How to block recurring spam in Wordpress - gHacks Tech News

How to block recurring spam in WordPress

For the past week I have noticed an increase in comment spam here on Ghacks. The spam would arrive in bulk - meaning in the hundreds - in a matter of minutes on this blog with the vast majority of the comments slipping past the moderation queue. Each comment included a keyword as the comment author name, a link to a keyword rich domain, a random sentence that had nothing to do with the article, and a plain text link to the same domain.

What puzzled me was that the anti-spam plugin AntiSpam Bee did not catch the spam but let it right through. This also meant a lot of manual moderation and inspection of comments to remove all that slipped through from appearing on the site.

Back in 2009 I explained how you can clean bulk spam from WordPress effectively. The method involved running MySQL commands to delete specific comment types, for instance those containing a particular domain name, from the comments. The method, while very effective at removing comments that already landed on the blog, was not protecting the blog from new comment spam attacks.

wordpress comment spam
spam excerpt

There is however an option to block recurring spam from WordPress, and I'd like to explain how to configure it properly. The option is part of every WordPress installation, which is a good thing as you do not have to install yet another plugin or make a code modification to make use of it.

To start, click on Settings > Discussion in the WordPress admin dashboard. Keep in mind that you need sufficient rights to open the settings here.

Locate the Comment Blacklist setting here and add words or phrases here that you want automatically blocked. If a comment contains the words or phrases added here, it will automatically be moved to the spam folder.

When a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be marked as spam. One word or IP per line. It will match inside words, so “press” will match “WordPress”.

wordpress comment blacklist
comment blacklist

Simply add words, phrases or domain names that you want WordPress to block automatically whenever they are included in comments. Please note that WordPress does not make a distinction between legit comments or spam comments.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Velociraptor said on October 28, 2012 at 7:09 pm
    Reply

    just use that Plugin
    http://wordpress.org/extend/plugins/cookies-for-comments/
    0 spam guaranteed

  2. Jason Frovich said on October 28, 2012 at 9:49 pm
    Reply

    I just started to turn off WP comments and now use Facebook comments. That way I KNOW its typically a real person commenting.

    This has virtually eliminated all my comment spam

    I have had good success with http://wordpress.org/extend/plugins/facebook-comments-plugin/
    Its easy and requires no setup, just enable and your good to go

  3. berttie said on October 28, 2012 at 10:15 pm
    Reply

    @ Jason Frovich

    But you’d never get a comment from me, which might be a plus, or others not interested in Facebook, which might not be.

    1. Jojo said on October 29, 2012 at 9:01 am
      Reply

      Nor me.

      Looks like I better not mention my new Nik* sneakers, eh? :)

      That spam filter seems pretty basic…

      1. Martin Brinkmann said on October 29, 2012 at 10:02 am
        Reply

        That’s just a catch all filter that I use to block spam that is persistently coming through.

  4. Ron said on October 29, 2012 at 6:16 pm
    Reply

    It seems like some of those entries are redundant; since you have an entry for Nik3, any other entry with the word Nik3 is already covered.

    Akismet, which is installed (but not activated) by default with WordPress seems to do a very decent job of catching spam. Although optional, they started asking for donations for personal websites a few years ago, and it’s worth $12 (a dollar a month) for me to not have to hassle with spam.

  5. M.A. said on October 29, 2012 at 9:58 pm
    Reply

    I’ve found DIsquis to work very well.

  6. Apramit said on November 12, 2012 at 7:09 pm
    Reply

    Thanks for the solution.i ve had similar problems in the past. :)

  7. Jeff said on January 26, 2013 at 5:56 pm
    Reply

    As M.A. above mentioned, Disqus also solved 99.5% of our SPAM problem. LiveFyre I think would also be good. Both are free and can be installed in a few minutes. We have a paid version of akismet running across our WP multi-site install (100 blogs) it`s ok to a certain point but some of the blogs have been flooded. We are looking at network activating Disqus to slove all our SPAM issues.

  8. Jojo said on January 26, 2013 at 8:07 pm
    Reply

    Disqus sucks for me. It works on some sites for me but refuses to load on numerous other sites. And support is non-existent (especially for end users) if something doesn’t work.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.