How to Remove Spam from WordPress Comments

Spam is a big problem in internet that transforms a good source of information into a list of nonsense keywords. If you have spent some time in web, you must have encountered with spam. There is nothing more frustrating than seeing spam destroying your hard work and lowering the quality of your work. Comment Spam is the automatically added irrelevant comments posted by machines or bots. A spam comment may contain advertising or links to other websites. The more popular your blog becomes, the more chances it has to get spam comments. The main reason for spamming is SEO. The comment spammers create suspicious inbound links to their sites to improve their site’s search ranking. They are trying to get a better page rank and luring visitors to dubious and malicious sites. So how to remove spam from WordPress comments? This article shows various ways to stop comments spam in WordPress.

How to Remove Spam from WordPress Comments

1. Delete All Spam Comments

This is the first thing you can do. You need to correctly identify the spam comments before deleting it. When deleting a comment you can also report it as a spam.

2. Discussion Settings

A lot of useful comment settings can be done from discussion settings. Go to Dashboard >> Settings >> Discussion to reach discussion settings page. Some useful settings that can be done from discussion settings are as follows:

Disable Pingbacks and Trackbacks

Trackbacks and pingbacks are way to notify blogs that you have linked to them.

  • Pingbacks – Pingbacks are automatically created.
  • Trackbacks – Trackbacks are manual notifications. Pingbacks were created to automate trackback.

If your blog is popular, it is better to turn off the pingbacks and trackbacks since they are the target area of spammers.

How to Remove Spam from WordPress Comments

Uncheck the checkbox of allow link notification from other blogs (pingbacks and trackbacks) to disable trackbacks and pingbacks.

Turn off comments on old Posts

You can check the box next to the option ‘automatically close comments on article older than’ and enter the number of days you want comments to be displayed on a post.

How to Remove Spam from WordPress Comments

When the comments are older than the number of days you have defined here, the comments will be automatically removed.

Moderate all comments

How to Remove Spam from WordPress Comments

You can hold a comment for moderation if it contains 2 or more links and check the option Comment author must have a previously approved comment to make sure they are reliable human.

Comment Blacklist

How to Remove Spam from WordPress Comments

You can automatically trash any comment containing the words in the blacklist without any notification. You need to choose your blacklist words carefully to make sure real and valuable comments don’t get trapped.

Switch off Comments

If you don’t need comments on your WordPress site, or if comment moderation don’t work correctly, remember that you can always disable entire comment section in WordPress. Just uncheck the box next to ‘Allow people to post comments on new articles’.

How to Remove Spam from WordPress Comments

All of these settings in the discussion setting page can be overridden for each individual article.

3. Prevent spam with advanced theme functions and server settings

If you have some basic PHP knowledge, you can use the following powerful security mechanism to prevent comment spam:

Disable URLs in comments

To disable URLs in comments, you have to paste the following code in your functions.php file inside the PHP tag.

// Unlink urls in comment text
remove_filter('comment_text', 'make_clickable', 9);
//Remove the url field from your comment form
function remove_comment_fields($fields) {
    return $fields;

This makes all your comment’s URLs non clickable like normal text. When there is no anchor link, the keyword which spammers posted to your website are not targeted.

Deny comments with non-referrer request

The spam comment done by software, tools and bots do not have referrers. This code denies all the comment by bots without referrer. You need to paste these codes below into .htaccess file:

# Protect from spam bots
RewriteEngine On
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Replace “” with your blog URL. This code only blocks SPAM BOTS and not humans who manually try to spam

You can also perform the same action from function.php file without modifying .htaccess file.

//Block Referral URL exploit for Comments
function verify_comment_referer() {
    if (!wp_get_referer()) {
        wp_die( __('You cannot post comment at this time, may be you need to enable referrers in your browser.') );
add_action('check_comment_flood', 'verify_comment_referer');

Banning the Spammer’s IP Address

When someone comments, the IP address is attached in their comment. You can completely block an IP from even visiting your site by placing these simple lines of code to your root .htaccess

# block ip
order allow,deny
deny from
deny from
deny from
allow from all

The example above blocks 3 different IP addresses. Replace the above denied IP like with the IP you want to block.

Disable HTML in Comments

Disabling HTML in comments is a useful way to discourage links in comments and prevent your blog from comment spam. The easiest way to do this is by using Peter’s Literal Comments plugin. This plugin provides HTML filters to any comments submitted to your site.

