≡ Menu

5 Simple Tricks to Prevent WordPress Spam Comments

prevent wordpress spam

After tweaking codes to protect my blog from hackers and malicious bots, I wanted to prevent wordpress spam. If you haven’t checked out the last post then here it is: How to protect wordpress from hackers. My blogs have been receiving ton of spam and it gets annoying every time. By the way, I didn’t use Akismet until now. I know most of you do but Akismet alone can’t combat spam. I did some research, read some good posts written by others, and finally implemented whatever worked for me.

I was a little ignorant last year; as a matter of fact, I didn’t work much on my blogs. But, I am glad because beside my other projects and school work, I was able to take this blog to the next level; however, it doesn’t end there and there is lot more to come. Updates and future plans will be posted shortly but today, I want to help you guys kick the wordpress spammers in their ass. Again, I cannot guarantee that the methods I will mention will eradicate wordpress spam completely but, if you implement them, you will definitely prevent wordpress spam comments by at least 67% – even without Akismet 🙂 and it’s free.

5 Tips to Prevent WordPress Spam Comments

1. Delete All Spam Comments

Not sure if this is a tip but why the heck would you keep the spam. Delete all spam comments and empty your trash. Feel good about it.

2. Hold Comments for Moderation

This is completely your choice. However, I prefer to moderate all the first comments made by a reader. If it’s a bot, the comment will not get accepted and will be held for moderation but, if someone manually comments just to get the link juice then, you can either blacklist him or mark his comment as spam.

In simple terms, the best way to do this is: put a tick on the “Comment author must have a previously approved comment”. When you trust a reader and find his/her comment relevant, you approve it. The next time the same reader makes a comment, it gets approved automatically. This saves you a lot of time so now, you don’t have to deal with approving/disapproving comments that frequently.

Also note that comments containing more than 1 link will be held in moderation; this is pretty good to avoid spammers who are most likely to fill up the comment with links.

3. Modifying .htaccess to Prevent WordPress Spam Comments

.htaccess can help tighten wordpress security. Short lines of codes can really help to reduce spam comments. Add the code below to your root .htaccess to deny bots with no referrer.

# Protect from spam bots
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.yourwebsite.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Replace “yourwebsite.com” with your blog url. The code only blocks SPAM BOTS and not humans who manually try to spam. Bots are the most annoying pests so preventing them from spamming is a good first step. As for human spam, we have Akismet and Quiz to take care of that 😉

4. Banning the Spammer’s IP Address

When someone comments, you can see their IP address on your dashboard. If you come across any IPs that you believe is a spam bot then you can block it from accessing your blog. It is quite simple. You can blog an individual IP or a range to prevent wordpress spam. Add the lines of code to your root .htaccess

# block ip
order allow,deny
deny from
deny from
deny from
allow from all

The example above shows how to block 3 different IP addresses. If you want to block only one IP then simply comment out the other two by adding # in front of them or simply deleting the lines.

5. Install Anti-Spam Plugins

There are thousands of anti-spam plugins but you don’t want them all. Most will slow down your blog and as a matter of fact, I tried over 50 variations of spam plugins; some caused error and some did not work. However, after lots of testing, I found 3 plugins that work; simply install them and you should be fine.

Akismet– Akismet filters out your comment and track-back spam. It is installed on all wordpress by default so all you need is the API key. If you are in individual running a personal blog then you can get this for free. Business blogs will have to pay a small monthly fee and it’s worth it. So get the Akismet API key and activate Akismet on your wordpress blog.

Quiz– Amazing plugin that prevents wordpress spam and troll comments by requiring commenters to answer a question. This plugin simply adds a question answer to your comment form. You can see an example on this blog. Only humans can answer questions; of course, unless the bots are programmed to bypass your question which is least likely to occur. Create an easy question which most will understand. Remember, we are trying to keep off bots and not readers who might not be able to understand complex questions. Simple mathematical questions are good example.

