Preventing WordPress Comment Spam: When Automated Tools Don’t Help

wordpress comment spamThe comments section of a WordPress blog is very important because it gives readers an area to express their opinions and ask for more information, and it gives the website owner the space to interact. Basically, the comments section is a place where the site owner can communicate and that lets readers know what they have to say is valued and they are being listened to.

But spammers can abuse the comments section, which can contaminate the purity of the interaction between site owner and reader. For instance, individuals may express their opinions about a post, then all of a sudden or a bot-generated advertisement (or a human being with ulterior motives) shows up in the comments. This is irritating to the readers, yes, but doubly so for developers or site managers who have to sit and weed out the spam, piece by piece.

While there are automated tools such as Akismet, they are most effective at preventing bot-generated spam. However, it’s the spam that’s submitted by people that becomes more difficult to manage.

Automated tools are designed to recognize spam bots and block them. When it sees comments left by actual people, the automated tools don’t make the connection that the comments may be spam. This goes for Akismet and for plugins that you may use to block spam. These automated tools don’t understand what comments say, so they just don’t know any better. This means that, in addition to plugins that are designed to combat spam as much as possible, you’ll need to take some other manual measures to prevent spam that’s not generated by bots.

Spam Blocking Tasks You Can Do 

There are several manual spam blocking tasks you can perform to eliminate as much spam as possible. Creating a checklist is a good idea so as to ensure you do these tasks every time you build a WordPress website.

Close Comments on Older Posts

In order for a spammers’ links to work in their favor, the links they leave have to promote something that’s relevant to the content on the page on which the link is placed. If your post is exactly what they are looking for, they are going to leave that link. Fortunately, you can set your comments to closed on older posts after a certain number of days (via Settings > Discussion in the WordPress dashboard). This closes the window they have to make such posts, reducing the odds of a spam comment being left. This also shrinks the amount of cleanup you need to do to monitor for spam comments.

For example: You set comments to close after 10 days. When a spammer does a Google search and comes across the page a month later, he can no longer leave a spammy comment. Typically, 10 to 14 days is enough time for individuals to leave comments on a new post, as the topic becomes old news after about a week to 10 days.

Prevent Comments with Links

Close-up of large rusty chain links

The second way to manually prevent spam is through a setting that disallows comments with one or more links in the body of the comment (again, via Settings > Discussion). Since spammers often leave comments containing links, this can be very useful.

What you can do in your comment moderation is hold comments in the queue if there is a specific number of links. You can specify the number of links the comment has to have before it is held in the queue. The default is set at two, but you can change it to one and that will place a comment with a single link in the queue for review.

URL Field Removal 

In order for a person to leave a reply, there is a form that asks them for their name, email, URL, and for the comment they wish to make. This form shows up if they haven’t logged in through WordPress or a social network. If you go to Appearance > Editor> Theme Functions, you can add a special code to your functions.php file. You’ll add the code as follows in the first 5 lines:

  1. add_filter('comment_form_default_fields', 'unset_url_field');
  2.  
  3. function unset_url_field($fields){
  4.  
  5. if(isset($fields['url']))
  6.  
  7. unset($fields['url']);
  8.  
  9. return $fields;
  10.  
  11. }
add_filter('comment_form_default_fields', 'unset_url_field');

function unset_url_field($fields){

if(isset($fields['url']))

unset($fields['url']);

return $fields;

}

Adding this code will take the URL field completely out of the form so the person leaving the comment can’t leave their link. This will prevent them from spamming in most cases. There are those individuals who will still try to bypass anything that you do by writing out the URL, such as: www (dot) ABCsite (dot) com. The good news is they tend to be few and far in between.

Require User Registration

Although it’s not completely foolproof, the fourth way to manually combat spam is to require user registration before commenting. That way, you know who the commenting parties are and can block them if you need to.

Registration also ensures that the people commenting are legitimate WordPress users instead of someone coming from anywhere through a Google search and leaving a random piece of spam in your comments section. While not 100% foolproof, it can deter many spammers from leaving junk comments in your comments section.

