Have Patience

Keep Your WordPress Secure Against Spam


At best, spam is a nuisance. At worst, it’s detrimental. We discuss how you can stop spam on WordPress with actionable tips.

The beauty of having a WordPress website is that anyone around the world can access your content. However, this can have its downsides too.

As much as you want to attract new customers through search engines and social sharing, it’s also possible another type of visitor could find your website as well: spammers.

A spammer is an individual or group who targets your website with malicious intent. Spammers do everything they can to gain access to your website login page or add comments to your posts.

Spammers can overwhelm your website if you are not prepared to deal with them. The good news is there are steps you can take to stop spam on WordPress.

There are WordPress plugins that are specifically designed to stop spam on WordPress. Another option is to use reCaptcha at login, to eliminate bots from accessing your login or registration pages.

Understanding Spam

It’s important to note that a lot of spammers are bots, which automatically add links and content to WordPress websites. These can include access to dangerous websites that can give you viruses. If you are not monitoring the comments section, it is easy for these comments to get posted, and quickly multiply.

Having lots of spam comments and bots on your web pages will decrease the quality of your website, and your content may even be excluded by search engines. After all, Google isn’t going to recommend content with links to malware or viruses.

So, how can we stop spam on WordPress?

Top Tips to Stop Spam on WordPress Websites

Here are some actionable ways that you can combat spammers and stop spam on WordPress.

Comment Moderation

Not all comments are made by spambots. Some of them are submitted by real people. Signs of comments written by human spammers are poor writing and links to nefarious-looking websites.

These types of comments are tough to stop, as humans can easily get through reCaptcha. These comments can affect your optimization and page rank, so it’s important to tackle them.

One simple way to stop this kind of spam on WordPress is by using comment moderation.

It’s as easy as going into your WordPress settings and turning on comment moderation. Enabling comment moderation means no comments are posted until an admin approves them. Each comment must be manually approved, which means spam comments can’t slip through the net.

If you receive more comments than you have the time to moderate, you can enlist the help of a plugin. Plugins that deal with spam comments take the manual work out of comment moderation. They can also block suspicious requests to access your website and let the admins create blacklists for spam users that make multiple attempts.

Email Blacklists

In addition to content moderation, there is also the option to create email blacklists.

You can create lists of individual email addresses or entire email domains. This will block anyone with these emails from signing up or commenting on your WordPress website.

An email blacklist plugin is a great way to keep spammers out of your site.

Recaptcha Verification

Recaptcha is a technology that allows websites to distinguish between bots and humans.

CAPTCHA stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart (thank goodness for acronyms!). Most people will have seen reCAPTCHA online as a small box with a checkbox, next to the words, “I am not a robot.” You may also have seen tests where you’re asked to identify a certain object – like stoplights or fire hydrants – and select all images that contain it.

Recaptcha tests are a great tool to stop spam on WordPress because bots can’t complete them. If a test is failed, each one is harder than the previous one. Recaptcha filters out bots to allow your WordPress to be spam-free.

Remove Website URLs and Disable Comments

Many comment forms include a URL field, which is an invitation to spammers to add malicious content links to comments. Not allowing URLs in your comments will easily eliminate this and make it more difficult for spammers to add their content.

Having media attachments like images are ideal for WordPress websites, but they are also an invitation to spammers.

When linking an image to an attachment page, these pages allow comments, so it’s important to disable the comments on media attachments in the WordPress settings.

In addition, it’s a good idea to disable any comments in HTML, so no spam links can be hidden in comments by users. This is also a setting that can be changed in the backend.

Also, it’s a good idea to set a minimum and a maximum comment length to stop spam on WordPress. That way, spammers can’t leave one-word comments like “Hi” or paragraphs of unreadable text.

Stop Spam in a Few Simple Steps

The steps outlined above are quick and simple ways to prevent the headache of spammers taking over your comment sections (or the whole of your WordPress website!). Spam is not only annoying, but it can also really affect your search rankings, so it’s important to stay on top of it.

Comment moderation means that comments marked as spam are not shown on your WordPress website. These spam comments are deleted in bulk in the backend of your website, and it’s also possible to recover any good comments that were mistakenly marked as spam.

Aside from the tools WordPress provides, an anti-spam plugin can be an excellent investment to rid your website of spam, and there are many different kinds out there.

There are WordPress plugins that focus solely on comment spam, and others that ensure spam bots aren’t getting through your login process.

Spam can be a big issue for WordPress websites, so it’s always a good idea to choose an anti-spam plugin that works for you.