Simple Trackback Validation– This plugin is optional; install it only if you want to strengthen the track back spam filters. The plugin eliminates spam trackbacks by checking if the IP address of the trackback sender is equal to the IP address of the webserver the trackback URL is referring to and by retrieving the web page located at the URL used in the trackback and checking if the page contains a link to your blog. Once you have activated this tool, the options are quite simple. In the “How to deal with spam track backs”, click on “Mark as spam” if you have akismet installed. Validate IP address and then move forward.


You can switch your comment platform from the default wordpress to Disqus or IntenseDebate. I prefer Disqus as I have used this platform on my blogs previously. Disqus is pretty tight; it’s a third party comment platform that literally prevents 95% of spam. If this is the case then why did I decide to stick to the default comment platform? Actually, no reason. I still think disqus is good; it has several features such as: integrating with facebook and twitter, it also helps reduce the database size and loads faster.

Prevent WordPress Spam on Larger Blogs

If you have a large blog with huge audience, you should consider disqus. However, if you decide to stick to the default platform then its all good as long as you implement the 5 quick methods to prevent wordpress spam.

Bottom Line

There are ton of anti spam plugins out there but you don’t want to mess with each of them; this is seriously time consuming. There are also ton of articles written on this topic but again, who knows which one works.

Frankly speaking, there is no magic bullet to completely pevent wordpress spam. Our goal is to find barrier to block these spam bots and keep them away from our blog. I have researched, fixed my blogs and wrote this post based on what worked. If you implement all the above methods, you will reduce wordpress spam by 90% :). It worked out for my blogs and no doubt it will work on yours too. However, stupid bots always have a way around so be prepared and bookmark this post for future reference.

I will update the post as I find valuable resources. A more advanced version is coming soon. Let me know your thoughts on this. What other methods do you use to prevent wordpress spam?

Comments on this entry are closed.

  • Thanks for this post I literally get at least 30 spam comments a day it’s gotten to the point where I don’t erase them I just ignore them but now after reading this I can get rid of them thanks again.

    • Some of my blogs get over 100 to 1000 spam comments a day. After doing my thing, its reduced to 1%. Just implement the methods above; Its simple, works and is newbie friendly 🙂

  • Been looking for a good solution to the spam problem. I’ll definitely have to try out some of these plug-ins. Thanks

    • install all of them :). This blog received 0 spam so far after implementing the method, good luck

  • I really needed this help because of the nature of my blog, I would have over 50 spam attacks a day it seems, I going to implement these tactics into my blog.

  • Thanks. I read this after another reference to Akismet.
    You may want to visit my blog.

  • Thank you for the information. I had actually forgotten about the previously approved comment option.. Thatnks agin for all the handy tips. 🙂

  • That said, I’m having a few issues I was hoping you might be able to help me with, if you have time! Thankss

    • Salman Ahsan

      if you kindly mention the issues here, I might be able to help. What is it?

  • thanks
    I am installing anti-spam plugin akismet for my blog

  • This really helps WordPress bloggers to be aware of what really are spam comments and how to handle it. Thanks!

  • BON

    Thanks for the cool tips! and i like your anti spam mathematics! =)

  • I needed this article, because everyday i’m getting spam from like chinesse websites it’s really frustrating deleting them.

    Thanks for the info!

  • Dear Admin,
    Thanks For Writing About How To Get Rid From Spam,


  • Thanks Alot !!

    My site suffer from spam for over 6 months ! I hope this will help me dealt with it !

  • Hey guys great article i hope this helps on my word press site i get tons of pure spam comments all the time and hardly any true comments. It does get annoying deleting all those spam comments all the time! Many thanks


  • I am very distrubed from spam comments.

    Your Post help me so much.
    Plz tell me one thing
    How you ad (anti spam qustionn 10+4)


  • Hi Salman,

    I really enjoyed the tips you gave on your blog. I too have trouble with spam comments on my site. I think it’s definitely good to moderate all first comments then automatically approve accepted IP’s after first approval.

