How to Prevent Spam Comments on WordPress Website: 10 Proven Ways

Since WordPress is free and easy to use, it has become one of the most popular platforms for different types of websites. However, like any website, you might encounter some issues on WordPress, like spam comments and links, that can potentially hurt your site.

Choosing the best WordPress hosting provider is a vital first step, as this is your first line of defense against dangerous spam comments that may contain malicious links. Besides that, consider implementing some spam protection best practices.

This article will explain why you should prevent spam comments and share how to do it in 10 proven ways. Let’s get started!

Prevent Spam Comments on WordPress

Why Prevent Spam Comments

As one of the most common problems on WordPress websites, comment spam is used by the spammer to increase their site traffic, either from accidental clicks or by using misleading hyperlinks.

Although it may not look harmful, it can negatively affect your site’s performance and credibility. Search engines can mark spam comments as unsafe if it has bad links, decreasing your site’s authority and lowering its search engine optimization (SEO) ranking. That is why it’s crucial to monitor all comments on your WordPress site.

What’s more, leaving spam comments on your website can result in visitors having a poor user experience, as they are deemed annoying and distracting. As a result, it is more likely that visitors will abandon your site.

Many spam comments are submitted by bots, while some are posted by real people. Comment spam usually share common characteristics, such as using suspicious links, anonymous usernames, and unprofessional email addresses.

10 Ways to Prevent Spam Comments

This section will share 10 ways to stop spam comments on WordPress, so you can keep your website safe and maintain a positive user experience for visitors.

1. Approve Comments Manually

One of the easiest ways to stop WordPress comment spam is using moderation, which enables you to approve or disapprove comments manually. It helps you implement a filter system, ensuring that your WordPress site only displays relevant comments from real users.

This solution can be most suitable for WordPress users who receive few spam comments. To enable comment moderation, follow these steps:

a) Go to your WordPress dashboard -> Settings -> Discussion.
B) Tick the Comment must be manually approved box from the Before a comment appears section and click Save Changes.

Comment must be manually approved

Now, all comments will automatically be saved in the comment moderation section. You will need to review every comment manually before it is published on your site.

2. Use Anti-Spam Plugins

WordPress is widely known for its broad range of plugins that enable you to add new features to your website. This includes anti-spam plugins like Akismet and Antispam Bee that can prevent WordPress spam comments.


These plugins work by scanning all comments via a global spam database or its own algorithm. For example, when some websites report certain comments as spam, Akismet can detect similar spam comments in the future.

Although Akismet comes pre-installed with WordPress, you’ll need to activate it to use it. To do so, click on the Plugins menu from the WordPress admin dashboard, select Installed Plugins, then hit Activate on Akismet.

Once the process is done, you’ll be redirected to the configuration page. If you have Jetpack, connect the account to the Akismet plugin. Alternatively, you can create an Akismet account and generate an API key to set it up.

3. Add a reCAPTCHA

Another option to stop WordPress spam comments is using a CAPTCHA plugin, which stands for Completely Automated Public Turing Test to tell Computers and Humans Apart. It is a security measure to verify that website visitors are real users and not bots.

For example, users will need to click on matching objects, select a checkbox, or retype characters shown on the page. Adding a reCAPTCHA to the comment form can be effective in recognizing and blocking spam bots.

You can activate reCAPTCHA on a WordPress comment form by installing Google Invisible reCAPTCHA. Note that to make this plugin work, you’ll need to register your domain first on the Google reCAPTCHA website and obtain the API keys.


One important factor to note is that some users may find this test to be inconvenient, and using reCAPTCHA may discourage genuine users from submitting comments.

4. Set Comment Length

While some spam messages clearly look off-topic and unnatural, others can look genuine, which anti-spam plugins might not detect.

Many spammers may also use a single-word comment to spread it quickly on multiple websites. For this reason, setting a minimum comment length might be beneficial to block WordPress spam comments.

To get started, you can use the Yoast Comment Hacks plugin. For an ideal comment length, we recommend setting it to a minimum of 60 characters and a maximum of 1,500 characters.

comment hack

Once that’s activated, users with shorter or longer comments than the length you’ve set will receive an error message.

5. Disable Comments on Old Posts

Another easy way to block a spam comment is by turning off comments on old posts. Instead of moderating too many comments manually, this method will automatically not display user comments on old posts to make your work more efficient.

Here are the steps to disable them:

a) Navigate to Settings -> Discussion.

b) Under the Other comment settings section, turn on Automatically close comments on posts older than X days and select the time frame that suits your needs.

discussion setting

Note that you can also choose to permanently disable all comments on your WordPress posts and pages. However, we only recommend this as a last resort since it will decrease user engagement on your WordPress website.

6. Turn Off Comments on Media Attachments

Even if you have disabled all comments on your website, users can still leave spam comments on media attachment pages. Therefore, we recommend disabling comments for media attachments.

