Combating WordPress comment spam is an ongoing process and can be done with (a) the help of plugins or (b) with a little bit of tweaking the discussion settings in WordPress. In this tutorial, we focus on both methods. The 2 factors you should consider while deciding your next anti-spam plugin should be:
- Amount of traffic
- Number of comments
If both the numbers are on the lower end (for example, when you’re starting off a blog), you can go for technique (b), i.e. tweaking WordPress settings to manually prevent spam. It’s quite interesting to see just how much WordPress has to offer.
In part (a), i.e. preventing spam using WordPress antispam plugins, we first take a look at the important features an antispam plugin should have. Then we dive into the plugin list.
Disclaimer: WPExplorer is an affiliate for one or more products listed below. If you click a link and complete a purchase we could make a commission.
Essential Features of a WordPress Antispam Plugin
There is lots you could look for in an antispam plugin, but there are a handful of key features that you really must consider. Let’s take a look!
Zero Client Side Actions
Client side actions, other than writing the comment, should be kept as low as possible – ideally zero. Your plugin should not ask your genuine commentator to check/uncheck a checkbox or type in an unintelligible captcha image. Entering captcha for comments significantly hampers the user experience and should be avoided.
Minimal WordPress Database Impact
Nip it at the bud
A good anti-spam plugin should not allow the spam comment to be entered into the WordPress database. As a result, the number of SQL transactions decrease, which means lower server load, i.e. improved performance – even during peak traffic hours. This risk here though, is if the antispam algorithm goes wrong, a genuine comment can be lost forever (oops).
Block New User Registration Spam
The WordPress registration page allows users to register on your website. The registration process is pretty straight forward and can be easily automated by bots.
Why Do We Need To Stop It? Once registered, a user can post as many comments as he pleases, without being filtered. This is the normal Discussion setting in a new installation of WordPress. Therefore, you can either change the default settings, or use a plugin like WP-SpamShield that blocks new user registration spam.
Trackback Validation
Trackback Validation consists of a filter that compares the client IP address of the incoming trackback against the IP address of the server. If both of them don’t match, then it is spam.
Statistics
Statistics help in tracking and analysis of data. The plugin should provide weekly or monthly statistics of detected spam.
Cost
As with many plugins, some are free and some are paid. Some of the plugins, including Antispam Bee & WP-SpamShield Anti-Spam, are free. Other solutions, such as Akismet and CloudTalk, are paid options for commercial and business websites.
List of the Best WordPress Antispam Plugins
While there are plenty of ways to prevent spam, these free anit-spam plugins are a great place to start.
1. Akismet
The number one WordPress antispam plugin in the repository, developed by the Automattic team – Akismet brings enterprise level spam protection to your WordPress site. With Akismet, the user installs and activates plugin using an API key (signup required). Plugin works by uploading all incoming comments to the Akismet server. Comments then undergo hundreds* of antispam algorithms (* we really don’t know the exact number). Correct comments are published, while the rest are thrashed to the spam queue.
Notes:
- Akismet is free for non-profit and personal use (up to 50,000 monthly spam checks)
- Commercial licenses start at $5/month
- Compatible with top WordPress plugins such as Jetpack and Contact Form 7
- View every comment’s status history to see which were spammed by a moderator, or put in the spam folder automatically
2. Stop WP Comment Spam by Fullworks
Clean up your comments section with the Stop WP Comment Spam plugin. It’s a quick, easy and free way to keep spam from taking over your posts. With the plugin installed, you can automatically prevent spam and hold flagged comments for review in the “spam” tab (where you can manually review and approve or delete comments). Or you can enable a setting to automatically delete all spam – either immediately, or after being held for a set number of days.
Notes:
- Automated spam filters
- Option to delete or hold for reviews
- Works well with other WordPress security plugins
And you can upgrade to Stop Spam Pro for added features such as: human spam recognition and machine learning, form protection, fake WordPress & WooCommerce user registration prevention, spam statistics and more.
3. Anti-Spam Bee
The next best choice after Akismet would be Anti-Spam Bee. This free plugin is full of great features, and doesn’t require registration like Akismet does. Anti-Spam Bee is free for personal and commercial use, so no matter your website you can be spam free.
Notes:
- Block comments from specific IP addresses, countries or with different language
- Logs spammers using Fail2Ban
- Clear WordPress database of spam after a specified number of days (spam purging)
- Displays monthly statistics on the dashboard with spam numbers
Advanced anti-spam configuration measures of Anti-Spam Bee
4. WP-SpamShield Anti-Spam
WP-SpamShield Anti-Spam handles comment spam, registration spam, trackback spam and contact form spam. That’s a lot of spam! The plugin does not allow spam to enter the WordPress database using a multitude of methods, one being an advanced comment logging and blacklisting features which helps block persistent spammers. And with WP-SpamShield Anti-Spam you can also block comments for visitors using a proxy server
2 Layers Of Protection:
- The JavaScript/Cookies Anti-spam Layer which blocks all automated spam bots
- The Algorithmic Anti-spam Layer contains 100+ algorithmic filters to block human and trackback spam
Plugin Compatibility:
- Comment form plugins like Contact Form 7, Gravity Forms, Ninja Forms, and JetPack
- Social plugins like BuddyPress and bbPress
- E-commerce plugins like WooCommerce
- Membership plugins like s2Member and WP-Members
5. WordPress Zero Spam
Based on a concept by Mozilla developer David Walsh, the WordPress Zero Spam Plugin uses server and client side JavaScript key validation to prevent bots from spamming. Essentially, users cannot comment without JavaScript enabled.