    Another idea I had which really helps is installing the copyscape plugin with a premium account, seeing if you can use it to check comments, that way any spammers have exactly the same comment on all other blogs. If someone genuinely wrote something by hand, like I am now, it will always be unique and thoughtful.


    • Salman Ahsan

      Pretty interesting concept.. didnt know about the copyscape plugin 🙂 will check it out.

  • Alex

    The best plugin for WP with antispam Cleantalk it. It automatically checks all the comments and do not miss them. Plug-in eliminates the CAPTCHAs and other methods of communication hinder the visitor on the site. You can post messages without pre-moderation. The visitor will immediately see your comments on this site. Automatic publishing can increase traffic to your blog to 20% due to the publication of articles relevant blog comments, attracting additional traffic on the comments and improve ease of commenting on the blog.

  • Nice suggestion. I agree with you. using many plugin is not good for database. but those blogger who wants to stop using plugin then my suggestion is to use Akismet plugin.

  • I was looking for a solution for long time as I am also getting a lot of spam comments on my blog. And I think ‘Quiz’ is the best plugin as you are also using it. But on some blogs I see that you only have to check a checkbox. Can you please highlight if ‘Quiz’ can also provide a checkbox instead of putting an answer in a box.

  • Some good tips here the less spam you have to shift through the better will try out the .htaccess mod !

  • That’s another tips to stop comment spam, where you may charge a small fee for comment review. Most spammers will simply stop spamming your blog, leaving only person who legitimate. This way you will get compensation for time spent in comment reviews.


  • Thanks! I messed up and a whole flood of garbage came crashing through my door. These tricks will most definitely help.

  • Pingback: Fighting and Stopping SPAM for Wordpress | 1331 Design LLC()

  • Pingback: Configurando anti-spam de comentários no wordpress()

  • Pingback: The Definitive Guide to WordPress Security | Search Optimizers()

  • João Carlos Ignácio

    Thanks for the hints!
    It really helped me to avoid most part of spammers activity, especially by .htacces trick 😉

  • Thank you for improving the quality of my life. #3 Modifying .htaccess did wonders. Now I spend less time deleting comments and more time writing music.

  • Pingback: 6 online websites for checking duplicate content | Tech Spiel()

  • saikiran

    do the performance of webpage reduces if i have more number of spam comments in my blog ?
    please tell me how to increase the site performance and traffic?
    please please……

  • Nice tips ,i usually moderate comments,empty spams comment all at once and uses askimet and has been doing wonders in protecting against spams.

  • Pingback: Making WordPress Security a Priority and Rock Solid - itechnology.am()

  • Another method is to utilize the wordpress blacklist and from there add ips and keywords you wish to block. Overall great resource, thanks for sharing!

  • Pingback: Configurando anti-spam de comentários no wordpress | Plataforma Infoproduto()

  • Thanks for sharing, but u said disqus is much beteer than any other,i agree but the problem is with google. Google dsnt allow this with adsense sites because it has a redirect system under comments to other posts., so i tried intensedebate but it is much spamming. plz tell some other comment sysytem

  • There are plenty of anti-spam plugins that bloggers can use to try and prevent the posting of comment spam. These vary in effectiveness, and amount of administration involved in ensuring that genuine posts are not categorised as spam or vice versa.
    If you can prevent the majority of spammers from targeting your site in the first place, then you will reduce time spent on moderation and the chances of letting spam through.
    Spam Hammer 3-Series is a well-known high-value anti-spam cloud plugin, now available for WordPress blogs

  • Thanks for this post. We will implement your suggestions. Do these same tools also stop the flood of incoming “Feedback” in WordPress blogs? We have been receiving quite a bit of unwanted “Feedback” (with erroneous unrelated text and links, all from email accounts using *******@gmail.com and/or outlook.com addresses. Sure would be nice if there was a way when selecting them all in one swoop to delete- to also have all of the IP’s added to the blocked list automatically! Question: Are attempts to leave Spam Feedback the same as “Comments”? Any suggestions would be appreciated. Thanks.