Combating WordPress comment spam is an ongoing process and can be done with (a) the help of plugins or (b) with a little bit of tweaking the discussion settings in WordPress. In this tutorial, we focus on both methods. The 2 factors you should consider while deciding your next anti-spam plugin should be:
Amount of traffic
Number of comments
If both the numbers are on the lower end (for example, when you’re starting off a blog), you can go for technique (b), i.e. tweaking WordPress settings to manually prevent spam. It’s quite interesting to see just how much WordPress has to offer.
In part (a), i.e. preventing spam using WordPress antispam plugins, we first take a look at the important features an antispam plugin should have. Then we dive into the plugin list.
Disclaimer: WPExplorer is an affiliate for one or more products listed below. If you click a link and complete a purchase we could make a commission.
Essential Features of a WordPress Antispam Plugin
There is lots you could look for in an antispam WordPress plugin, but there are a handful of key features that you really must consider. Let’s take a look!
Zero Client Side Actions
Client side actions, other than writing the comment, should be kept as low as possible – ideally zero. Your plugin should not ask your genuine commentator to check/uncheck a checkbox or type in an unintelligible captcha image. Entering captcha for comments significantly hampers the user experience and should be avoided.
Minimal WordPress Database Impact
Nip it at the bud
A good anti-spam plugin should not allow the spam comment to be entered into the WordPress database. As a result, the number of SQL transactions decrease, which means lower server load, i.e. improved performance – even during peak traffic hours. This risk here though, is if the antispam algorithm goes wrong, a genuine comment can be lost forever (oops).
Block New User Registration Spam
The WordPress registration page allows users to register on your website. The registration process is pretty straight forward and can be easily automated by bots.
Why Do We Need To Stop It? Once registered, a user can post as many comments as he pleases, without being filtered. This is the normal Discussion setting in a new installation of WordPress. Therefore, you can either change the default settings, or use a plugin that blocks new user registration spam.
Trackback Validation consists of a filter that compares the client IP address of the incoming trackback against the IP address of the server. If both of them don’t match, then it is spam.
Statistics help in tracking and analysis of data. The plugin should provide weekly or monthly statistics of detected spam.
As with many plugins, some are free and some are paid. Some of the plugins, such as Antispam Bee, are completely free. Other solutions, such as Akismet and CloudTalk, are paid options for commercial and business websites.
The number one WordPress antispam plugin in the repository, developed by the Automattic team – Akismet brings enterprise level spam protection to your WordPress site. Admittedly, our list wouldn’t be complete if we didn’t mention Akismet, the defacto anti-spam plugin for WordPress. With over 5 million active installs, Akismet is, without a doubt, the most popular WordPress anti-spam plugin around. It’s a superb solution to combat spam, especially comment spam.
Akismet anti-spam plugin comes pre-installed on every WordPress site you create. All you have to do is activate the plugin and connect to your Akismet account via an API key, a process that is as simple as A, B, C. Once connected, Akismet kicks in immediately, helping you to stop spam using complex algorithms and rules. Plugin works by uploading all incoming comments to the Akismet server. Comments then undergo hundreds* of antispam algorithms (* we really don’t know the exact number). Correct comments are published, while the rest are thrashed to the spam queue. You can even view every comment’s status history to see which were spammed by a moderator, or put in the spam folder automatically.
The plugin is free for personal websites and nonprofits ONLY (view license terms). You will need to pay at least $5 per month if you want to use Akismet on a commercial website. The premium plans come with extra features such as advanced stats and priority support, making it well worth the price.
2. Antispam Bee
The next best choice after Akismet would be Anti-Spam Bee. This free plugin is full of great features, and doesn’t require registration like Akismet does. Anti-Spam Bee is free for personal and commercial use, so no matter your website you can be spam free. Antispam Bee is the only solution you need to eliminate spam comments and trackbacks effectively.
Antispam Bee is straightforward to use. You can stop spammers quickly without requiring CAPTCHAS and without sending personal data to third-party services. The plugin is also GDPR compliant and ships with a ton of excellent features.
You can expect options such as the ability to trust approved commenters, validate IP addresses, block users from certain countries, delete spam comments directly, set admin notifications, log spammers using Fail2Ban, clear your WordPress database of spam after a specified number of days (spam purging), and the list goes on and on. Plus the plugin offers monthly spam stats in your dashboard.
3. Hide My WP
With over 27k happy buyers, Hide My WP is the no.1 selling WordPress security plugin on CodeCanyon. But don’t be deceived by the name – Hide My WP offers you full spam protection and more. It’s a premium set of tools that make your website invisible and invincible to hackers, theme detectors, and spammers (watch the video above).
