How to Prevent WordPress Spam

by Meghan . updated May 9, 2019 . 185 shares . Leave a comment

If you have a WordPress blog that exists on the internet, then unfortunately spam is always an issue.

According to the dictionary, spam is defined as:

irrelevant or unsolicited messages sent over the Internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc.

There are two areas of your site that spammers like to attack, comments forms and contact forms and we will discuss both types in the post and the ways that you can stop the blighters from worming their way in.

Perhaps you are tempted to just turn off comments completely?

While pressing the ‘off switch’ could be part of a solution, I don’t recommend it, because in doing so you prevent loyal readers from engaging with your content, which is a bad thing all round.

There are other solutions to native WordPress comments. You could use Facebook comments, or Disqus instead, so be sure to look at those solutions before you make the decision, to hit the button!

How to Prevent WordPress Spam
Please pin me on Pinterest!

How to prevent WordPress spam

Quick links:

How to get rid of comment spam

How to Disable WordPress Comments Completely
How to get rid of comment spam

Comments on blog posts are a WordPress spam magnet.

I like to allow comments on my blog because I want to know what my readers think and it is a way of getting to know them.

You can turn off comments of course, but there is a very effective plugin available called Akismet Anti-Spam Plugin by Automattic, the creators of WordPress.

Akismet is free for non-commercial websites and blogs, or a very reasonable £4 per month for commercial sites. It is very effective at dealing with WordPress spam, and it is one of my essential plugins.

How to conquer comment spam with the Akismet Anti-Spam plugin

Akismet WordPress plugin
Akismet WordPress plugin

Install and activate the Akismet plugin. Go to Plugins->Add New, then search for Akismet. If you are not sure how to install plugins, I have a great guide here.

After you activate the plugin, you should see this message at the top of the plugins screen.

Setup your akismet account message

If you don’t see the above message click the settings link instead:

Akismet spam settings link

If you already have an API key enter it on the next screen, otherwise, click ‘Get your API key‘ to go to the Akismet site to create your keys.

You must have a wordpress.com account to create Akismet keys. If you already have an account, login or sign up for a new one.

Akismet spam settings screen

Once you have logged into Akismet with your wordpress.com account, the next step is to select a plan.

One of the options is ‘Name Your Price‘, where you can choose how much you would like to pay, the lowest price being zero. The free plan is meant only for non-commercial sites.

Select akismet plan

When you have selected a plan, the activation screen should display as below.

Akismet activate this site screen

Click ‘Activate this site’, after which you arrive back at your WordPress settings screen, and the Akismet key should be filled in.

You can then make some option changes to the settings.

I recommend you select the first option for ‘Strictness‘ – ‘Silently discard the most pervasive spam‘, and the first option again for ‘Privacy‘ – ‘Display a privacy notice‘.

Then save your changes.

Akismet complete settings screen

How to get rid of spam from contact forms with a captcha

Captchas were invented to prevent robots from sending spam via forms, they force users to enter text according to a garbled picture, thereby weeding out the robots.

The problem with captchas is accessibility, as the text pictures were often difficult to interpret, and could discourage people from contacting you.

The next generation, known as ‘Recaptcha’, was developed by Google, and required to users to click a box instead.

If Google suspected a robot, users would have to answer questions about a series of pictures as further proof of innocence.

The latest version of Google’s Recaptcha (V3) is much improved, it silently detects robots, dispensing with the click box, making it much better for usability.

There are several contact form plugins in existence. The most popular free one is Contact Form 7. If you are using this, then there is a Google Recaptcha option that it is straightforward to set up.

Select ‘Contact‘->’Integration‘ then click ‘Setup Integration‘ button.

Contact form 7 integration settings

On the next screen fill in your Site Key and Secret Key.

If you don’t have keys, click the ‘google.com/recaptcha‘ link to login or create a google account. From there you can register a new site for either Recaptcha v2 or v3.

Version 2 uses a click box and pictures, and version 3 gives you the silent option, which is the best one for usability.

Contact form 7 recaptcha keys

When registration is complete, copy the keys shown under the keys tab back to the form above.

Google recaptcha keys

That is all you need to do to protect your Contact Form 7 Forms!

There is no need to add shortcodes to your form configuration, but if you are using Version 2 of Recaptcha then add the shortcode [recaptcha] where you want it to appear within the form.

How to fool spammers with a honeypot

How to fool spammers with a honeypot
How to fool spammers with a honeypot

I love this option … get-em with a honeypot!

Honeypots are a simple but cunning alternative to captchas, and the best thing is they don’t put off your human form fillers.

Honeypots work by catching out bots with a hidden field that is invisible to human users, but not to robots. When the honeypot field is filled in, we assume that the form filler is a robot. It’s as simple as that!

There is a free add-on for the Contact Form 7 plugin called Contact Form 7 Honeypot.

When activated it provides an extra ‘Honeypot‘ field that you can add to your contact form.

When you add the honeypot field, you can set a name for it. I like to choose something that could quite legitimately be on a form to fool the robot as much as possible, for example, ‘confirm-email‘.

Contact form 7 honeypot plugin settings

That is all you need to do, and you will find, that you no longer get spam from the form. If any start coming through again, try changing the name of the honeypot field.

Wrapping up

In this post, I have gone through some effective solutions for dealing with spam from your comment forms and contact forms.

There are two lines of attack, the Akismet plugin and two Contact Form 7 add-on options for captchas and honeypots. My favourite is the honeypot solution.

There is now a free plugin that looks very interesting called Antispam Bee. It could be a good alternative to Akismet, which of course you have to pay for. So I will go away and look at that more closely and get back to you on that one.

Further reading


This post was proofread by Grammarly

Join my mailing list and get WordPress blogging tips and tricks emailed to you weekly.

Plus get access to all my free resources.

Did you love this article? Please share it if you did!

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

FREE

The Perfect Blog Post Checklist

Download the FREE blogging need for speed checklist

Make sure your blog is running super fast at all times.

I would love you to follow me!