Security And Anti-spam Plugins For WordPress

June 15th, 2009
WordPress Plugins, WordPress Security

I did a post for a Antivirus plugin for WordPress, several users commenting about different plugins that improve the security of WordPress, so I decided to sum up some of the plugins that provide security and comment spam protection for WordPress blogs.

Anti-spam WordPress Plugins

Akismet – One of the best plugins to protect your WordPress blogs against spam comments, this plugin has worked like a charm for many users, saving then time and effort while moderating and managing comments.

WP-SpamFree Anti-Spam – An extremely powerful WordPress anti-spam plugin that eliminates blog comment spam, including trackback and pingback spam. Includes spam-free contact form feature as well.

WP-Hashcash – WP Hashcash is an antispam plugin that eradicates comment spam on WordPress blogs. It works because your visitors must use obfuscated JavaScript to submit a proof-of-work that indicates they opened your website in a web browser, not a robot.

WP reCAPTCHA – reCAPTCHA is an anti-spam method originating from Carnegie Mellon University which uses CAPTCHAs in a genius way. Instead of randomly generating characters, reCAPTCHA uses a combination of these words from digitalized books and  further distorts them to construct a CAPTCHA image.

Math Comment Spam Protection – Probably the most simplest way to thwart spammers robots from posting comments on your blog, it adds a new field to the comment form asking users to enter a sum of two numbers, you will have to edit your contact template to include the comment spam field to it.

Security Related WordPress Plugins

WP Security Scan – Scans your WordPress installation for security vulnerabilities and suggests corrective actions. It allows you to generate strong passwords, check improper file permissions, database security, version hiding, admin panel protection and more.

WordPress Exploit Scanner – This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.

AskApache Password Protect – You can set up Password Protection for your blog using HTTP Basic Authentication, or you can choose to use the more secure HTTP Digest Authentication.

TTC WordPress Security Tool – This plugin blocks cross-site script attempts, ip numbers of ill behaved people and bots and bans bad user agents.

Secure WordPress – Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.

WordPress Firewall – This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks.

Did I miss anything out? Do you use any plugins for optimizing security and protecting against spam comments? Do share them with others by commenting here.




  1. Ricardo says:

    wordpress gets “scarier” instead of simpler, where’s the simplicity? firewall? anti virus? bahhhhhhhh

    • gestroud (7 comments.) says:

      I don’t know that I’d say that WordPress is getting “scarier.” I’d say the rising amount of attacks against all types of web sites – including WordPress sites – are “scarier.”

      Hackers aren’t a simplistic group of people. Their attacks are becoming a lot more sophisticated and a lot more frequent.

      I’m thankful that these are plugins available. Better safe than sorry.

  2. Jeff (27 comments.) says:

    Raven’s Antispam by Peter “Kahi” Kahoun has done a great job of reducing bot spam for me. For folks with javascript enabled, it’s invisible, otherwise they have a simple captcha-type question.

  3. Samuel (3 comments.) says:

    I’m using NoSpamNX for stopping spambots on many sites and works pretty well.

  4. André (1 comments.) says:

    Hi all,

    I use “AntispamBee” and “AntiVirus for WP” by Sergej Müller: and

    They work fine!

    Best regards from Germany,

  5. Ipstenu says:

    How can you leave Bad-Behavior off the list? stops the bots from being able to get to your site, let alone post. Quite possibly my favorite tool, as it kicked my spam down to 1 a month.

    • bubazoo (213 comments.) says:

      I have to agree with the bad behavior thing. bad behavior, along with akismet, has kept me spam free for the last 3-4 years now.
      In fact, I would say bad behavior probably gets rid of all my spam before it even gets to askimet, because I haven’t had to moderate my comments for years. thankfully, because I hate having to moderate comments, takes up too much dang time, I don’t want to spend all day on my blog after all. lol

  6. [Blocked by CFC] George Serradinho (2 comments.) says:

    At this stage, I’m only using Askimet for my site. I have to admit that I get around 10 spam cooments a week and thats still ok for me. I’m trying to keep my plugins to a minimal, so installing another plugin will not be for me.

  7. Peter van der Does (1 comments.) says:

    AVH First Defense Against Spam:
    The AVH First Defense Against Spam plugin gives you the ability to block spammers before any content is served.
    Spammers are identified by checking if the visitors IP exists in a database served by or by a local blacklist.
    It also has a mechanism to stop spammers who post comments by accessing wp-comment-post.php directly.

  8. Ryan v. (1 comments.) says:

    Anti-spam tools are an absolute must for any site running an open comment system. There’s been times where I’ve logged into my wordpress site only to spend an hour deleting comment after comment of pure spam.

    Anyways great list thanks much!

  9. Simon Wilby (2 comments.) says:

    Nice to know that there are many plugins to choose from instead of only one. With this growing numbers of plugins, users can choose what is best and what suits their needs.

  10. Anelly (3 comments.) says:

    Akismet – it’s doing a great job because considering the amount of spam i receive daily i could never face it.

  11. Webdev (11 comments.) says:

    Thanks! Akismet is great. Back in time, I also used SpamKarma 2 against spams. It worked well, but the plugin is no more supported :| However, there is a GPL verion on Google Code.

