WordPress comment spam stoppage techniques

September 15th, 2004
General, Weblog Add-Ons

As a response to the many recent articles written about comment spam in blogs and their prevention methods, I thought it would be useful to list all of the existing methods available for WordPress (both in the core and as plugins and hacks) to prevent spammers from targeting your blog and succeeding. I would appreciate it if WordPress users would report their successes and failures with the various methods.

WordPress already has very robust comment spam prevention mechanisms built into the core. To prevent spam you could:

  1. Turn on comment approval, where every comment would have to be approved by an administrator before it is posted on your live blog
  2. Force the user to fill out their name and email before they are allowed to post a comment
  3. Force a comment to be moderated based on the number of links in the comment (links being a major part of most comment spam)
  4. Fill out the “common spam words” form to comments get moderated when matches are found between the spam words and anything in a comment, including the author URI, author name, author email and the body of the comment itself

All of the above mentioned features can be turned on or off (or modified) through the admin of your blog, without having to wade through any code or plugins.

Outside of the built-in comment spam prevention methods, numerous plugins, hacks and mods exist (and continue to be developed) to further reduce spam.

  1. WordPress Blacklist Comment SPAM Filteration System: MT style blacklist for your WordPress blog. The built in spam words do pretty much the same thing, so this might be obsolete.
  2. Kitten’s Spam Words: Robust scripts to delete comments as spam and automatically find keywords and IPs to add to your list of “common spam words”.
  3. RBL (RealTime BlackHole List) comment spam filter: Check against RBLs available over the web.
  4. Spammer Tar Pit: If you are getting flooded with comments from a single IP or, as in my case, by some person trying to hawk tramadol for cheap (eat your heart out spammer), this is the one for you

  5. CommentPay: Make your spammers pay you via Paypal to put up their Spam comments
  6. Comment Killer: Automatically delete spam (without putting into the moderation queue) from your blog without getting notified
  7. Turn up the minimum wait time between consecutive comment posts: I have mine set quite high.
  8. Google Link Redirector: Redirect all the links in your comments through Google so spammers cannot steal your pagerank.
  9. Stop Comments temporarily with one mouse click: Temporarily stop commenting on your blog with one click activation and deactivation
  10. Comment Email Approval: Much llike an opt-in whitelist, ask your commenters to verify through their email before letting them comment.
  11. Captcha Authimage: Read a non-machine-readable image and type in the contents before you can comment
  12. AutoShutOff comments: Automatically shut off comments for posts older than a certain number of days
  13. Optional timed comment moderation: It allows the blogger to set a time when they would like all entries to be automatically moderated. (Thanks Colin)
  14. Three Strikes Plugin: This plugin prevent comment spam from ever hitting your system and bugging you with requests to moderate comments. This uses a points system to determine spam (which can be tweaked) and is most effective when used with Kitten’s Spam Words plugin.
  15. CSPAM – Centralized Spam Prevention And Mitigation: A centralized system which involves a simple installation of a provided plugin and ZERO maintenance. Looking for alpha testers for this method.

I might be missing a couple of hacks/plugins/methods, so if you know of any more, please let us know about it. Also, if you like one better than the other, please let us know.




  1. Colin D. Devroe (2 comments.) says:

    I have one, me me me: :)

    It allows the blogger to set a time when they would like all entries to be automatically moderated.

  2. ian (1 comments.) says:

    I’ve got a couple of hacks that I use on my (low traffic) site that help out. One is to display a ‘Pending’ message whilst a comment is awaiting approval so the genuine submitter knows they don’t need to send it again, and the other means that something has to be put into each of the 3 fields as I was getting a lot of posts that were a mass of smiley faces with no real message in them.

    They’re not going to win awards, but if you’re collecting stuff then here you go !


  3. Geof (19 comments.) says:

    Mark: The default WP processes you note stop 99% of the spam that I get, honestly.

