How to stop comment spam in WordPress

A lot of new users of WordPress do not know how to stop comment spamming on WordPress (WP for short) blog posts. Here are some tips that you can apply in combinations also:

  1. Always have the latest WP version – use the update feature in your admin area.
  2. Activate the plugin named “Akismet” – this is a tool that comes included with your WP installation
    • Step 1: Activate the Akismet plugin
    • On your WordPress Dashboard, go to the Plugins menu. You already know that Akismet is installed by default.
    • Now it’s your turn: simply activate the plugin, so that it can work afterwards.
    • For the purposes of this tutorial, I’m assuming you’re not already using the anti-spam plugin, so I can walk you through the process.
    • Step 2: Choose your Akismet service package
    • After clicking on the blue “Set up your Akismet account” button, you will be taken to this page:
    • Here, Akismet offers you several possibilities:
    • Opt for its free offer (Personal), which provides spam protection for a site or a blog for personal use;
    • Benefit from even more advanced anti-spam options by subscribing to a paid plan (Plus, Enterprise or Enterprise Plus), available from $8.33 for a use on 1 site.
    • If you use your site for commercial purposes, you should normally subscribe to one of the paid plans.
    • Finally, you have to check 3 boxes stating that you are not using your site for commercial purposes, otherwise you will be asked to pay.
    • Finish by clicking on the blue button “Continue with personal subscription”
    • In order to verify the authenticity of your email, you must validate your account by entering a 6-digit code sent to your mailbox.
    • Be careful, mine ended up in the spam folder!
    • Step 3: Activate your API key
    • In order to make the plugin work, you must now activate the famous API key. You should have received it in your email box, too
    • Copy it and go back to your WordPress Dashboard, in the Akismet plugin settings.
    • Enter your API key in the dedicated field, then finish by clicking on “Connect with an API key”.
    • Step 4: Make Basic Settings
    • Congratulations! As Akismet indicates, your site is now protected from spam.
    • To complete the configuration, you can make adjustments at three levels:
    • Comments: if you check this box, the number of approved comments in front of each comment author will be displayed.
    • Strictness: by default, junk mail will be placed in the “Spam” folder so that you can check it before approving or deleting it. But you can go even further by choosing to delete directly the worst and most widespread spam.
    • Privacy: allows you to add a notification under the comment forms to “help your site with transparency under privacy laws like the GDPR”.
    • Remember to save your changes, and you’re good to go.
  3. Deactivate commenting for guests – Guests are the not logged-in website visitors. This option allows controlling guest commenting on your website. If this option is set “No”, only “Please login to comment” message will be displayed on comment form. Guests will not be able to comment, unless they decide to register, login and comment as authorized user.
  4. Use a WAF feature from a CDN service like Cloudflare to block bots and automated spammers scripts
  5. Use an Invisible reCAPTCHA (Aka No CAPTCHA) verification script for WP forms and comment area.
  6. Reduce the number of links allowed per post – Settings → Discussion to make this change. Look for the Comment Moderation section. Here you can decide how many links will be permitted in a comment before it is flagged for moderation. You can even reduce the number to zero if you want to require moderation for any comment with links.
  7. Create a list of ‘blacklisted’ words – Many spam comments contain a lot of recognizable keywords. This makes it easier to spot them and to stop them from appearing on your website. You can simply create a ‘blacklist’ of words, and your site will flag any comment containing one of them.To do this, return to Settings → Discussion in your WordPress dashboard and find the Comment Blacklist section. Here, you can enter your list of words. When any comment is posted that contains one of those words, it will be sent straight to the trash. Of course, it’s important to choose the words in your blacklist carefully, so you don’t delete comments by legitimate posters. For suggestions, you can check out the recommended comment blacklist for WordPress on GitHub.