If you are experiencing a high volume of spam comments on your WordPress website and manually approving comments is not an option, it might be time to look for a plugin. In this blog, we go over the best WordPress spam plugins and how to use them. If you’re looking for other useful plugins, check out this useful blog post.
Do you need a plugin?
What volume of normal comments do you expect? Can you check for new comments to approve regularly? If you expect a lower comment volume and you can approve them in a timely manner, manual approval is the most effective and straightforward way to prevent WordPress spam. Of course if the number of legitimate or spam comments you receive is overwhelming, it might be time to turn to a plugin to get the job done for you.
What to look for in a plugin?
When looking for the best WordPress spam plugin for your blog or website, there’s a few things other than the standard spam filtering features that you’ll want to look out for depending on your needs.
If you experience an extreme volume of spam comments, you may want a spam filter that does not even enter the comment into the database. This can crush your site performance by increasing the amount of MySQL database transactions.
Though we’d recommend to not have a captcha as it reduces the chance a real user will even leave a comment, if you are experiencing a flood of spam comments, turning it on can temporarily alleviate the problem.
You also may want the ability to prevent spam registrations. In the default settings, registered users can comment as they please. While this can be turned off, you may experience spam registrations in an attempt to comment on your site, which can both reduce performance and leave you with fake accounts to clean up, even if they didn’t leave any comments.
Akismet comes bundled with your WordPress installation. It is free for all non-commercial use, and a commercial use is just $5 a month, $50 for enterprise, both complete with support. Both the free and paid versions require registration in order to active the plugin. You’ll have to provide the URL of your site for your key, this helps the plugin author’s enforce the paid commercial use license.
Comments are run through Akismet’s servers to check for spam, using info gathered from all sites running the plugin to fight spam comments more effectively. Blocked comments will have a status history, so you can see if it was allowed and manually blocked by a moderator or blocked by Akismet.
It also includes some helpful add-ons for the comment system. Moderators can see how many approved comments a user has submitted at a glance, making it easy to identify trusted regulars. As recommended above for extreme cases, it has the option to never allow blocked comments to even enter the database.
For settings, Akismet keeps it pretty simple. You can chose whether some spam bypasses the spam folder and gets directly deleted, and you can add a privacy notice to the comment system to comply with GDPR.
This completely free plugin does not require registration in order to work. It is entirely local for its spam detection, so it is more limited in its ability to distinguish spam from legitimate comments, however it does not rely on anyone else’s web server to be up and running.
Despite not having cloud based spam detection, it still works pretty well by comparing comments to a publicly available spam database stored locally with some other techniques and options, like allowing it to always trust comments submitted with an email that has a Gravatar, which are much less likely to be spam.
Antispam Bee has more settings than Akismet, and by default enables unintrusive settings that won’t affect your blog much until you configure it.
First, you’ll probably want to un-check “Mark as spam, do not delete” option that keeps comments flagged as spam on your blog until you manually review and delete them. You’ll want to disable “BBcode is spam” only if you have a plugin to enable BBcode on WordPress, which includes some of the popular WordPress forum plugins like bbPress. Otherwise, it’s a sign that the comments are copy-paste spam made for other platforms that accept BBCode.
Most people will probably want to block comments in other languages, however region filtering is probably not a good idea unless you’re getting a lot of activity from a certain country. Typically spammers use a VPN and may not appear in their country of origin.
Finally, validating the IP of a commenter checks their IP against the blacklist and can be a fairly effective way of preventing spam. Keep in mind, however, that more and more legitimate users have turned to VPNs in recent years, as well as spammers. Users on a VPN like NordVPN, TunnelBear, or Private Internet Access may share a limited number of IP addresses, evidenced by some of these services triggering flood control measures like captchas on some sites. So consider this option carefully, and watch what is deleted for a while.
It, like some of the plugins to follow, may be possible to get around in extreme cases, but is a good option to fight spam comments while keeping the experience of regular users frustration free.
WordPress Zero Spam has simple options, and you’ll want to enable all 4 checkboxes, as well as write a message for blocked IP addresses. Something like “Your IP address has been blocked by our spam filter.”
With a large amount of stellar reviews by users, this anti-spam plugin boasts support for a wide range of plugins in the same installation. Remember, a non-supported plugin may work alongside an anti-spam plugin, but in many cases interference can happen. It’s best to simply test it on a development version of your site and see what happens.
Though the plugin itself is free, it connects to a service at cleantalk.org, which after a free trial period is $8 US a year.
For the settings, you’ll probably want to enable the “SpamFireWall” option if you are concerned about a flood of spam commenters causing performance issues.
In the “Advanced settings” section there are a lot of settings, most of which you’ll want to leave default. Make sure to enable protection for anything you may have installed on there, like WooCommerce.
This plugin adds Google’s reCAPTCHA to your registration and comment pages. It may not be the best idea to have a captcha in most cases as it can discourage real users from leaving comments, but it can immediately alleviate a high amount of spam traffic. It’s a great tool to solve the problem temporarily while you look for a more permanent solution, or if your more permanent solution stops working for some reason.
There is a free version and a premium version. The premium version offers more compatibility with other plugins at 17.95 a year.
To set it up, you’ll first need to register for the Google reCAPTCHA API keys. Once you have those inserted, you’ll probably want to add the captcha to the registration form to prevent spam registrations. You may also want to add it to the comments form which would have a huge effect on spam, but may discourage legitimate commentators from leaving comments.
You’ll likely want to enable hiding the captcha for Admins, Editors, and Authors at least, allowing people that contribute to your sites to respond to comments with less frustration. You can also maintain an IP based whitelist.
Finally, you may want to disable the submit button until reCAPTCHA is loaded. Hitting submit before the captcha has loaded and getting a failed message may be frustrating for users if for some reason the captcha loads after your page does.