    FWIW, I’ve written up a short tutorial with screen caps to show how to kill a pile of trapped comment spam in WP 1.2.

  4. John Gray (1 comments.) says:

    Sent a trackback ping but it failed, so I’ll leave a comment. I’m wondering if using google bombs on popular spam words might be a fun and effective way to fight back.

  5. Tim McGuire (2 comments.) says:

    I haven’t tried this as I have yet only had a few comment spams, but what about renaming the HTML fields for comment, name, url, etc so that the spiders don’t know what key-value pairs should be in the request…. and adding more buttons so that the correct button to press for submit is obvious to visitors, but not obvious to a spider? If every wordpress blog had different request parameters for comments, that would be really tough to program a spider.

  6. Ayush (1 comments.) says:

    Try implementing:

  7. Mark (34 comments.) says:

    That has already been implemented.

  8. Lisa (1 comments.) says:

    Rename wp-comments-post.php and 2 other files to stop autobot spamming:

  9. Elliott Back (15 comments.) says:

    Here’s a modified version of Matt’s Stopgap plugin that moves the md5 computation to the client, preventing all automatic spam. It also makes the md5 vary by hour, by client, etc, so those bot networks will be unable to penetrate your precious comments.

  10. Nick (11 comments.) says:

    After getting a handle on my comment spam using Elliott’s plugin, now I’m getting hit by trackback spammers!! I was thinking about just creating a simple plugin that would send trackbacks and pingbacks automatically into moderation, since it doesn’t really matter to me if these do not show up on the blog right away like I want my comments to. I was thinking that you might have an idea on how to fight these things, since you always come up with good plugins. Tonight I’ll try to whip up plugins to do what I mentioned though.

  11. Mark says:

    I am facing the same problem right now. I think there will have to be a plugin that pumps all trackback/pingback traffic through the comment posting functions. Let me know if you think of anything.

  12. oso (3 comments.) says:

    I’m getting completely trackback attacked and it’s ugly. Some help please.

  13. xunleashed (1 comments.) says:

    The best one I have seen so far is a heuristic approach. They scanned in comments and would flag any that failed to be verified. Only other way is to just dissable comments after a few days.

  14. Merkal (1 comments.) says:

    I was bombed by 25 spam commments. deleted them all and blocked the IP they came from.

  15. Nick says:

    where read about it in russian

  16. Alex Bogoslav (1 comments.) says:

    How can this:
    “Force the user to fill out their name and email before they are allowed to post a comment”
    help stop spammers???

  17. SEO (1 comments.) says:

    My main concern is that you can’t guarantee every page of your website will be included in the SERPs. Considering I’m constantly adding new products to my company’s website, I need to be sure that customers can find them as soon as possible.

  18. Dima (1 comments.) says:

    Hi, I propose my own made wordpress modification.

  19. Laura Rednose (1 comments.) says:

    Great stuff, thanks for the tips, these comment spam stoppage techniques will really help me with my new funny stuff blog.

  20. Teddy (1 comments.) says:

    Unfortunately, a lot of people respond unthinkingly and unwittingly, becoming their own trolls. I have spent hours agonizing over how to respond to a few comments in my time, wanting to keep things level and fair and host free speech and opinions, but sometimes censorship wins, something I struggle with all the time. Luckily, WordPress allows me to put comments into moderation until I decide, giving me the time I need to battle out my inner debate.

  21. Doug (1 comments.) says:

    I just rolled out this free spam blocker, it eliminates all the problems of people having to read a captcha and all you gotta do is upload and activate. Check out the post I made on it, http://amazingwordpressthemes......m-blocker/

  22. Matthias (2 comments.) says:

    I’ve made my own spam stopping plugin. In fact it’s a WordPress client for Mollom, a new anti spam service founded by Dries Buytaert of Drupal, to WordPress.

    Download: is a new spam deterring service. It blocks spam effectively. As a plus, false positives are reduced to virtually 0. The site admin doesn’t need to retrieve valid comments back from spam hell, as a bonus.

