How to block recurring spam in WordPress
For the past week I have noticed an increase in comment spam here on Ghacks. The spam would arrive in bulk - meaning in the hundreds - in a matter of minutes on this blog with the vast majority of the comments slipping past the moderation queue. Each comment included a keyword as the comment author name, a link to a keyword rich domain, a random sentence that had nothing to do with the article, and a plain text link to the same domain.
What puzzled me was that the anti-spam plugin AntiSpam Bee did not catch the spam but let it right through. This also meant a lot of manual moderation and inspection of comments to remove all that slipped through from appearing on the site.
Back in 2009 I explained how you can clean bulk spam from WordPress effectively. The method involved running MySQL commands to delete specific comment types, for instance those containing a particular domain name, from the comments. The method, while very effective at removing comments that already landed on the blog, was not protecting the blog from new comment spam attacks.
There is however an option to block recurring spam from WordPress, and I'd like to explain how to configure it properly. The option is part of every WordPress installation, which is a good thing as you do not have to install yet another plugin or make a code modification to make use of it.
To start, click on Settings > Discussion in the WordPress admin dashboard. Keep in mind that you need sufficient rights to open the settings here.
Locate the Comment Blacklist setting here and add words or phrases here that you want automatically blocked. If a comment contains the words or phrases added here, it will automatically be moved to the spam folder.
When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be marked as spam. One word or IP per line. It will match inside words, so â€œpressâ€ will match â€œWordPressâ€.
Simply add words, phrases or domain names that you want WordPress to block automatically whenever they are included in comments. Please note that WordPress does not make a distinction between legit comments or spam comments.Advertisement
just use that Plugin
0 spam guaranteed
I just started to turn off WP comments and now use Facebook comments. That way I KNOW its typically a real person commenting.
This has virtually eliminated all my comment spam
I have had good success with http://wordpress.org/extend/plugins/facebook-comments-plugin/
Its easy and requires no setup, just enable and your good to go
@ Jason Frovich
But you’d never get a comment from me, which might be a plus, or others not interested in Facebook, which might not be.
Looks like I better not mention my new Nik* sneakers, eh? :)
That spam filter seems pretty basic…
That’s just a catch all filter that I use to block spam that is persistently coming through.
It seems like some of those entries are redundant; since you have an entry for Nik3, any other entry with the word Nik3 is already covered.
Akismet, which is installed (but not activated) by default with WordPress seems to do a very decent job of catching spam. Although optional, they started asking for donations for personal websites a few years ago, and it’s worth $12 (a dollar a month) for me to not have to hassle with spam.
I’ve found DIsquis to work very well.
Thanks for the solution.i ve had similar problems in the past. :)
As M.A. above mentioned, Disqus also solved 99.5% of our SPAM problem. LiveFyre I think would also be good. Both are free and can be installed in a few minutes. We have a paid version of akismet running across our WP multi-site install (100 blogs) it`s ok to a certain point but some of the blogs have been flooded. We are looking at network activating Disqus to slove all our SPAM issues.
Disqus sucks for me. It works on some sites for me but refuses to load on numerous other sites. And support is non-existent (especially for end users) if something doesn’t work.