How to Completely Stop WordPress Comment Spam?

Last updated
App Shah
Crunchify » WordPress Optimization and Tutorials » How to Completely Stop WordPress Comment Spam?

How to Stop WordPress Comment Spam Right way

Comment form is one of the essential feature for any blog. If your site doesn’t have better comment form and users are having problem posting comment then definitely you are missing valuable insights from your valuable readers. That’s a reason, we have another article related to WordPress comment form 🙂

As you may have seen on Crunchify recently, we moved to Default WordPress Comment form, we have made number of different enhancements on it.

One last thing it’s missing is how to fight with SPAM? How to stop spam comments? Akismet is one of the best WordPress plugin out there but it’s not enough as per my experience.

Akismet catches almost all SPAM comments on site but it doesn’t help stop submitting SPAM comments to your WordPress DB. But because of Akismet, all SPAM comments will be automatically be placed into SPAM queue and you could easily empty with single click.

On Crunchify, I don’t want it. I don’t want any spam bots to even submit comments on my site. Then how to Combat Comment Spam?

How to completely stop WordPress comment spam then?

These are the vital tips and tools to combat Comment Spam in WordPress. There are two ways:

  1. Using Plugin with Google’s invisible recaptcha
  2. Using .htaccess hack
  3. Lot’s of other WordPress comment Spam Plugin (we will not go over it here as lots of other documentation is out there 🙂 )

Option-1 Using Plugin

On Crunchify, we are using Google's invisible captcha plugin and it’s working 100% right way. It’s been a week after moving from Disqus to Default WordPress comment form and we didn’t even got single spam. Download link.

NOTE: Getting SPAM and putting into spam folder is still a problem. Here with this approach we are not even getting a spam. That’s a big deal as your WordPress DB won’t be able to bombarding with comment insert queries 🙂 We are not using Akismet plugin on site anymore now.

How to setup Spam prevention right way in WordPress comment form? Follow below steps and I bet you won’t see any spam comment on your site.

Step-1

Go to https://www.google.com/recaptcha/admin#list to setup your recaptcha account.

Step-2

You will get your Keys in next screen.

Step-3

Download Invisible Recaptcha plugin to your site.

Step-4

  • Go to Settings -> Invisible reCaptcha
  • Provide your Site Key and Secret Key
  • Click Save button
  • Go to each tab and enable on which form you want to enable Google Recaptcha.

WordPress Invisible Recaptcha Settings

That’s it. Google’s invisible recaptcha is now enabled on your site. If Google seems some spam activity or bot submitting comments then it will show verification pop up automatically on your site before form will get submitted.

So far it’s working pretty good on Crunchify and we will continue using it.

Option-2 using .htaccess hack

Just add below code to your root .htaccess file and you should see very less SPAM comments after that. There is no guarantee though and you will still see some SPAM comments but it’s better than before.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*ExampleDomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

Make sure you update line 4 with your domain name. Basically you are making sure that comments are not submitted by any spam bots but rather user on the page. If referrer is your site then you are good.

Also, it’s good idea to add all below words into your WordPress Discussion Blacklist.

soma
ambien
cialis
buycialis
hydrocodone
viagraonline
cialisonline
phentermine
viagrabuy
percocet
tramadol
propecia
xenical
meridia
levitra
vicodin
viagra
valium
porno
xanax
sex
adipex
advicer
baccarrat
blackjack
bllogspot
booker
byob
car-rental-e-site
car-rentals-e-site
carisoprodol
casino
casinos
chatroom
cialis
coolcoolhu
coolhu
cwas
cyclen
cyclobenzaprine
dating-e-site
day-trading
debt-consolidation
discreetordering
duty-free
dutyfree
equityloans
fioricet
flowers-leading-site
freenet-shopping
freenet
gambling-
hair-loss
health-insurancedeals-4u
homeequityloans
homefinance
holdem
holdempoker
holdemsoftware
hotel-dealse-site
hotelse-site
incest
insurance-quotesdeals-4u
insurancedeals-4u
jrcreations
levitra
macinstruct
mortgagequotes
online-gambling
onlinegambling-4u
ottawavalleyag
ownsthis
palm-texas-holdem-game
paxil
penis
pharmacy
phentermine
poker-chip
poze
pussy
rental-car-e-site
ringtones
roulette 
shemale
shoes
slot-machine
texas-holdem
thorcarlson
top-site
top-e-site
tramadol
trim-spa
ultram
valeofglamorganconservatives
viagra
vioxx
xanax

Go to Settings -> Discussion -> Comment Blacklist. Save changes and you are all good. I would suggest keep updating this list and that will help you fight all spams in the future too.

Let me know what is your best way to fight spams on WordPress comment form.

2 thoughts on “How to Completely Stop WordPress Comment Spam?”

Leave a Comment