Hide My WP does precisely that. It hides your entire site from the trashy guys. It protects whatever URL you want, including wp-login, and renames the wp-admin URL to confuse the bad guys even more. To keep you safe, Hide My WP detects and nips SQL Injection attacks in the bud, among other things.
Hide My WP has an excellent user rating and is compatible with BuddyPress, bbPress, and so much more. It’s the ultimate security and anti-spam plugin for your WordPress website.
4. Cleantalk Spam Protection
Cleantalk Spam Protection is a simple yet powerful cloud-based WordPress anti-spam plugin suitable for beginners as well as experienced users. It steers clear of feature bloat, offering you just what you need to stop spammers without bogging down your website. While they do offer a 14 day free trial, once it expires you will need to purchase the Cleantalk service for a very modest $8 per year.
Cleantalk Spam Protection is compatible with your favorite tools, including Contact Form 7, Ninja Forms, WPForms, MailChimp, Jetpack comments, BuddyPress, S2Member, Mailpoet, and so much more. It’s easy to use since it doesn’t come with CAPTCHA, puzzles, questions, math riddles et al.
5. Titan Antispam & Security
Titan Antispam & Security is more than just a WordPress anti-spam plugin; it’s a whole suite of security features. The plugin offers you a security scanner, firewalls, security audits, real-time IP blacklisting, malware scanner, and the ability to repair corrupt files.
But even with all these features, Titan Antispam & Security spots an easy-to-use and intuitive interface that makes spam blocking a breeze. The plugin was initially a simple spam blocker. However thanks to a recent mega update, the plugin morphed into a comprehensive WordPress security solution for all types of websites.
There are no annoying CAPTCHAs, and if you need more features, Titan Antispam & Security offers you a fabulous range of premium add-ons. It has over 200k active installs at the time of writing, meaning you’re in safe hands.
6. Spam Destroyer
Spam Destroyer was designed to be as unobtrusive to your readers as possible. This lightweight plugin stop automated spam without putting off your commenters, and is something you might consider for a small blog or low traffic website.
The best part about Spam Destroyer is probably its utter simplicity. I mean, the plugin works straight out of the box. Simply install Spam Destroyer and stop automated spam without touching a single setting. The plugin doesn’t add an item to your WordPress admin dashboard after activation. It works behind the scenes.
7. WP Armour
The WP Armour plugin is a honeypot. When talking about spam, a honeypot is a technique to add a special hidden field that normal site visitors cannot see. It’s a trap for bots if you will, because when a bot happens upon the field it will enter a value in the field (since that’s what it’s coded to do). This will then indicate that the submitter was not human and to mark the form submission as spam.
This plugin offers you a helpful tool to eliminate spam while hardening your WordPress site. Another notable feature includes compatibility with many top forms such as Contact Form 7, bbPress, Gravity Forms, Toolset, Elementor, Divi and more. Plus WP Armour is also GDPR complainant, so no need to worry about special cookie or tracking disclosures..
8. WordPress Zero Spam
I like the no-CAPTCHA approach that many anti-spam plugin developers are following nowadays. It saves your readers the agony of answering questions, filling out CAPTCHAs, and solving riddles, which streamlines the user experience. At the same time, it saves you the trouble of moderating spam comments, which eats time.
WordPress Zero Spam integrates seamlessly with the usual suspects, including Contact Form 7, Gravity Forms, Ninja Forms, BuddyPress, and WPForms, among others. What’s more? You can block spammy IP addresses from ever seeing your website.
9. Stop Spammers
As far as WordPress anti-spam plugins go, Stop Spammers is a renowned spam assassin. Ridiculously easy to configure and use, Stop Spammers offers you a lot of power to protect yourself from the spam demon. It works right out of the box, meaning you needn’t touch anything to annihilate spammers.
Stop Spammers Spam Prevention helps to prevent comment spam, as well as limits login attempts. The plugin ships with over 50 configuration options and utilizes over 20 different checks for spam and malicious events to detect spam. When the plugin flags a comment or login attempt, users are allowed a second attempt via a denied request page. Here users are presented with a captcha screen in order to prevent them from being blocked. The Captcha can range from OpenCaptcha, Google reCaptcha, or SolveMedia Captcha.
Now with a new, improved UI, you can easily combat spam comments, emails, registrations, spambots, and spammers. Whenever needed, you can run diagnostic tests and view spam activity with a click.
The team behind the Stop Spammers outdid themselves. You will enjoy the many free features, even if you can spring for the premium plan that offers you more robust and dynamic security for your WordPress site. Not a word more.
