How to block recurring spam in WordPress

Martin Brinkmann
Oct 28, 2012
Updated • Oct 28, 2012

For the past week I have noticed an increase in comment spam here on Ghacks. The spam would arrive in bulk - meaning in the hundreds - in a matter of minutes on this blog with the vast majority of the comments slipping past the moderation queue. Each comment included a keyword as the comment author name, a link to a keyword rich domain, a random sentence that had nothing to do with the article, and a plain text link to the same domain.

What puzzled me was that the anti-spam plugin AntiSpam Bee did not catch the spam but let it right through. This also meant a lot of manual moderation and inspection of comments to remove all that slipped through from appearing on the site.

Back in 2009 I explained how you can clean bulk spam from WordPress effectively. The method involved running MySQL commands to delete specific comment types, for instance those containing a particular domain name, from the comments. The method, while very effective at removing comments that already landed on the blog, was not protecting the blog from new comment spam attacks.

wordpress comment spam
spam excerpt

There is however an option to block recurring spam from WordPress, and I'd like to explain how to configure it properly. The option is part of every WordPress installation, which is a good thing as you do not have to install yet another plugin or make a code modification to make use of it.

To start, click on Settings > Discussion in the WordPress admin dashboard. Keep in mind that you need sufficient rights to open the settings here.

Locate the Comment Blacklist setting here and add words or phrases here that you want automatically blocked. If a comment contains the words or phrases added here, it will automatically be moved to the spam folder.

When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be marked as spam. One word or IP per line. It will match inside words, so “press” will match “WordPress”.

wordpress comment blacklist
comment blacklist

Simply add words, phrases or domain names that you want WordPress to block automatically whenever they are included in comments. Please note that WordPress does not make a distinction between legit comments or spam comments.


Previous Post: «
Next Post: «


  1. Jojo said on January 26, 2013 at 8:07 pm

    Disqus sucks for me. It works on some sites for me but refuses to load on numerous other sites. And support is non-existent (especially for end users) if something doesn’t work.

  2. Jeff said on January 26, 2013 at 5:56 pm

    As M.A. above mentioned, Disqus also solved 99.5% of our SPAM problem. LiveFyre I think would also be good. Both are free and can be installed in a few minutes. We have a paid version of akismet running across our WP multi-site install (100 blogs) it`s ok to a certain point but some of the blogs have been flooded. We are looking at network activating Disqus to slove all our SPAM issues.

  3. Apramit said on November 12, 2012 at 7:09 pm

    Thanks for the solution.i ve had similar problems in the past. :)

  4. M.A. said on October 29, 2012 at 9:58 pm

    I’ve found DIsquis to work very well.

  5. Ron said on October 29, 2012 at 6:16 pm

    It seems like some of those entries are redundant; since you have an entry for Nik3, any other entry with the word Nik3 is already covered.

    Akismet, which is installed (but not activated) by default with WordPress seems to do a very decent job of catching spam. Although optional, they started asking for donations for personal websites a few years ago, and it’s worth $12 (a dollar a month) for me to not have to hassle with spam.

  6. berttie said on October 28, 2012 at 10:15 pm

    @ Jason Frovich

    But you’d never get a comment from me, which might be a plus, or others not interested in Facebook, which might not be.

    1. Jojo said on October 29, 2012 at 9:01 am

      Nor me.

      Looks like I better not mention my new Nik* sneakers, eh? :)

      That spam filter seems pretty basic…

      1. Martin Brinkmann said on October 29, 2012 at 10:02 am

        That’s just a catch all filter that I use to block spam that is persistently coming through.

  7. Jason Frovich said on October 28, 2012 at 9:49 pm

    I just started to turn off WP comments and now use Facebook comments. That way I KNOW its typically a real person commenting.

    This has virtually eliminated all my comment spam

    I have had good success with
    Its easy and requires no setup, just enable and your good to go

  8. Velociraptor said on October 28, 2012 at 7:09 pm

    just use that Plugin
    0 spam guaranteed

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.