You can also disable HTML in comments by opening your functions.php and adding the following code:

function plc_comment_post( $incoming_comment ) { 
    // convert everything in a comment to display literally
    $incoming_comment['comment_content'] = htmlspecialchars($incoming_comment['comment_content']);
    $incoming_comment['comment_content'] = str_replace( "'", ''', $incoming_comment['comment_content'] );  
    return( $incoming_comment );   
// This will occur before a comment is displayed   
 function plc_comment_display( $comment_to_display ) {
     // Put the single quotes back in   
 $comment_to_display = str_replace( ''', "'", $comment_to_display );   
  return $comment_to_display;
4. Use captcha to validate commenter as human

The captcha is a security plugin that adds a security captcha form into your site. It protects your website from spam using various techniques like math logic, character identification or image identification which are easily understood by human beings. Some good captcha plugins available on WordPress are as follows

  • Captcha: This plugin adds a captcha form into pages. This plugin gives protection by means of simple math logic, easily understandable by human beings. The premium version of this plugin, allows compatibility with BuddyPress and Contact Form 7.
  • KeyCAPTCHA: KeyCAPTCHA doesn’t require any text typing and contains social features. KeyCAPTCHA offers visitors to complete an easy interactive task. When the CAPTCHA is solved incorrectly, page refreshing doesn’t take place. This stops the user from filling in the form repeatedly.
  • Math Quiz: This plugin generates dynamic math problems that cannot be solved by spam robots. Uses AJAX for quiz form submission and style and position can be fully customized.
Also Read:   Show Author Box using Sexy Author Bio Plugin in WordPress
5. Automatic Spam Detection by anti spam plugins

There is large number of anti-spam plugins available in WordPress to filter out the spam comments from real comments. They automatically send spam comments to spam folder and gives excellent security. These plugins consider different factors to differentiate spam comments from non-spam comments.

  • Akismet: Akismet is a pre-installed plugin that comes along with wordpress. You just have to activate and enter Akismet API key to filter your spam comments.
  • AntiSpam Bee: Antispam Bee protects blogs from spam comments and trackbacks without captchas. This is a really good anti-spam plugin. It’s free, ad-free and follows European data privacy standards.
  • Growmap Anti Spambot: This plugin adds a client side generated checkbox. Commentators have to just click the checkbox to confirm that they are not a spammer. The checkbox is generated by client side JavaScript and is much simpler than captcha. It stops 99% of all automated spam bots.
  • Stop Spam Comments: It is a simple and light anti-spambot WordPress plugin. This plugin doesn’t use any captcha, tricky questions or any other user interaction. You just have to install and activate it and the plugi automatically starts blocking spam comments.
  • Cookies for Comments: Most spam bots are automated scripts. One of the characteristics of Spam bots is that they don’t download any images or stylesheets. Cookies for Comments recognize the valid users by checking if their browser downloads those files or not.
  • WP Spam Fighter This uses two mechanisms. The first mechanism checks the time stamps between the time of page loaded and comment posted to identify spam comments. The second mechanism adds a hidden form to your comments area which are visible only to bots. These spam bots are programmed in such a way that they fill out all fields in a form. Thus it identifies the spam bots from real visitors.
6. Removing Website URL Field from Comment Form

The URL field in the comment form attracts spammers (both automated and human). Removing the URL field from comment form will discourage these kinds of activities on your website. You can use plugins like Disable / Hide Comment URL  to perform this action.

7. Third party comment platform

Third party comment platform provides better comment platform with better functionality. The best thing about Third party comment platform is it literally prevents 95% of the spam. Disqus, LiveFyre and IntenseDebate are few examples of third party comment platform that replace your built-in blog comment system with their specialized commenting service. Facebook and Google+ also provide advanced and secure comment systems since these companies have enough resources to stop spam completely.

With all these methods you can successfully protect your blog from any kind of comment spam.

Promote your site without comment spam

Spamming comments is definitely not the right method to increase your sites visibility in the search result. You can follow all the right way and still manage to get higher page rank for your site. If your site offers what people are looking for by giving visitors quality contents and useful information, you can be recognized by web community as a reliable source. Google has also given some useful guides in Search Engine Optimization Starter Guide which will help your site become search engine friendly.


The following two tabs change content below.

Kantiman Bajracharya

Kantiman Bajracharya is a freelance web developer. He is a computer geek who has a Bachelor’s degree in Computer Engineering. He has earned lots of satisfied customers while working for numerous successful projects. He is also a WordPress theme creator and web article writer. On free time he likes reading philosophy books, traveling and playing chess.

Share This Post