WordPress: protect your blog against spam without taxing plugins

Martin Brinkmann
Dec 5, 2012

I have tested many WordPress antispam plugins here on Ghacks, from Akismet which is more or less the standard plugin for many sites to plugins such as AntiSpam Bee and a couple of others that I can't even remember the names of. I have two issues with these kind of plugins. Checks are usually made on remote servers and, what I consider more important, they sometimes flag legitimate comments as spam. I have a couple of readers from Russia who often get their comments flagged even though there is no reason for that at all.

Since there is no whitelisting by IP or username, it is not possible to get past that issue using those plugins. You can install another plugin that adds whitelisting, but that is yet another thing that is then running on the server.

I decided that I had enough and started to go through the WordPress comment plugin listing to see if I can find a plugin that is offering a simpler solution. After some testing, I found NoSpamNX. It is probably best to let the author explain what it does first:

NoSpamNX automaticly adds additional formfields to your comment form, invisible to human users. If a spambot fills these fields blindly (which most of all spambots do), the comment will not be saved.

I have read tips and seen plugins before that modify the comment form, add captchas or Javascript to the page to fight off spam. The solutions, as solid as they may be, make it either more complicated for human visitors to submit comments, or add code to the site which slows it down on the user site.

The plugin has been up for over a week, and while it does a very good job at preventing legitimate comments from landing in spam - with the exception of one comment in that time that did land there - it did not stop some spam comments from being published here on the site. I have moderated those comments manually up until now, but it meant that they would appear on the site for up to 10 hours.

I quickly found a way to deal with the issue as well. The "Comment author must have a previously approved comment" setting under Settings > Discussion automatically holds comments by new visitors, bots or real, in moderation while comments by users who have posted at least one are not.

wordpress anti spam

Since spam bots do not leave regular comments it is fair to say that I have eliminated the problem once and for all. While it is certainly possible that some spammers will leave a legit comment first to pave the way for spam comments, I still have options to moderate the comments manually once I find them.

If you are a WordPress webmaster who is plagued by spam or legit comments being marked as spam, I suggest you give it a try.


Previous Post: «
Next Post: «


  1. Usman said on December 7, 2012 at 2:38 am

    Akismet also adds extra fields to the comment form then how can this plugin be more useful than Akismet?

  2. Matias Aquino said on December 6, 2012 at 7:56 pm

    Hi Martin, have you ever tried Growmap Anti Spambot Plugin? It just adds a checkbox that says “I´m human” (or something like it that you can customize). You readers just have to check it before leaving a comment. Much easier and way faster than captchas!

    1. Antonio said on December 6, 2012 at 9:26 pm

      From the FAQ page:
      If I disable javascript will it still work?
      No. This plugin requires javascript to be enabled in the users browser for the comment to be accepted.

      So, I will be marked as a spambot.

    2. Martin Brinkmann said on December 6, 2012 at 8:19 pm

      Matias, did not try that and I do not think I need to anymore, since the method that I described is working perfect so far.

  3. Virtualguy said on December 6, 2012 at 8:02 pm

    Frank, if you’re getting a notification every time you leave a comment, that option must be set in your preferences. I never get notifications when I leave comments on the blog. I only get an occasional invitation to join the newsletter. Nothing wrong with that. Un-tick the checkbox just above the comment field before submitting your comment.

    1. Martin Brinkmann said on December 6, 2012 at 8:18 pm

      I have disabled the notification emails for now that you get when you comment for the first time.

      1. Frak said on December 7, 2012 at 2:15 am

        I appreciate you take into account reader feedback Martin, I did not mean to be picky and I was not aware that you only get notified once if you are a new reader.

        The problem I think it is that because I care about online privacy I often erase my cookies, change computer IP and use different email addresses to comment online, this makes tracking me down more difficult and the system probably believes that I am a new reader all the time.

      2. Martin Brinkmann said on December 7, 2012 at 9:44 am

        That was one of the reasons why I turned it off. It is not designed to pester readers with emails and I can’t really say if it is doing more good than bad or the other way round.

  4. Frank said on December 6, 2012 at 2:39 am

    Now that we are on the topic of spam, I don’t think it is right for Ghacks to send a notification email every time I post a comment here and I am not talking about follow up notifications which are optional, I am talking about the thanks for your comment emails, that you only get only once but you know that this is not needed, what kind of email is that, a copy and paste that says thanks for your comment you might want to subscribe to the RSS, etc..

    As for spam on the blog, I used Recaptcha for a while and no spam ever got through.

    1. bennix said on December 6, 2012 at 4:13 pm

      Hi, Frank I’m new here, I think you just need to uncheck that “Notify me of followup comments via e-mail box” to avoid ghacks sending you some notifications.ty

  5. berttie said on December 5, 2012 at 10:49 pm

    Most of my comments of the last 2 months have failed to make it, I assume because of spam filters, so we’re about to find out if this one has solved the problem.

  6. odio said on December 5, 2012 at 9:10 pm

    cool idea how it works.

  7. bennix said on December 5, 2012 at 8:17 pm

    I like this topic Martin, Actually i’m using Disqus Comment system in one of my blog and its really helping me by default to filter spam comments.Using Disqus it can trap comments with links, harsh or blacklisted words and even Askimet is also available right there however, I can’t afford to pay for it.can you offer an askimet or another free alternative?thanks

    1. Martin Brinkmann said on December 5, 2012 at 8:47 pm

      You do not need those anymore with this setup. I don’t like Disqus because it adds an extra JavaScript file to the page load.

      1. Antonio said on December 6, 2012 at 6:05 pm

        As a NoScript user, I agree. Moreover, all the comments belong to Disqus, not to me.

      2. Jojo said on December 6, 2012 at 6:40 am

        Disqus sucks for me. Sometimes it works but many times on different blogs it does not. There is no effective support that I am aware of.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.