≡ Menu

5 Simple Tricks to Prevent WordPress Spam Comments

prevent wordpress spam

After tweaking codes to protect my blog from hackers and malicious bots, I wanted to prevent wordpress spam. If you haven’t checked out the last post then here it is: How to protect wordpress from hackers. My blogs have been receiving ton of spam and it gets annoying every time. By the way, I didn’t use Akismet until now. I know most of you do but Akismet alone can’t combat spam. I did some research, read some good posts written by others, and finally implemented whatever worked for me.

I was a little ignorant last year; as a matter of fact, I didn’t work much on my blogs. But, I am glad because beside my other projects and school work, I was able to take this blog to the next level; however, it doesn’t end there and there is lot more to come. Updates and future plans will be posted shortly but today, I want to help you guys kick the wordpress spammers in their ass. Again, I cannot guarantee that the methods I will mention will eradicate wordpress spam completely but, if you implement them, you will definitely prevent wordpress spam comments by at least 67% – even without Akismet 🙂 and it’s free.

5 Tips to Prevent WordPress Spam Comments

1. Delete All Spam Comments

Not sure if this is a tip but why the heck would you keep the spam. Delete all spam comments and empty your trash. Feel good about it.

2. Hold Comments for Moderation

This is completely your choice. However, I prefer to moderate all the first comments made by a reader. If it’s a bot, the comment will not get accepted and will be held for moderation but, if someone manually comments just to get the link juice then, you can either blacklist him or mark his comment as spam.

In simple terms, the best way to do this is: put a tick on the “Comment author must have a previously approved comment”. When you trust a reader and find his/her comment relevant, you approve it. The next time the same reader makes a comment, it gets approved automatically. This saves you a lot of time so now, you don’t have to deal with approving/disapproving comments that frequently.

Also note that comments containing more than 1 link will be held in moderation; this is pretty good to avoid spammers who are most likely to fill up the comment with links.

3. Modifying .htaccess to Prevent WordPress Spam Comments

.htaccess can help tighten wordpress security. Short lines of codes can really help to reduce spam comments. Add the code below to your root .htaccess to deny bots with no referrer.

# Protect from spam bots
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.yourwebsite.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Replace “yourwebsite.com” with your blog url. The code only blocks SPAM BOTS and not humans who manually try to spam. Bots are the most annoying pests so preventing them from spamming is a good first step. As for human spam, we have Akismet and Quiz to take care of that 😉

4. Banning the Spammer’s IP Address

When someone comments, you can see their IP address on your dashboard. If you come across any IPs that you believe is a spam bot then you can block it from accessing your blog. It is quite simple. You can blog an individual IP or a range to prevent wordpress spam. Add the lines of code to your root .htaccess

# block ip
order allow,deny
deny from
deny from
deny from
allow from all

The example above shows how to block 3 different IP addresses. If you want to block only one IP then simply comment out the other two by adding # in front of them or simply deleting the lines.

5. Install Anti-Spam Plugins

There are thousands of anti-spam plugins but you don’t want them all. Most will slow down your blog and as a matter of fact, I tried over 50 variations of spam plugins; some caused error and some did not work. However, after lots of testing, I found 3 plugins that work; simply install them and you should be fine.

Akismet– Akismet filters out your comment and track-back spam. It is installed on all wordpress by default so all you need is the API key. If you are in individual running a personal blog then you can get this for free. Business blogs will have to pay a small monthly fee and it’s worth it. So get the Akismet API key and activate Akismet on your wordpress blog.

Quiz– Amazing plugin that prevents wordpress spam and troll comments by requiring commenters to answer a question. This plugin simply adds a question answer to your comment form. You can see an example on this blog. Only humans can answer questions; of course, unless the bots are programmed to bypass your question which is least likely to occur. Create an easy question which most will understand. Remember, we are trying to keep off bots and not readers who might not be able to understand complex questions. Simple mathematical questions are good example.

Simple Trackback Validation– This plugin is optional; install it only if you want to strengthen the track back spam filters. The plugin eliminates spam trackbacks by checking if the IP address of the trackback sender is equal to the IP address of the webserver the trackback URL is referring to and by retrieving the web page located at the URL used in the trackback and checking if the page contains a link to your blog. Once you have activated this tool, the options are quite simple. In the “How to deal with spam track backs”, click on “Mark as spam” if you have akismet installed. Validate IP address and then move forward.


You can switch your comment platform from the default wordpress to Disqus or IntenseDebate. I prefer Disqus as I have used this platform on my blogs previously. Disqus is pretty tight; it’s a third party comment platform that literally prevents 95% of spam. If this is the case then why did I decide to stick to the default comment platform? Actually, no reason. I still think disqus is good; it has several features such as: integrating with facebook and twitter, it also helps reduce the database size and loads faster.

Prevent WordPress Spam on Larger Blogs

If you have a large blog with huge audience, you should consider disqus. However, if you decide to stick to the default platform then its all good as long as you implement the 5 quick methods to prevent wordpress spam.

Bottom Line

There are ton of anti spam plugins out there but you don’t want to mess with each of them; this is seriously time consuming. There are also ton of articles written on this topic but again, who knows which one works.

Frankly speaking, there is no magic bullet to completely pevent wordpress spam. Our goal is to find barrier to block these spam bots and keep them away from our blog. I have researched, fixed my blogs and wrote this post based on what worked. If you implement all the above methods, you will reduce wordpress spam by 90% :). It worked out for my blogs and no doubt it will work on yours too. However, stupid bots always have a way around so be prepared and bookmark this post for future reference.

I will update the post as I find valuable resources. A more advanced version is coming soon. Let me know your thoughts on this. What other methods do you use to prevent wordpress spam?

39 comments… add one

Leave a Comment