If you have a WordPress blog that exists on the internet, then unfortunately spam is always an issue.
According to the dictionary, spam is defined as:
irrelevant or unsolicited messages sent over the Internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc.
There are two areas of your site that spammers like to attack, comments forms and contact forms and we will discuss both types in the post and the ways that you can stop the blighters from worming their way in.
Perhaps you are tempted to just turn off comments completely?
While pressing the ‘off switch’ could be part of a solution, I don’t recommend it, because in doing so you prevent loyal readers from engaging with your content, which is a bad thing all round.
How to prevent WordPress spam
- How to get rid of comment spam
- How to conquer comment spam with the Akismet Anti-Spam plugin
- How to get rid of spam from contact forms with a captcha
- How to fool spammers with a honeypot
- Wrapping up
How to get rid of comment spam
Comments on blog posts are a WordPress spam magnet.
I like to allow comments on my blog because I want to know what my readers think and it is a way of getting to know them.
Akismet is free for non-commercial websites and blogs, or a very reasonable £4 per month for commercial sites. It is very effective at dealing with WordPress spam, and it is one of my essential plugins.
How to conquer comment spam with the Akismet Anti-Spam plugin
Install and activate the Akismet plugin. Go to Plugins->Add New, then search for Akismet. If you are not sure how to install plugins, I have a great guide here.
After you activate the plugin, you should see this message at the top of the plugins screen.
If you don’t see the above message click the settings link instead:
If you already have an API key enter it on the next screen, otherwise, click ‘Get your API key‘ to go to the Akismet site to create your keys.
You must have a wordpress.com account to create Akismet keys. If you already have an account, login or sign up for a new one.
Once you have logged into Akismet with your wordpress.com account, the next step is to select a plan.
One of the options is ‘Name Your Price‘, where you can choose how much you would like to pay, the lowest price being zero. The free plan is meant only for non-commercial sites.
When you have selected a plan, the activation screen should display as below.
Click ‘Activate this site’, after which you arrive back at your WordPress settings screen, and the Akismet key should be filled in.
You can then make some option changes to the settings.
I recommend you select the first option for ‘Strictness‘ – ‘Silently discard the most pervasive spam‘, and the first option again for ‘Privacy‘ – ‘Display a privacy notice‘.
Then save your changes.
How to get rid of spam from contact forms with a captcha
Captchas were invented to prevent robots from sending spam via forms, they force users to enter text according to a garbled picture, thereby weeding out the robots.
The problem with captchas is accessibility, as the text pictures were often difficult to interpret, and could discourage people from contacting you.
The next generation, known as ‘Recaptcha’, was developed by Google, and required to users to click a box instead.
If Google suspected a robot, users would have to answer questions about a series of pictures as further proof of innocence.
The latest version of Google’s Recaptcha (V3) is much improved, it silently detects robots, dispensing with the click box, making it much better for usability.
There are several contact form plugins in existence. The most popular free one is Contact Form 7. If you are using this, then there is a Google Recaptcha option that it is straightforward to set up.
Select ‘Contact‘->’Integration‘ then click ‘Setup Integration‘ button.
On the next screen fill in your Site Key and Secret Key.
If you don’t have keys, click the ‘google.com/recaptcha‘ link to login or create a google account. From there you can register a new site for either Recaptcha v2 or v3.
Version 2 uses a click box and pictures, and version 3 gives you the silent option, which is the best one for usability.
When registration is complete, copy the keys shown under the keys tab back to the form above.
That is all you need to do to protect your Contact Form 7 Forms!
There is no need to add shortcodes to your form configuration, but if you are using Version 2 of Recaptcha then add the shortcode [recaptcha] where you want it to appear within the form.
How to fool spammers with a honeypot
I love this option … get-em with a honeypot!
Honeypots are a simple but cunning alternative to captchas, and the best thing is they don’t put off your human form fillers.
Honeypots work by catching out bots with a hidden field that is invisible to human users, but not to robots. When the honeypot field is filled in, we assume that the form filler is a robot. It’s as simple as that!
There is a free add-on for the Contact Form 7 plugin called Contact Form 7 Honeypot.
When activated it provides an extra ‘Honeypot‘ field that you can add to your contact form.
When you add the honeypot field, you can set a name for it. I like to choose something that could quite legitimately be on a form to fool the robot as much as possible, for example, ‘confirm-email‘.
That is all you need to do, and you will find, that you no longer get spam from the form. If any start coming through again, try changing the name of the honeypot field.
In this post, I have gone through some effective solutions for dealing with spam from your comment forms and contact forms.
There are two lines of attack, the Akismet plugin and two Contact Form 7 add-on options for captchas and honeypots. My favourite is the honeypot solution.
There is now a free plugin that looks very interesting called Antispam Bee. It could be a good alternative to Akismet, which of course you have to pay for. So I will go away and look at that more closely and get back to you on that one.
This post was proofread by Grammarly