Useful Spam Blocking Plugins

After implementing some manual spam proofing, you can integrate some plugins into your site to help you fight it a little more. Here are some of our recommended plugins.

SpamLord

spam-lord-plugin

This plugin eliminates automated spam comments and trackback spam. However, the main type of spam that this combats is the bot generated. It more or less has the same functionality of Akismet, but can be a good backup if you find spam to be a significant problem for your sites (yep — combining antispam plugins can be effective).

AlphaOmega Captcha & Anti-Spam Filter

alphaomega-spam-filter

This plugins uses Captchas that are visually appealing and enhance the security of WordPress posts and pages. Again, this is a plugin that eliminates bot-generated spam, but people can still pass the Captchas and post their spam.

WP Anti Spam

This plugin is, perhaps, one of the most advanced in that it may be able to identify IPs, names, URLs, and comments that have been declared spam. So if an individual posts spam all over WordPress, WP Anti Spam may be able to identify that person’s information and block all future comments.

Conclusion

The fact is that you may not be able to block 100% of spam. You may be able to block 95% of it, but there will always be that comment that sneaks its way through. This is especially true when it’s not your typical, everyday spam, such as someone spelling out the URL or something like that.

However, just because you may not be able to prevent all spam doesn’t mean that you can’t prevent most of it. Making the effort to put stricter prevention methods in place is well worth it so you can keep the comments section of your site as pure as possible. Keeping it clean will enhance the user experience and save you a great deal of time when sifting through the comments later on.

How do you prevent manual comment spam? What methods have you found to be the most helpful at blocking those pesky spammers? Have you had luck with the automated tools that are available or do you find yourself needing to do quite a bit of manual weed whacking? Feel free to let us know in the comments below!

Image sources: EEPaulHoria Varlan

ManageWP
Are You Spending Valuable Time Managing Your WordPress Websites?

Over 70,000 users depend on ManageWP to save them time and trouble by managing all of their sites from one central location.

15 Comments

Join The Discussion

15 Comments

  1. I tried adding the code you suggested to remove the URL field and messed something up…now I'm getting this error: "add_filter('comment_form_default_fields', 'unset_url_field'); function unset_url_field($fields){ if(isset($fields['url'])) unset($fields['url']); return $fields; }
    Warning: Cannot modify header information – headers already sent by (output started at /home3/luxuryr/public_html/wp-content/themes/wp-ellie_basic/functions.php:7) in /home3/luxuryr/public_html/wp-content/plugins/permalink_redirect-2.0.4/ylsy_permalink_redirect.php on line 422"

    I've been trying to revert to the original code but keep getting this error. Any suggestions?

  2. I enjoyed your article. it's nice and mean, thank you for comment

  3. Hi
    As a newbie to the blogging world, it is interesting to hear of your issues. I would love to have lots of followers! I’ve had a little Spam commenting, but Akismet is pretty good for the level I get. Keep on blogging!

  4. Jose says:

    Hey there!

    Loved the URL removal trick, hadn't though of that. Just did it though, successfully, and will see how spam goes. So far, I decided to remove DISQUS because I want logged in bbpress forum users to be able to use their forum account to comment. But without DISQUS, been getting about 7-10 spam comments a day.

    I took off URL and also wiped links down to 1.

    Thank you!

    Jose

    • Tom says:

      You're Welcome! I hope it goes well for you.

      • Jose says:

        Just as a follow up:

        Removing the URL field has had no effect at all in removing spam…it has actually probably increased (don't know how). I also reduced links allowed to zero.

        Damn spammers!

        It was worth a shot…thanks for the tip.

        Jose

  5. So far I am still satisfied just using Akismet. But some of the points above, I think should also be considered.

  6. richard says:

    Thanks – some great advice on blocking comment spam here!

    I've been using Akismet alongside the "Cookies for Comments" plug-in and have found the two to be really effective for my blog.

  7. gkocis says:

    Hi, I use Disqus for comments. However I still get spam comments in the wordpress comment system. I don't know how, as the wordpress comment system isn't displayed on my sites. Any suggestion ?

  8. dj says:

    the url removal code given above doesn't work. Copy and paste – no joy!

Speak your mind