The superior options enable you to allow comments from the trusted commenters or the ones with a Gravatar picture. If you are getting lots of spam comments in foreign languages, you can choose to accept comment in one language only.

On some instances, it can happen that you are receiving most of your spam comments from specific countries. In that case, you can blacklist those countries or their IP addresses on your website. Other notable features include using a public anti-spam database, deleting spam comments after a specific number of days, sending email notifications to the admin(s), and so on.

Add CAPTCHA to the Comment Form

Adding CAPTCHA images to your comment form could be one of the best ways to prevent the automated bots and scripts from leaving spam comments. While there are several captcha plugins for WordPress, I prefer the SI CAPTCHA Anti-Spam plugin.

Once the plugin is installed and activated, visitors have to solve the captcha in order to leave a comment on your website. The plugin is compatible with all the popular contact form, forum, and e-commerce plugins along with multi-site installations.

You will find separate options to enable or disable the captcha on various places like the comment form, login, register, forgot password, checkout, etc. It is also possible to hide the captcha images for registered users.

Remove the Website Field

The default WordPress comment form includes the name, comment, URL, and email fields. It is the URL field that attracts the spammers and the humans who don’t have any interest in joining the conversation. Their only intention is to get a backlink from your website with their desired keyword.

Since WordPress displays the author name linked with the URL they provide, spammers can easily provide a keyword as the name and get a backlink. You can prevent this by removing the URL field from the comment form.

The easiest way to do that is to use the Disable-hide-comment-url plugin. Installing and activating the plugin will remove the URL field from the comment form, thereby discouraging the spammers from targeting your site.

Disable HTML Code in the Comments

WordPress allows the common HTML tags in the comments. This could be another opportunity for the spammers to abuse your website. If you find out that most spam comments on your site contain HTML tags, you can disable HTML code in the comments to prevent that from happening.

There are several plugins including Peter’s Literal Comments that enable you to block HTML code in the comment body. When using this plugin, visitors can still use HTML tags, but these won’t get executed.

Disable Trackbacks

For some blogs, most of their spam comments are actually trackbacks. These are used when other websites want to promote their blog posts on your post. Allowing a trackback will display the comment with a title, link, and an excerpt to a post on another website.

In most cases, you don’t need to bother about the trackbacks. That means you can safely disable the trackbacks without missing anything important. Fortunately, WordPress makes it very easy to disable trackbacks. To do that, go to Settings > Discussion, and uncheck the “Allow link notifications from other blogs…” box. This will disable trackback for all of your blog posts.

However, you can still enable trackbacks for particular posts. Just check the “Allow trackbacks and pingbacks on this page” box for the post, that’s it.

Turn Off Comments for Older Posts

Unless you are publishing evergreen posts, you should consider turning off comments for the older posts. Most people publish content that capitalizes on the recent trends or keywords. These posts usually lose value once the popularity of the trend or the keyword decreases. As a result, it makes perfect sense to turn off comments on the older posts.

WordPress offers a default option to disable the comments for your old posts. You will find the option in the Settings > Discussion page under the “Other comment settings” section. Check the “Automatically close comments on articles older than…” and define the number of days after when the posts will be considered old.

Final Words

As I said in the beginning, it is almost impossible to prevent all spam comments. But you can significantly reduce the number of spam comments by applying the techniques described above.

So, do you use any of these techniques to prevent comment spam? Or maybe you use some other techniques. Let me know which works for you in the comments below.


I started this tech blog back in 2011 as a place to write down processes I took to fix my client systems and network. Now I write some tips and tricks to help others with the tech issues that one might encounter.

You may also like...