Skip to main content
            WordPress made easy with the drag & drop Total WordPress Theme!Learn More

            How to Prevent Spam and Protect Your WordPress Blog

            Last updated on:
            How to Prevent Spam and Protect Your WordPress Blog

            Your comments section gives you a convenient way to engage with your website’s readers. Unfortunately, opening your website up to comments means you will have to deal with spam.?Unless you are the type of blogger who doesn’t solicit feedback via comments and trackbacks/pingbacks, you will have to deal with it at some point or another.

            But the question is, how? As spam bots (and human spammers) become more sophisticated, it is more and more difficult to keep your blog clean of irrelevant and inappropriate content.

            Luckily, WordPress comes with built-in features and free add-ons to help control and combat spam, including?Akismet and comment blacklists. Even better, there are many third-party plugins available to provide additional spam protection.

            In this post we will take an in-depth look at the issue of spam on WordPress blogs, the negative impact it can have on your site if left unchecked?and how it can be managed and prevented. We’ll also take a look at the tools available in WordPress to combat this problem. Finally, we’ll finish up with some plugin recommendations to take your spam moderation to the next level. Let’s dive in!

            What WordPress Comment Spam Is

            Screenshot of spam comments

            Automated spam comments like these can overrun your WordPress database.

            It can be exhilarating when new comments show up on your blog. However, that first blush of excitement often disappears when you see inappropriate replies to your content. These replies, of course, are also known as spam.?The dictionary simply defines it as “irrelevant or inappropriate messages sent on the Internet to a large number of users“. Sounds about right to me.

            Blog spam is born of the same family as the oh so familiar email spam, but has its own unique aim – to get backlinks. Whether it is via a blog comment, trackback or pingback, the purpose of blog spam is to publish a link on your site that points back to another site. The site in question is typically irrelevant to your niche and often poor quality.

            These unsolicited messages is a fact of life if you allow commenting on your posts. Fortunately, identifying it is relatively simple, since it usually takes one of three primary forms.

            1. Spambots

            These are comments are posted automatically using a script or bot that scour the web in search of targets to flood with comment junk. There is no direct human involvement in these comments, and they are usually pretty easy for the human eye to spot. Spambots are probably the biggest culprits of irrelevant comments.

            2. Manual Comments

            This is when humans are hired to manually post comments on sites. The quality of these comments can vary from blatantly obvious to debatable, which of course offers up a big headache for anyone trying to eradicate spam from their site. These will almost always include links in the comments, and can be a bit sneakier than bots (we’ve seen comments with questionable links added to blank spaces in the comment text).

            3. Trackbacks & Pingbacks

            As defined by Google, a trackback is “one of three types of linkback methods for website authors to request notification when somebody links to one of their documents”. For our purposes you can assume pingbacks to be essentially the same thing. You will have probably seen trackbacks before. They exist as a list of links, typically within or below the comments section on a blog post. For a spammers’ purposes, the objective is simple – mention a blog post in their own post and get a link back.

            Each of these spam types is problematic, and you’ll often receive more than just one category. Together, they can clog up your comments section and cause all kinds of issues.

            How Comment Spam Affects Your WordPress Site

            Trackback spam

            Spammers use trackbacks to create links back to irrelevant sites.

            You may consider spam to be nothing more than an annoyance. However, if left unchecked, it can have negative consequences for your website. In addition to providing a poor user experience for your readers, comment spam can harm your site in many ways, causing:

            • Loss of search engine rankings. Google targets bad links on your site for ranking purposes, even in the comments.
            • Potential risks to your readers. The links in spam comments can lead to malicious sites.
            • Site speed and load time issues. Too many comments can overload your WordPress database and slow down your site.

            Every blog that enables commenting is vulnerable to spam. Having a plan of action for reducing and combating it is the only way to protect your site and your readers.

            How to Combat WordPress Comment Spam

            While comment spam is unavoidable, there is good news. You can combat this blight by moderating your comments and utilizing WordPress’ built-in tools.

            First, make sure that you have turned on comment moderation. Doing so enables you to approve any comment before it posts to your site. If you don’t have time to review every single comment, you can set parameters based on several factors. For example, you can:

            Don’t forget the biggest weapon in your default arsenal: plugins. There are tons of great free and open source plugins you can add to your WordPress installation to check comments and filter out anything that looks like spam.

            The Best Anti-Spam Plugins to Reduce Comment Spam on Your WordPress Site

            One of the best things about using WordPress is how easy it is to customize. When it comes to blog comments, you can use plugins shore up your security. Here are three plugins to help you take control of your comment spam.

            1. Akismet

            Akismet plugin

            How could we not mention Akismet? This plugin comes installed by default on WordPress blogs, and is free to use for personal bloggers (with a commercial monthly subscription set at $5 per month, and enterprise solutions available at $50 per month).

            In using a “catch-all” spam solution like Akismet, you have to accept that some legitimate comments may get flagged as spam. It’s simply a cost of blogging and using an automated spam blocker. The issue is mainly stems from human spammers. One person’s spam is another person’s?legitimate?comment, so if humans can’t agree 100% of the time, what chance does a plugin have?

            However, for most part, Akismet does a great job. It keeps an enormous amount of spam at bay on my blog, with only the occasional legitimate comment being caught out. Furthermore, it takes care of trackback spam too – a huge bonus.

            Key Features:

            • Blocks comment and trackback spam.
            • Automatically checks all comments.
            • Comment history so you can check which comments were blocked by the plugin or by moderators.
            • Includes a “Discard” settings to auto-block the worst spam.

            Price: Akismet?is a free plugin, and may already be installed on your blog.

