Comment spam is a fact of life on the web. If you have a site that allows comments, sooner or later, the spammers will find you. Mostly, these comments are just an annoyance but when allowed to remain on your site, they give readers the impression that you are not paying attention to your site and readers. Just imagine how it looks to a new reader to see a bunch of comments only to realize that every one of them is junk. In their minds, if you haven’t taken the time to remove the spam comments, there is no way you will be responding to real comments from real readers.
I doubt if there is any way to completely avoid spam comments, but here are some ideas to help:
1. Install a Comment Management System
WordPress is a great platform and is widely used. That is the good news. The bad news is that because it is so common, spammers have plenty of tools to fill your sites with spam comments. One popular approach to dealing with these comments is a comment management system.
Two popular options are Disqus and Livefyre. Both offer simple, full featured plugins that snap right into your WordPress site and take over the role of managing comments. I personally have Disqus on this site and Livefyre on my business site, just to get a better idea of the strengths and weaknesses of each. So far, they both do a great job at filtering out the spam.
To find out the best fit for you, I recommend heading to the sites you read often. Check out their commenting systems. Use Disqus, Livefyre, and any other comment management system you can find to see which one you prefer and start there. Chances are that if you like a particular system, your readers will as well.
2. Keeping out the spam bots
Spammers are persistent. Even if you have a comment management system in place and working great, they can still slip in through your WordPress comment page itself. They do this by using programs, or bots, to access your wp-comments-posts.php file, smack down some spam, and run away, leaving a mess. If this has happened to you, don’t despair, that is a problem you can fix.
To combat this particular form of comment spam, you need to access your htaccess file. It will be in the root directory of your server. You enter a little bit of code (you can find the code snippet on this page) and your server blocks access to the file that creates comments unless the traffic comes from your site. In other words, a bot will not be able to leave a spam comment without visiting your site and clicking on the comment link, something bots can’t do.
Keep in mind that editing your htaccess file would be classified as an intermediate or advanced technique. It’s not hard, but I would suggest you get familiar with some of the great information floating around. A quick Google search will turn up a ton of information to help you along the way
3. Blocking IP addresses
Bots are not your only problem; humans can produce their weight in spam comments quicker than you can blink. It is hard to imagine that hiring someone to create spam comments is worth the time and effort just to have those comments quickly deleted. The problem with combating a person creating spam comments is that the first two suggestions, installing a comment management system and blocking access to your wp-comments-posts.php file, often has limited benefit. Remember, you want comments on your site and comment management systems are setup to allow people to comment while blocking bots.
If you find yourself on the business end of these human spam creating machines, one thing you can do is block their IP address. By blocking the IP address, you are effectively stopping that computer, server, etc from visiting your page at all. Most comment management systems will allow you to block comments by IP but I prefer to do the blocking in my htaccess file. This way, the blocked computers are prevented from even loading my site, eliminating the need for WordPress to load just to deny access.
The code required to block an IP address in your htaccess file is very simple:
order allow,deny deny from 18.104.22.168 deny from 012.34.5.98 allow from all
Again, if you are not comfortable with editing your htaccess file, get help and get more information. It is not hard to do, but as with anything, you can really mess stuff up even if you are not trying. Just change IP address in the lines beginning with deny from to the IP addresses you are blocking. Easy as pie.
As effective as this technique is, it can be very time consuming if you have a large volume of spam comments. Since most people that inhabit the web are in the same boat, a community effort of non-profit and for-profit companies and organization have published their own lists of IP addresses most likely to spam your site. Piggybacking on their effort, you can utilize their list to block the most up-to-date spammers possible. Check out this article on Tweaks.com for more information and several IP address block lists.
There you have it, 3 steps you can take to protect your blog from spam. If you want to read more about the subject directly from the horse’s mouth, check out Combating Comment Spam on WordPress.org for some great information including some last-resort actions.
If you have any techniques that have been working for you or if you are in the process of implementing any of these suggestions, please leave a comment and let everyone benefit from your experiences.
Are you looking for more ways to customize WordPress beyond these spam prevention steps? Check out this post on creating your own shortcodes, this post on installing and configuring Google Analytics, and this post to display your most popular posts.