To do so, follow these steps:
a) Go to the WordPress dashboard -> Appearance -> Theme File Editor.

b) Open your theme’s functions.php file and copy the code below:

function filter_media_comments_close( $open, $post_id ) {
$post = get_post( $post_id );
if( $post->post_type == ‘attachment’ ) {
$open = false;
return $open;
add_filter( ‘comments_open’, ‘filter_media_comments_close’, 10 , 2 );

c) Click on the Update File button.

You’ll then see Comment closed at the bottom of the media attachment pages.
Alternatively, install the Disable Comments plugin for a quicker process. It globally bans comments and prevents them from being overridden by individual posts, attachments, and pages.

disable comments

7. Delete the URL Field on the Comment Form

If you receive many spam links, removing the website URL field can solve this issue. Many spammers use the URL field to boost their search engine rankings through backlinks. Usually, the comment’s author name also contains a specific keyword like John from 123 company.

When you remove the URL field on the comment form, comment spammers will not be able to build backlinks to their websites, which are often not relevant to your site.

Besides using plugins, you can manually remove the URL field from the comment form by entering this code into your theme’s functions.php file:

add_filter(‘comment_form_default_fields’, ‘unset_url_field’);
function unset_url_field($fields){
return $fields;

To ensure the URL field has been deleted, open a blog post on your website in a new incognito tab to check.

8. Disable HTML in Comments

Since WordPress accepts HTML tags in comments, it helps disguise spam links. Disabling this means any HTML tags will be read as text but won’t work. This way, you can prevent malicious comments on your WordPress site.

For instance, if the tag is used, the comment will display the tag, but the content will not be bolded. As a result, the links won’t be functional. To do this, you’ll need to open your theme’s functions.php file and add the code:

function wpb_comment_post( $incoming_comment ) {
$incoming_comment[‘comment_content’] = htmlspecialchars($incoming_comment[‘comment_content’]);
$incoming_comment[‘comment_content’] = str_replace( “‘”, ”’, $incoming_comment[‘comment_content’] );
return( $incoming_comment );
function wpb_comment_display( $comment_to_display ) {
$comment_to_display = str_replace( ”’, “‘”, $comment_to_display );
return $comment_to_display;
add_filter( ‘preprocess_comment’, ‘wpb_comment_post’, ”, 1);
add_filter( ‘comment_text’, ‘wpb_comment_display’, ”, 1);
add_filter( ‘comment_text_rss’, ‘wpb_comment_display’, ”, 1);
add_filter( ‘comment_excerpt’, ‘wpb_comment_display’, ”, 1);
remove_filter( ‘comment_text’, ‘make_clickable’, 9 );

Before making any changes to the code, we recommend creating a website backup first to prevent data loss.

9. Allow Comments from Signed-In Users Only

If you want to build engagement for your site, enabling comments for signed-in users might be a good option.

Doing this helps you to restrict visitors who can post comments by asking them to create an account on your website. This will discourage fake commentators and prevent bots from submitting comment spam.

Activate this feature using the following steps:

a) Go to Settings -> Discussions.

b) Scroll down to the Other comment settings section and check the Users must be registered and logged in to comment option.

Furthermore, it’s important to consider the user registration process and whether it is open to anyone. You can configure this by navigating to Settings -> General -> Membership.

10. Create Disallowed Comment Keywords

Making a list of disallowed words is one of the best ways to filter your WordPress comments. It enables your site to automatically remove spam comments based on the list, which can be contained in author names, URLs, IP addresses, or emails.

Moreover, it allows you to block spam with general comments and other common spam keyphrases.

To create a disallowed comment list, follow these steps:
a) Go to your admin dashboard, then head to Settings -> Discussions.

b) Add the list of words you want to block in the Disallowed Comment Keys section.

c) Save the changes.
comment key

While WordPress offers an excellent built-in commenting system, it can result in vulnerabilities as it allows users to submit spam comments on your site. This will affect your website’s authority and SEO ranking, impacting its overall performance.

To address this, we’ve shown you 10 effective ways to prevent WordPress comment spam. Here are the methods:
1. Moderate comments manually.
2. Install an anti-spam plugin.
3. Use a reCAPTCHA.
4. Set comment length.
5. Turn off comments on old posts.
6. Disable comments on media attachments.
7. Remove the URL field from the comment form.
8. Disable HTML in comments.
9. Only accept comments from signed-in users.
10. Make a list of disallowed comment keywords.

Whether using plugins or built-in features, these methods help to ensure that your website is safe and secure from any spammers. Good luck!

About Sonal S Sinha

Sonal S SinhaSonal S Sinha is a passionate writer as well as WordPress and WooCommerce rockstar who loves to share insights on various topics through his engaging blog posts. He runs a successful website design and digital marketing company. With 15+ years of experience in WordPress theme development, he strives to inform and inspire readers with his thought-provoking content. He helps thousands of small and medium businesses and startups create a unique online presence. Follow Sonal S Sinha for your regular dose of knowledge and inspiration.

Do check out our free WordPress themes and WordPress themes bundle