Spam isn’t only a nuisance, but it also causes domains and websites to land on email blacklists, uses hosting server resources (disk space in your WordPress database and bandwidth), skews data that you have for your online businesses, and so on.
In addition to that, most of the spam process is entirely automated via coded so-called “spambots.” This means that the spambot automatically scrapes the web to find websites that allow them to submit spam posts, spam emails, and so on.
Most of these bots aren’t very sophisticated, but it’s enough for them to fill a name and email field and send the submission. There are also quite advanced bots that can fight anti-spam mechanisms such as Captcha, so we need to be aware at all times and keep up with the times.
WordPress has some essential anti-spam capability that we can take advantage of. Here are some out-of-box tips on how to reduce spam on your WordPress website.
Security tips
On your WordPress dashboard, head to Settings > Discussion and perform the following steps:
- Attempt to notify any blogs linked to from the post – Disable this option to stop your blog from reporting to other blogs about link backs.
- Allow link notifications from other blogs (pingbacks and trackbacks) on new posts – Disable this option as well. Pingbacks and trackbacks were essential in the old days for SEO but are no longer that relevant, and we recommend not using them as it helps to combat spam.
- Comment author must fill out name and email – Enable this option.
- Users must be registered and logged in to comment – Enable this option.
- Comment must be manually approved – Enable this option to remove spam comments that slip through other measures manually.
- Comment author must have a previously approved comment – Enable this option.
You can also consider closing comments automatically after a certain amount of days to further cut back on spam by using Automatically close comments on posts older than option.
Additionally, if you often see the same words in spam comments, you can use the Comment Blacklist field to ban those permanently:
Akismet
Next, let’s activate one of the anti-spam that comes installed with WordPress by default – Akismet (developed by the same company that owns WordPress). Head to Plugins > Installed Plugins, and click the Activate button under the Akismet plugin.
Click the Set up your Akismet account button:
You will be taken to the Akismet’s website, where you need to click the Set up your Akismet account button again.
Note that Akismet is free for personal use, but you’ll need to pay for the license if you want to use it on business sites and blogs.
Next, you’ll need to sign up for a free WordPress account. If you have one already, log in with your login details. If you’re unclear how these are connected, you can read more about it here.
Once you’re logged in, click the Get Personal button under Personal plan, move the slider on the right to $0, input your name and surname, and check all the boxes, then click on the Continue with personal subscription button.
On the next screen, click the Automatically save your Akismet API key button, and it will automatically configure on your website.
Excellent, we’re done!
reCAPTCHA
The last step is to configure reCAPTCHA protection on your website. We’re going to use Google’s reCAPTCHA as it’s the most advanced system currently available. Previously, reCAPTCHA required users to perform vision-based tasks to complete verification, but it that was cracked by spammers and it also annoyed most users. A new version of reCAPTCHA is called Invisible reCAPTCHA, and it uses AI to detect the difference between humans and bots.
On your WordPress dashboard, head to Plugins > Add New, input Invisible reCaptcha in the search field in the top-right search field, and click the Install now button:
Then, click the Activate button to activate the plugin.
Head to Settings > Invisible reCaptcha and under Settings section put in your Site and Secret keys.
Next, click the WordPress section, and enable all forms of protection:
If you use WooCommerce, UltraCommunity, BuddyPress, or custom contact forms – The Invisible reCaptcha plugin supports those as well, and you can configure protection for those in their own sections.
Conclusion
If you don’t plan to disable comments outright – comment spam is something you should take seriously. Taking care of the security of your website is essential for its performance and health. Removing spam comments and posts helps keep your database clear, improve visitor engagement, and boost your website performance.