10 Ways to Stop Spam on Your WordPress Website for Good

Spam on WordPress sites is a painful yet very common fact that every blogger or content producer has to deal with. Spam on WordPress websites affects its look-and-feel as well as affects its SEO.

Spammers on WordPress usually target to write about their business, products and post their sites’ links to gain the link juice or SEO traffic to their site.

Although blocking spam on WordPress sites completely might not be possible yet you can try a few remedies to control it up to 95%. There are various plugins you can use as an anti-spam strategy to tighten your spam defenses. But they are not always effective.

However, there are some useful and tried tips and techniques that help in minimizing spam on WordPress sites with very little effort.

In this article, we’ll discuss what are various types of spam on WordPress and why it happens. Then we’ll show you easy ways to stop this spam on your WordPress site.

What is spam on the WordPress site and why does it happen?

Spam is passing irrelevant or unsolicited content over the internet for the purposes of advertising, phishing, spreading malware, etc. If you are managing a WordPress site probably you would have dealt with this a lot.

A typical WordPress site offers various ways for its readers to provide input in the form of feedback, questions, and Guest-Posting. There can be other ways too to collect the information from a reader or end-user but these are the most common ones.

Spammers usually take advantage of these options and use them to post spam links, malicious links, or advertisement links.

Moving forward in this article I will explain 7 ways I tried to minimize or block spam on WordPress site.

How to stop spam on your WordPress website (10 simple solutions)

1. Register with Google’s reCAPTCHA

Google reCAPTCHA has been a proven tool to block spams that are generated through programs using APIs.

There are spammers who write code using public APIs to target and post comments and Gues-Posts on your WordPress site. All they have to do is prepare the list of target sites and content they want to spam and in one go they can spam 100s of websites.

I was receiving around 20-30 Guest-Articles from various IPs but once I enabled reCAPTCHA on my site this number has been reduced to 1-2 per day with genuine content. 

reCAPTCHA is an interface that tests about the robot or human and then only let’s submit the form of Comment or Guest-Post.

Look at the below stats which clearly show the enormous amount of spam attempts being blocked by reCAPTCHA.

2. Enable comment moderation to stop comment spam

Undoubtedly WordPress is the best CMS and it is getting improved after each release. It offers an inbuilt feature of comment moderation to curb spam on WordPress.

If you have the time and resources to spare, comment moderation can be a smart strategy to tackle the issue of spam on WordPress. 

In order to enable comment moderation you can simply go to settings then discussion, and check out the Before a comment appears section:

In addition to that, you can also enable a few options like Comment Author must fill our all details before submitting it. This also helps in stopping Comment spam on WordPress.

3. List out blacklisted words (Disallowed Comment Keys)

If your WordPress site is being targeted by spammers from particular fields or you are aware of the recognizable keywords that is used in spam comments then this step will be helpful for you.

Again you can navigate to Settings then Discussion, and go to “Disallow comment keys”. 

Here you can list down all the keywords that are not related to your site or your field. If anyone tries to spam with these keywords then his/her comment will land in the trash folder.

For example, if you are writing in Computer Programming then words like Politics, Medicine, Click link, etc. can be irrelevant and you may list them in this box to stop spammers.

4. Disallow links in any input form-

The goal of most spammers is to gain the link juice or in lament terms bring users to their own website without spending money on advertisements like Facebook Advertisement or Google Advertisement.

Well, you can stop them right there by disallowing any comment or guest post with a link. There are many WordPress plugins to remove links from user input that can be used for this purpose.

For example, Comment Link remove plugin is quite popular to remove links from any comment. Once you install and activate this plugin the website link option will not appear on the comment section. This will be enough to demotivate a spammer from posting an unnecessary comment on your article.

5. Try the new comments system (like Disqus)

Some third-party comment systems, like Disqus, can help eliminate most of the spam for you. Disqus is very smart at detecting spam, no need for additional plugins for comment spam protection. Not just spam protection but in many ways, Disqus is much better than traditional comment system.

