How to block recurring spam in WordPress
For the past week I have noticed an increase in comment spam here on Ghacks. The spam would arrive in bulk - meaning in the hundreds - in a matter of minutes on this blog with the vast majority of the comments slipping past the moderation queue. Each comment included a keyword as the comment author name, a link to a keyword rich domain, a random sentence that had nothing to do with the article, and a plain text link to the same domain.
What puzzled me was that the anti-spam plugin AntiSpam Bee did not catch the spam but let it right through. This also meant a lot of manual moderation and inspection of comments to remove all that slipped through from appearing on the site.
Back in 2009 I explained how you can clean bulk spam from WordPress effectively. The method involved running MySQL commands to delete specific comment types, for instance those containing a particular domain name, from the comments. The method, while very effective at removing comments that already landed on the blog, was not protecting the blog from new comment spam attacks.
There is however an option to block recurring spam from WordPress, and I'd like to explain how to configure it properly. The option is part of every WordPress installation, which is a good thing as you do not have to install yet another plugin or make a code modification to make use of it.
To start, click on Settings > Discussion in the WordPress admin dashboard. Keep in mind that you need sufficient rights to open the settings here.
Locate the Comment Blacklist setting here and add words or phrases here that you want automatically blocked. If a comment contains the words or phrases added here, it will automatically be moved to the spam folder.
When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be marked as spam. One word or IP per line. It will match inside words, so â€œpressâ€ will match â€œWordPressâ€.
Simply add words, phrases or domain names that you want WordPress to block automatically whenever they are included in comments. Please note that WordPress does not make a distinction between legit comments or spam comments.Advertisement