We sell WordPress themes so naturally one question we repeatedly get from customers is…
What can I do about comment spam?
Automated spam is nothing new and since most WordPress sites allow commenting on at least blog posts, they become a target. Fortunately, there are simple measures that can be taken to keep this from becoming a massive problem. What follows is a three-fold approach that myself and others use to cut out nearly all spam with relatively little effort.
Go to Settings > Discussion and you’ll see all kinds of options WordPress has for cutting down on comment spam. What you see below are some default options that are very helpful, so I recommend sticking with them.
When Johnny posts a comment, you get an e-mail then decide to approve the comment for display on your post. When Johnny comments again, his comment will show immediately, because you already trust him. If you want something more strict, check the box always requiring approval. I have never known this to be necessary, however.
Automatic Spam Detection
It turns out the first part of this strategy was already setup for you. Still, there is a huge problem which is that you might see a dozen new comments held for moderation each day. And they’re all spam! That means you’ll be wasting time weeding through a bunch of junk in hope of maybe or maybe not finding a real comment. Not cool.
What you can do is install a plugin that automatically detects spam and flags it as such so that it’s never even presented to you for approval. These plugins consider different factors to determine whether or not each comment is spam. There’s little point in explaining how they do it, but I can say that they do it remarkably well, perhaps with 99% accuracy.
- Antispam Bee – This is my pick. It’s free and I find with default settings it works very well. Don’t mind the plugin page being in German. The plugin itself is in English.
- Akismet – This works well too but you need to sign up for service (free for personal use only) so it’s more of a hassle.
Good, Not Perfect
These plugins work very well, but they are not perfect. I want to warn you that sometimes they will let a spam comment through. That’s not a big problem though, since you’re requiring moderation. Just keep your eyes peeled for comments linking to shady prescription drug websites or that sound like they were written by a drunkard (spam bots often sound like that when they try to speak).
The bigger problem is when a legitimate comment is automatically flagged as spam. It will never be presented to you for approval. What I do is go to Comments in my WordPress admin area then quickly browse through those marked as spam every now and then, just to make sure no real comments got the hatchet. If I find one, I approve it then delete the whole archive of spam comments so that it’s easier to scan through the next time.
Disable Comments on Old Posts
Another strategy for reducing spam is to have WordPress automatically turn commenting off on a post after a specified number of days. Spammers can’t comment when commenting is disabled, right? Legitimate comments usually come in shortly after publication but spammers tend to start hitting a post after some time. Automatically disabling comments after a number of days can reduce the amount of spam you have to deal with.
Go to Settings > Discussion and look for Automatically close comments on articles older than and try a value of 90 days or less.
You might have a contact form on your site that gets spam. There’s help for that too.
If you’re using a contact form plugin, see if it has an option to enable CAPTCHA or see if there is a plugin that will add a CAPTCHA box (for example, the Contact Form 7 reCAPTCHA Extension). What I’m talking about is that annoying little box of garbled letters that takes five tries to enter correctly. Yes, they’re often difficult for humans to use and so that’s why they’re effective against bot attacks.
Frankly, I don’t like this approach. It makes things hard for the user and that’s not good for your endeavor.
Akismet Will Work
This morning I ran across an article explaining how to leverage Akismet’s service with your contact form. Read Akismet & Your WordPress Contact Forms for details.
I don’t do this myself because…
Best to Do Nothing?
Most email service providers have built-in spam filtering. I use Gmail and its ability to detect spam is phenomenal. I rarely see spam in my inbox and rarely see real emails in my spam folder. Its just works. I don’t use CAPTCHA or anything like Akismet for my contact forms. I just let Gmail take care of it.
My view is that it is better to just let that contact form spam roll right yet. If you’re email provider takes care of some of it, that’s great. In any case, I think it’s very important not to risk losing contact form messages (especially if you’re running a business) by being too aggressive with spam. It’s better to get all the messages and deal with a little spam than to get no spam and lose a few real messages.
Spam stinks. But you don’t have to suffer. Take a few measures now and it’ll make your life easier every day after.
Do you have any tips for preventing spam? I did little research in preparing this guide. This information is mostly just from my own experience so I’ll bet there are some great ideas out there that were not mentioned. Please share what works for you.