Another option is to use Facebook comments on your site. That can also help you in spam protection.

6. Use anti Spam plugin

There are many plugins to prevent spam from WordPress site which is capable of doing the job. CleanTalk Spam Protection plugin is one of the best plugins to prevent spam on WordPress sites.

Using its spam firewall, CleanTalk’s plugin work behind the scenes to protect your site from spammers by blocking spam entry from all possible gates, including comments and login, contact, guest post form, and WooCommerce forms.

CAPTCHA is a good way to stop spammers but sometimes it can be irritating for your site visitors especially if you are running your site to sell some product.

The best part of the CleanTalk Anti Spam plugin is that it doesn’t use CAPTCHA, so there are no irritating questions, puzzles, or math for your visitors to solve.

7. Changing form validation approaches

I have tried this approach to stop spammers from posting irrelevant guest-article on my blog. Let me explain how it works.

Spammers use API calls to push their spam content and links. If you mark some field required for posting an article then the normal user can fill that value and submit it.

However, in the case of API calls, it will fail because of the required field error. The spammer will have to change their code and logic to post articles on your site. This will be enough to demotivate them from spamming your site.

Keeping more fields required to submit comments, guest-post or contact forms usually deter unnecessary posts from a normal users who intend to visit your site just to spam.

8. Allow only registered users to Comment or Post on your site

Just like the previous technique where we enabled complex form validations to discourage users from spamming there is one more way to prevent spam on WordPress sites and that is Allowing only registered users to post, comment on your WordPress site.

In order to enable this, you need to follow two steps- 

Step 1 – Enable User Registration on WordPress Site

Navigate to Settings then General from your WordPress dashboard, then go to Membership section, and check the box next to “Anyone can register” (Shown below screenshot)

Step 2 – Restrict comment option to only registered users

In order to prevent users from commenting on your WordPress site until they are logged in you should do the following easy setup change.

Navigate to Settings, then the Discussion section in WordPress which will be available under Other comment settings. Then check the checkbox, “User must be registered and logged in to comment”

9. Prevent comment with any link

You must be aware that the primary purpose of spammers is to post advertising links or malicious links. If you prevent them to post any comment with a link then mostly they will refrain from spamming your WordPress site.

There is a very powerful way that doesn’t require any plugin and can be done in a few easy steps. All you need to do is to enable the comment hold option if it contains any link.

Navigate to Settings, then Discussion to make this change. Look for the Comment Moderation section and just fill 1 or 2 as the threshold limit to stop comment from getting published if it contains 1 or 2 links.

10. IP Blocking

Blocking an IP address from accessing your website is an effective way to deal with spammers, unwanted visitors, comment spam, email spam, hacking attempts, and DDOS (denial of service) attacks.

If you have already tried the above 9 suggestions and are still not able to get rid of spammers then IP blocking can be the ultimate and effective way to get rid of spam on the WordPress site.

In order to block IPs from spamming your comment box, you need to follow 2 steps-

Step 1 – Find the IP of the spammer

Navigate to your WordPress Dashboard and click on Comments. Check for the spam comments and note down the IP address of the person.

Step 2 – Blacklist the IP address

Head over to Settings, then the Discussion page and scroll down to the ‘Comment Blacklist’ text box. Put all the IP addresses each in one row and click save.

Final Thoughts

As a WordPress user, I am aware of the damage that spammers can cause to the site. On the one hand, spam comments can quickly clutter up your site, while on other hand handling spam guest posts and contacts can be tiring, and filtering up all that spam from the genuine contents can be challenging.

This means you should strongly consider putting a little upfront effort into developing a strong anti-spam strategy. I use a mix of all the 10 techniques to keep my site clean from spammers.

Just to summarize, in order to stop spam on WordPress site, you can set up a comment moderation system, reduce the number of links allowed per post, create a list of ‘blacklisted’ words, restrict IP address if spammers are putting malware to your WordPress site.