            Get Akismet

            2. WP-SpamShield

            WP-Spamshield plugin

            This plugin uses the ‘honey pot’ technique to trap bots invisibly. Humans won’t see captchas, but bots will, and they will then be trapped as spam. WP-SpamShield acts as a firewall to block both automated and targeted spam. Since it blocks these comments before they reach your database, you never have to worry about them slowing down your site.

            Key Features:

            • Blocks trackback and pingback spam.
            • Prevents spam at the front of the site, so it never hits the WordPress database.
            • Works with all major form builder tools.

            Price:?WP-SpamShield is a free plugin.

            Get WP-SpamShield

            3. Anti-spam

            Anti-spam plugin

            Anti-spam uses invisible captchas to block all spambots from your comments. The pro version also blocks manually submitted spam. While this plugin does a great job of stopping unwanted comments, however, it doesn’t protect other types of forms on your site. This means you might want to use this plugin with something else to get extra form protection. However, it’s still an excellent lightweight option.

            Looking for more protection options? Anti-Spam Pro includes added settings for manual spam protection so you can further?by automatically preventing comments that rank high on a spam points scale (with more than a set number of links, words or flagged spam words).

            Key Features:

            • Blocks trackbacks by default.
            • Prevents automatic spam from ever getting to your WordPress database.
            • Pro version blocks manual spam.

            Price:?Anti-Spam is free, and the?pro version available for $25.

            Get Anti-Spam by Webvitaly

            4. WPBruiser

            WPBruiser plugin

            WPBruiser promises to work from the second you install it. This plugin combines brute force attack protection with comment spam blocking. You can use it to protect all of your forms, and your readers will never have to use a captcha. Overall, it’s a comprehensive and user-friendly option.

            Key Features:

            • Includes brute force attack protection.
            • Enables you to block malicious IP addresses.
            • Is compatible with WordPress Multisite.
            • Offers extensions that work with all major form tools.

            Price:?WPBruiser is a free plugin with optional extensions.

            Get WPBruiser

            5. Hide Trackbacks

            This last plugin is very straightforward as it simply does what the title states – hides trackbacks. While you can disable trackbacks completely, there is value in simply hiding them if you want to keep track of who is linking to you. This plugin removes trackbacks from your front end but still allows you to see them on your WordPress dashboard.

            Price:?Hide Trackbacks is completely free.

            Get Hide Trackbacks


            Comment spam is a simple fact of life on the internet, unless you plan to disable comments altogether. Safeguarding your site against inappropriate comments is crucial for its overall health and performance. By removing spam comments, you can keep your database clear, maintain a solid user experience, and improve engagement.

            Do you have any questions about how to manage spam on your WordPress site? Or tips to add to the list? Let us know in the comments section below!

            Article by Tom Ewer author
            Subscribe to the Newsletter

            Get our latest news, tutorials, guides, tips & deals delivered to your inbox.


            1. Bar?? ünver

              I used the “Cookies for Comments” plugin for a few years and never be bothered by spam in that time frame. (Then I switched to Disqus for an unrelated reason.) It comes with a different approach which doesn’t bother legitimate commenters at all: It doesn’t have anything to add to the comment form, it just checks if the visitor has the cookie it set when the page was loaded. You should check that out, too.

              • AJ Clarke | WPExplorer

                Oh yes, this is definitely a great option. For this specific post we wanted to target users who are taking advantage of the built-in comments functionality. For me personally I like having all the comments in my dashboard and the content on the site (for SEO). I’d be scared to see years worth of comments disappear if Disqus for some reason goes away.

                But yes, it’s definitely a good option for some, as well as Facebook comments ??

                • Bar?? ünver

                  I actually tried to praise the Cookies for Comments plugin ??

                  As for Disqus; when I migrated to Disqus, I could also migrate all my existing comments into my Disqus account with the help of its official WP plugin. The plugin also synchronizes new comments made on Disqus with WordPress’ native comments database, so you can continue using the regular WordPress Comments system with no casualties when you don’t want to use Disqus anymore.

                  • AJ Clarke | WPExplorer

                    Oh wow, I really had no idea it would synchronize with the navive WP comments ?? That’s pretty freaking cool. Thanks for sharing that info!

            2. Bucur

              veri nice this post,solutions presentend are excellent…

              • AJ Clarke | WPExplorer

                Thank’s for stopping by Bucur ?? I like the changes you’ve made to the Pytheas theme on your site!

            3. Ben

              Great Article! I have used WP-reCAPTCHA and it stops some but not all. I’ll give the others a try and see how they work. Love the new articles. ??

              • Tom Ewer

                Glad you like the post Ben ??

            4. Luis Alejandre

              Thank you very much Tom for this post. I was beginnig to get a lot of spam in the comments for my new site. I′ve already installed the Growmap plugin and I believe it will save me a lot of trouble!

              • Tom Ewer

                No problem Luis ??

            5. Paul

              I use Disqus which uses Akismet on the Disqus servers not mine so all the spam posts are stored on there system. This means my server doesn’t get filled with loads of comments in the spam folder.

              • Tom Ewer

                Hi Paul,

                I tried Livefyre once but just didn’t get along with it. I like being able to moderate and edit comments from within my WordPress backend, and I also like the minimalist design of the standard comments system.



            6. Madiha

              nice post plz share tips to secure disk data

            7. Nico Puno

              Hey there, Paul! It would have been nice if you included some examples of spam comments as there are others who couldn’t easily identify what a spam comment looks like. But it’s really safer to just use an anti-spam. Haha. Anyway, thanks for sharing this post! Such a great help!

            Leave a Reply

            Your email address will not be published. Required fields are marked *

            Learn how your comment data is processed by viewing our privacy policy here.