Tips to combat comment spam in WordPress


Askimet is a great tool developed by Automattic, one of the leading developers in the WordPress community. Askimet works as a filter to reduce the number of tracebacks, comments and contact form messages which are spam.

Askimet is a paid service, but is one of the most crucial tools to have in your arsenal if you need WordPress comments enabled.

Nofollow Comment Links

A number of plugins have launched on the WordPress Plugin Repository which allows you to disable the nofollow attribute for any links within the comments. The plugin developers claim this will encourage people to leave comments as it will give the link a linkback (in simple terms, it helps with SEO).

What is actually happening is these websites are getting lots of spam comments who are not interested in the page, they’re purely pasting links in order to benefit their SEO scores.
If you have one of these plugins installed, we recommend you delete it.

Use Cookies

Most spam comments come from bots using non-standard browsers which don’t download images or any css stylesheets. The Cookies for Comments plugin ensures the users are downloading images and stylesheets before setting a cookie which is used to allow the user to fill out a comment.

Add a reCAPTCHA verification box

A reCAPTCHA is Google’s version of the “I am not a robot” verification box. Google’s technology tracks the way you interact with the screen before you interact with it. If Google thinks you could be a bot, then it will present you with a series of images which you have to identify.

This method is a incredibly effective against bots, but has its downsides too as it cannot assist in blocking spam done by actual people.

This plugin has further benefit by adding reCAPTCHA on your login forms too which will add to your WordPress Security. If your conscious about WordPress security, read my other blog here.

Turn off comments all together

For most people, adding comments doesn’t actually assist your site in any way, especially if you don’t have the time to manage the moderation. In this situation it’s probably best to disable comments all together. You can do this by going to Settings, then Discussion and then unchecking the box which says “Allow people to post comments on new articles”.


If you would like to chat all things SSL with a member of the CREATIVEFOLKS team then please get in touch.

Staff headshot

Produced by Cameron Stephen

Cameron Stephen is a full-stack web developer who specialises in LAMP/LEMP development, confidently working with PHP, HTML5 and CSS within a Linux environment. He prefers to work using the Symfony MVC framework with Doctrine as an ORM; Git as his version control system of choice and Composer as the dependency manager - but is also fully capable in WordPress-based web development, developing bespoke websites that are fully responsive, are well optimised and bug-free.