    How does it do that?

    When in doubt, Mollom will rather present a safe CAPTCHA to the commenter. As long as the CAPTCHA isn’t solved, the comment will never be saved.

    Aside, Mollom is an intelligent self-teaching service. It will learn from it’s mistakes and the comments that it checks. Making it better as it’s being used more and more.

    More information on their site: Mollom


  1. […] @ 11:10 pm

    For my reference later, Weblog Tools Collection has a post describing comment spam fighting techniques available for W […]

  2. […] ön. OJR article: Bloggers Declare War on Comment Spam, but Can They Win? (via Photomatt) Weblog Tools Collection » WordPress comment sp […]

  3. […] chon die Core Version bereithält um den bösen Spam abzuwehren beschreibt ein guter (engl.) Artikel der Weblog Tools Collect […]

  4. […] could try Skippy’s Email Comment Auth plugin, or one of the other techniques listed here. Tags: programming blogging wordpr […]

  5. […] r: Things That Are Cool Tips & Tricks — Pierre @ 10:10 pm Thanks to a few comment spam countermeasures som […]

  6. […] logging needs, you can read about the various methods to stop spam in an excellent article here. […]

  7. […] mments. Luckily I have moderation turned on. But still, what a pain! Luckily, there are lots of ways to manage this problem if you are r […]

  8. […] revention writeup. Includes some stuff such as .htaccess and PHP methods besides the stuff I have listed already. […]

  9. […] rs), WordPress has some pretty decent anti-spam features built in and there are some handy wordpress comment spam prevention tips around to […]

  10. […] rs), WordPress has some pretty decent anti-spam features built in and there are some handy wordpress comment spam prevention tips around to […]

  11. […] 13 [WP] 垃圾留言不要來 類別 WP 速記 — hsuyo @ 10:23 pm WordPress comment spam stoppage tech […]

  12. […] ent Children characters to use in web designs. Release another trailer, SqueEnix!! Also,

  13. Spamattack
    Usch, jag drabbades av min första (och säkert inte sista, men man kan ju alltid hoppas!) spamattack igår. Har känt mig ganska förskonad från blogspam innan. Tidigare har jag fått några enstaka spamkommentarer, kanske 4-5 stycken totalt sedan starten vi…

  14. Metacosm says:

    Comment spam
    I just got hit by a bout of comment spam so I took several measures to remedy to this:

    Increased the interval between consecutive comments from the default 10 seconds to 90 seconds by editing wp-comment-post.php (see “More comment flood” at Weblo…

  15. Técnicas para evitar el spam en WordPress
    En Weblog Tools Collection nos dan una serie de consejos útiles sobre cómo evitar (o al menos minimizar) el molesto…

  16. says:

    Comments Spam
    I’ve been getting a lot of comments spam in the past few days trying to improve the pagerank of some online pharmacy. Firewall rules haven’t been that effective, since these appear to be sent by robots running on zombied machines across a number of …

  17. Comments Restored!
    Thanks to a few comment spam countermeasures some clever bloggers devised, I was able to turn comments back on. I’m going to try it without moderation to start, but we’ll see how things go.

  18. Three Strikes TarPit
    I was hit by a wave of spam today. On Raena’s recommendation, I had Kitten’s Spam Words running, so the spam wasn’t visible on the blog, but I still had to log in and delete it all from the moderation queue.

    Pain in the arse.

    So I went looking…

  19. Comment spam
    I discovered this morning that I had now rejoined the unhappy victims of comment spam. I started deleting all these online-gambling and casino crap by hand, but I soon discovered that it was not a satisfactory long-term solution. So I sacrificated my c…

  20. […] WeblogToolsCollection – WordPress comment spam stoppage techniques […]

  21. […] WeblogToolsCollection – WordPress comment spam stoppage techniques […]

Obviously Powered by WordPress. © 2003-2013

page counter