10. Captcha Plus
Captcha Plus is a simple premium anti-spam plugin for all types of WordPress sites. It’s especially useful if you want to block spam on your login, registration, password recovery, and comments forms.
Thanks to new updates and integrations, you can use Captcha Plus to stop spam on other types of forms, not just the above mentioned. The plugin allows you to add simple math calculations, invisible captcha, character recognition, and slide captchas to various forms without breaking a sweat.
11. Stop WP Comment Spam
Clean up your comments section with the Stop WP Comment Spam plugin. It’s a quick, easy and free way to keep spam from taking over your posts. With the plugin installed, you can automatically prevent spam and hold flagged comments for review in the “spam” tab (where you can manually review and approve or delete comments). Or you can enable a setting to automatically delete all spam – either immediately, or after being held for a set number of days.
Notable features include automated spam filters, option to delete or hold for reviews, and compatibility with other WordPress security plugins. You can upgrade to Stop Spam Pro for added features such as: human spam recognition and machine learning, form protection, fake WordPress & WooCommerce user registration prevention, spam statistics and more.
12. WP Bruiser
Though the free version has not been updated in a while, WPBruiser is still a solid WordPress anti-spam plugin. The plugin applies antispam measures in signup pages as well as login and password reset pages to stop spam before it starts. It’s quite powerful for being free, and thanks to a clean admin interface, you can adjust your settings easily.
WPBruiser is a brilliant WordPress anti-spam plugin that helps you to protect your contact forms, lost password forms, login forms, registration forms, and comments. It also comes with security features that allow you to block IP addresses and prevent bots from enumerating users through ‘/?author=N’ scans.
The plugin sends you notifications when brute force attacks are detected. Additionally, you get detailed spam reports so you can stay on top of things. Other than that, WPBruiser offers you many extensions such as Contact Form 7, WooCommerce, Gravity Forms, Ninja Forms, AffiliateWP, Easy Digital Downloads and so much more.
13. Disable Comments
Had enough with the comment spam and want to get rid of comments completely? No problem! This is the plugin for you! But joking aside, the Disable Comments plugin is a helpful tool to manage comments settings site-wide. It offers easy options to disable comments for posts, pages, media or other post types – and it even works great on multi-site. So whether you want to turn off comments for everything, or just on your staff post type, Disable Comments can help.
Bonus: WordPress Discussion Settings to Prevent Spam
The settings for controlling comments in WordPress is available under Settings > Discussion. Please note that this is the manual method of preventing/combating spam and is usually the most effective when you have a few comments every day. However, if you have over 1000 daily comments, it is more feasible to use an antispam plugin.
Let’s discuss certain ways to use these default WordPress settings to prevent spam. We will discuss one section at a time.
Default Article Settings
Simply disable trackbacks and pingbacks to save yourself from half the spam traffic. Only allow people to post comments on new articles.
Other Comment Settings
It is almost always necessary for the comment author to enter his name/email before commenting. WordPress enables this by default. If you require users to log in before leaving comments then this will cut down on a significant amount of spam This step might be a turn off for few legit readers who want to leave a comment but don’t want to sign in. Therefore you must carefully analyze before enabling this feature.
You should disable comments on posts older than 90 days in a fairly active blog. However, if you keep updating articles, make sure to change the published date so that the 90 days boundary doesn’t overlap. Keep Threaded comments to the default or increase it if required.
E-mail Me Whenever
You can use this feature if you don’t get thousands of comments on your posts. You will get email notifications for every comment that pops up and you can mark it spam right away cutting down on a section of spam comments.
Before a Comment Appears
Allowing readers who have previously left a comment, to leave a comment again without requiring any approval, will help you cut down the legit comments in the moderation queue. You’ll only have to focus on the remainder of users, mostly of which will be spam.
I suggest you use a value of 2. This ideally allows guest bloggers to leave at most one outgoing link (link bait) in their comment. Building an effective comment moderation blacklist is a very time-consuming process, with equally beneficial payoffs. However, you can leverage this setting as an effective profanity filter. Simply add the profane words to the list and all such comments will be added to the moderation queue.
Comment Blacklist is stricter version of the Comment Moderation Blacklist, where if a comment contains a blacklisted word, it is sent to the spam queue, instead of the moderation queue. The benefit – saves your time.
We covered a lot in this post, and hopefully you’ll find some of it useful in your spam blocking efforts. What’s your favourite way of combating spam? Do you know of an awesome antispam plugin we haven’t listed? Let us know in the comments section below!