  12. Jörn (1 comments.) says:

    Well Math Comment Spam Protection does not seem to work poperly anymore. Since a couple of days I have a daily average of 30 spamcomments getting through. They are eaten by Spam Karma 2, but still this is a little annoying.

  13. Lee (Tarheel Rambler) (2 comments.) says:

    I agree that Bad Behavior has done more to eliminate spam from my blog than many of the tools I’ve tried. I still use Akismet, but Bad Behavior has all but eliminated spam posts.

  14. Jaydip Parikh (2 comments.) says:

    Hey ! This is really cool list and I had install few plugins at my blog.

  15. Kirk M (67 comments.) says:

    Hi Keith,

    Great list, thanks! I did notice that both the title and link for “WP-SpamFree Antispam” is missing the initial “WP” that comes before the dash. The current link only takes you to the WP plugins directory’s main page. You might want to correct that.

    Just letting you know.

    • Kirk M (67 comments.) says:

      For some reason the ‘wp’ didn’t come out on my previous comment. No idea why.

      • Kirk M (67 comments.) says:


        Title should be:

        WP-SpamFree Antispam

        And the link is missing the wp before the dash. Third time’s a charm?

        (Since when is wp surrounded by quotation marks considered code?)

  16. Frank says:

    You forgot WP-Mollom! See

  17. roblogger (2 comments.) says:

    look at another one – – seen on my friends on twitter.

  18. roblogger (2 comments.) says:

    sorry, i did not see that you wrote a post about this plugin.

  19. bubazoo (213 comments.) says:

    For awhile, I thought about requiring users to login via facebook, using that facebook connect plugin, because most people who read and comment on my blog, all have facebook accounts anyway…..but then I thought, well, maybe I’ll get a new user who still wants to comment…

    I do know that nobody, I mean nobody, signe up for a WP account on individual sites anymore. so that facebook connect plugin was heaven sent for me anyway. Just about anyone I know about (or care about lol) has a facebook account, so doing that would probably elimiate the need for all this spam stuff, if I decided to go that route for sure.

  20. Tal Galili (13 comments.) says:

    Another plugin that you didn’t mention that might be worth a look:

    And also the website:
    Can come in handy.

    P.s: I just got my website hacked so had to start searching for these, thank you for your post!


  21. Michael Torbert (8 comments.) says:

    Thanks for the mention Keith!

  22. Tech Digit (1 comments.) says:

    Well I am totally newbie person in WordPress but finally I found some cool plugins which is really help me to make my new blog very good now. I want to make it better and I found really good tips here.

    I also heard that Akismet sometimes create problems and flagged spam to short comments. If you clear the idea then I would be happy for you.

    I also want to know what plugins you are using to show ” Visited 4155 times, 9 so far today ”

    Please answer me, I will be happy if you reply me on my mail id.

  23. Viktoria says:

    Well I’m using a new spam filter called SpamTask, I haven’t had any spam so far.

    <a hrefSpamTask


  1. keithdsouza (Keith Dsouza) (4 comments.) says:

    Security And Anti-spam Plugins For WordPress

  2. blognews (blognews) (104 comments.) says:

    [planet wordpress]: Weblog Tools Collection: Security And Anti-spam Plugins For WordPress: I ..

  3. WordPressYes (WordPress Yes!) (94 comments.) says:

    Security And Anti-spam Plugins For WordPress: I did a post for a Antivirus plugin for WordPress, several users c..

  4. JamieLeSouef (Jamie Le Souef) (3 comments.) says:

    Security And Anti-spam Plugins For WordPress

  5. atsmith (Adam Smith) (1 comments.) says:

    Security And Anti-spam Plugins For WordPress (RT @JamieLeSouef)

  6. LiamBowers (Liam Bowers) (1 comments.) says:

    Security And Anti-spam Plugins For WordPress –

  7. ezyblogger (Roseli A. Bakar) (8 comments.) says:

    Security And Anti-spam Plugins For WordPress – #wp

  8. adefoor (Anthony Defoor) (1 comments.) says:

    Some useful plugins here: Security And Anti-spam Plugins For WordPress

  9. wpdimension (WP Dimension) (32 comments.) says:

    #wordpress: Security And Anti-spam Plugins For WordPress: I did a post for a Antivirus plugin for Wor..


  1. […] Look for possible security loopholes. Ideally, you should do this BEFORE you move your site to the new theme.  The best approach here is to combine manual and automatic checks. Manual checks include reading the theme source code, checking the site in different browsers, from different IP address, while logged in with different access levels, as well as logged out altogether, etc. Automatic checks are provided by a whole bunch of applications, including some security oriented WordPress plugins. […]

  2. […] Security And Anti-spam Plugins For WordPress […]

  3. […] Security and AntiSpam Plugins for WordPress […]

  4. […] The major concern which plays a factor in closing down comments is spam, since many users believe that spammers usually target. However, the spam plugins available today are very effective at curbing spam if not entirely stopping them. If you are interested in know about those plugins, you can visit an earlier post from me about Spam and Security plugins for WordPress. […]

Obviously Powered by WordPress. © 2003-2013

page counter