Notes:
- No external services/servers required for anti-spam checking
- Does not guard against human spammers
- Free for both personal and commercial use
6. CleanTalk
CleanTalk is a premium cloud-based antispam plugin for WordPress which blocks spam comments, spam bot signups and trackbacks. With CleanTalk, comments are uploaded to CleanTalks’ cloud servers wherein it undergoes multiple validation checks. These checks include – comment submitted too quickly, JavaScript disabled, blacklisted HTTP links and many more. Valid comments are then allowed, while the rest are sent to the spam queue.
Anti-spam settings for CleanTalk
Notes:
- CleanTalk offers a 14 day free trial, after which a commercial license costs $8/year for a single website
- Advanced statistics displaying spam block/moderation
- Spam comment log which shows the reason for blocking comments
Spam blocking statistics
Plugin Compatibility:
- Comment form plugins like Formidable Forms, Contact Form 7, Fast Secure Contact, and JetPack
- Social plugins like BuddyPress and bbPress
- E-commerce plugins like WooCommerce
- Membership plugins like s2Member and WP-Members
- Cache plugins like W3 Total Cache and WP Super cache
7. Growmap Anti Spambot Plugin
Growmap Anit Spambot (GASP) is another free plugin option, which adds a client-side generated checkbox to the comment box asking users to confirm that they are not a spammer. You can set the maximum amount of comments a user can have to help limit spammers trying to post to your site. So GASP essentially stops spam bots by adding dynamically generated named fields to comment form.
8. GoodBye Captcha
GoodBy Captcha eliminates spam-bot signups, spam comments and brute force attacks by preventing the spam comments from entering the WordPress database. The plugin applies antispam measures in signup pages as well as login and password reset pages to stop spam before it starts.
Plugin Compatibility:
- Comment form plugins like PlanSo Forms, JetPack, Postmatic, Epoch and MailChimp for WordPress
- Membership plugins like Ultimate Member
- Login plugins like WP User Control and Login With Ajax
9. WangGuard
WangGuard is a WordPress MU, BuddyPress and bbPress compatible anitspam plugin. It follows Akismet and CleanTalk procedure by checking comments for spam on external servers. The API connection is even encrypted with SSL for added security.
10. Spam Destroyer
Spam Destroyer was designed to be as unobtrusive to your readers as possible. This lightweight plugin stop automated spam without putting off your commentors, and is something you might consider for a small blog or low traffic website.
11. Stop Spam Comments
Stop Spam Comments is a simple JavaScript-based spam comment blocker for WordPress. Just activate this nearly invisible plugin to start stopping spam dead in its tracks. The nice part about this plugin is that it doesn’t add captchas, questions or other interactions for users to stumble over.
12. Stop Spammers Spam Prevention
Stop Spammers Spam Prevention helps to prevent comment spam, as well as limits login attempts. The plugin utilizes over 20 different checks for spam and malicious events to detect spam. When the plugin flags a comment or login attempt, users are allowed a second attempt via a denied request page. Here users are presented with a captcha screen in order to prevent them from being blocked. The Captcha can range from OpenCaptcha, Google reCaptcha, or SolveMedia Captcha.
How to Leverage WordPress Discussion Settings to Prevent Spam
The settings for controlling comments in WordPress is available under Settings > Discussions. Please note that this is the manual method of preventing/combating spam and is usually the most effective when you have a few comments every day. However, if you have over 1000 daily comments, it is more feasible to use an antispam plugin.
Let’s discuss certain ways to use these default WordPress settings to prevent spam. We will discuss one section at a time.
1. Default Article Settings
Screenshot of the recommended Default Article Settings
Simply disable trackbacks and pingbacks to save yourself from half the spam traffic. Only allow people to post comments on new articles.
2. Other Comment Settings
Screenshot of the recommended Other Comment Settings
It is almost always necessary for the comment author to enter his name/email before commenting. WordPress enables this by default. If you require users to log in before leaving comments then this will cut down on a significant amount of spam This step might be a turn off for few legit readers who want to leave a comment but don’t want to sign in. Therefore you must carefully analyze before enabling this feature.
You should disable comments on posts older than 90 days in a fairly active blog. However, if you keep updating articles, make sure to change the published date so that the 90 days boundary doesn’t overlap. Keep Threaded comments to the default or increase it if required.
3. E-mail Me Whenever
Screenshot of the recommended E-mail Me Whenever Settings
You can use this feature if you don’t get thousands of comments on your posts. You will get email notifications for every comment that pops up and you can mark it spam right away cutting down on a section of spam comments.
4. Before a Comment Appears
Screenshot of the recommended Before a Comment Appears Settings
Allowing readers who have previously left a comment, to leave a comment again without requiring any approval, will help you cut down the legit comments in the moderation queue. You’ll only have to focus on the remainder of users, mostly of which will be spam.
5. Comment Moderation
Screenshot of the recommended Comment Moderation Settings
I suggest you use a value of 2. This ideally allows guest bloggers to leave at most one outgoing link (link bait) in their comment. Building an effective comment moderation blacklist is a very time-consuming process, with equally beneficial payoffs. However, you can leverage this setting as an effective profanity filter. Simply add the profane words to the list and all such comments will be added to the moderation queue.
7. Comment Blacklist
Screenshot of the recommended Comment Blacklist Settings
Comment Blacklist is stricter version of the Comment Moderation Blacklist, where if a comment contains a blacklisted word, it is sent to the spam queue, instead of the moderation queue. The benefit – saves your time.
Conclusion
We covered a lot in this post, and hopefully you’ll find some of it useful in your spam blocking efforts. What’s your favourite way of combating spam? Do you know of an awesome antispam plugin we haven’t listed? Let us know in the comments section below!
Keep reading the article at WPExplorer. The article was originally written by Sourav on 2019-12-17 17:04:21.
The article was hand-picked and curated for you by the Editorial Team of WP Archives.