2 Simple Steps to Block Comment Spam on Your WordPress Site

This quick tutorial shows you 2 simple steps to block comment spam on your WordPress site.

1 Disable Website Field in the Comment Form

The default WordPress comment form includes a website field, which is a way to encourage genuine comment in the early days of blogging. But now this website field is abused by spammers  to link back to their websites. Disabling it can greatly discourage spammers.

To disable the website filed in comment form, simply open your WordPress theme’s functions.php file and add the following lines at the bottom.

// remove comment author url
add_filter('comment_form_default_fields', 'website_remove');
function website_remove($fields)
        return $fields;

Save the file and you are done. (I found that if you put the above lines in the child theme‘s functions.php file, it won’t work.)

2 Install Wp Spam Fighter Plugin

WP Spam Fighter is a great plugin to stop comment spams from bots. Many spammers uses scripts to leave comments on websites. WP Spam Fighter can prevent comment spam without moderation, captchas or questions.

wp spam fighter

Install and activate this plugin on your WordPress site, then go to WordPress Dashboard -> Settings -> WP Spam Fighter. By default, timestamp protection and honeypot protection are enabled, which are enough to prevent comment spam from bots. I don’t enable Recaptcha protection because it will degrade user experience.

wordpress block comment spam

Generally, I just use the default settings in WP Spam Fighter and my site have caught almost 400 comment spams.

wordpress delete comment spam automatically

By default, comment spam won’t be deleted in WordPress database. I use the following Cron job on my Linux server to delete comment spam once an hour and delete trashed comments once a day. Replace database_name with your own WordPress database name.

# delete spam comments hourly
@hourly /usr/bin/mysql -u root database_name -Bse "delete from wp_comments where comment_approved = 'spam';"

# delete trashed comments daily
@daily /usr/bin/mysql -u root database_name -Bse "delete from wp_comments where comment_approved = 'trash';"

The above Cron job is put in root user’s crontab file.

sudo crontab -e

If you have multiple WordPress sites on a single Linux server, then you need add a cron job for each of your WordPress databases.

# delete spam comments hourly
@hourly /usr/bin/mysql -u root database1_name -Bse "delete from wp_comments where comment_approved = 'spam';"
@hourly /usr/bin/mysql -u root database2_name -Bse "delete from wp_comments where comment_approved = 'spam';"

# delete trashed comments daily
@daily /usr/bin/mysql -u root database1_name -Bse "delete from wp_comments where comment_approved = 'trash';"
@daily /usr/bin/mysql -u root database2_name -Bse "delete from wp_comments where comment_approved = 'trash';"

Bonus Tip: Disable Auto Linking in WordPress Comments

Some spammers like putting a direct link in the comments to promote their website. You can add the following lines in the functions.php file to disable auto linking, so the spammer’s link won’t be clickable, while still allowing HTTP/HTTPS link with the <a>...</a> tag.

//disable auto linking in comments
remove_filter( 'comment_text', 'make_clickable', 9 );

Enable Comment Reply Notifications

By default, if a visitor leave a comment on a WordPress site, the visitor won’t receive email notifications when someone replies to his/her comment. To enable comment reply notification, you can install the Subscribe to Comments Reloaded plugin.

Subscribe to Comments Reloaded

Once you install and activate this plugin, go to StCR -> Comment Form. You can set checked by default. You should also change the Default Checkbox value to Replies to this comment.

reply to this comment

If you can’t save the change, you need to enable Advanced subscription and change the value. Then you can disable advanced subscription.

To design HTML emails, you can install the WP HTML Mail plugin.

That’s all folks!

Rate this tutorial
[Total: 0 Average: 0]

Leave a Reply

Your email address will not be published. Required fields are marked *