Spam comments can clutter discussions, waste moderation time, and weaken trust in your site.
This guide explains how to stop WordPress spam comments with proven settings, tools, and workflows that reduce abuse without blocking legitimate readers.
Why WordPress comment spam happens
WordPress sites are frequent targets because comment forms are easy to find and automate.
Spammers use bots to post links, keyword-stuffed text, fake praise, and scam offers, often hoping to earn backlinks or promote malware.
Even if comments are not visible right away, a flood of spam can still affect site performance, increase moderation work, and create a poor user experience.
On larger sites, unchecked spam can also lead to indexed low-quality content and unnecessary database bloat.
Start with WordPress discussion settings
The fastest way to reduce unwanted comments is to tighten the built-in Discussion settings in WordPress.
These controls are often enough to block a large share of automated spam before it reaches moderation.
Require manual approval
Turn on the option to hold comments for moderation.
This keeps new submissions from publishing automatically and lets you review suspicious content before it appears publicly.
- Go to Settings in the WordPress dashboard.
- Open Discussion.
- Enable comment moderation for all new comments.
- Consider requiring approved authors to have a previously approved comment if your community is small and trusted.
Limit links in comments
Spam comments usually contain promotional links.
In Discussion settings, lower the number of links allowed before a comment is flagged for moderation.
A threshold of one or two links is often enough for most sites.
Close comments on older posts
Older articles attract more automated spam because they are less monitored.
Set comments to close after a certain number of days, such as 30, 60, or 90, depending on your publishing model.
Use the comment blacklist carefully
WordPress lets you block comments containing specific words, IP addresses, emails, or URLs.
Add recurring spam phrases, suspicious domains, and repeat offender details to reduce repeat attacks.
Use anti-spam plugins that verify submissions
Plugins can stop spam more effectively than manual moderation alone because they analyze behavior, content patterns, and submission context in real time.
The best options are lightweight, updated frequently, and compatible with your theme and other plugins.
Akismet
Akismet is one of the most widely used anti-spam solutions for WordPress.
It compares comments against a large spam database and flags suspicious submissions automatically.
It is especially useful for blogs, magazines, and business sites that receive steady comment traffic.
Antispam Bee
Antispam Bee is a popular privacy-friendly alternative that can block spam without using CAPTCHA.
It offers features such as comment country matching, approval history checks, and statistical filtering.
WPForms and form-based protection
If you use custom forms for comments or user feedback, make sure they include anti-spam features such as honeypot fields, reCAPTCHA, or Cloudflare Turnstile.
These tools reduce bot submissions without adding friction for users.
How to stop WordPress spam comments with verification tools?
Verification tools help distinguish real users from automated scripts.
They are especially valuable when spam bots target your site repeatedly or when your posts attract high traffic.
Use CAPTCHA or Turnstile sparingly
CAPTCHA systems can reduce spam, but they may also frustrate readers.
Cloudflare Turnstile is often preferred because it aims to be less intrusive than traditional image-based challenges.
Use these tools when your comment volume or spam rate justifies the extra step.
Add honeypot fields
A honeypot field is a hidden form field that real users never see, but bots often fill in.
If the field contains data, the submission is marked as spam.
This method is effective and usually invisible to legitimate commenters.
Enable JavaScript-based submission checks
Many spam bots submit forms without fully loading JavaScript.
Comment systems that require a JavaScript-generated token or request validation can filter out a significant amount of automated spam.
Moderation habits that reduce spam at scale
Technology helps, but human moderation remains important for keeping comment sections useful.
A clear workflow makes it easier to approve real comments quickly while removing abuse.
- Check the moderation queue at least once daily on active sites.
- Approve trusted repeat commenters when appropriate.
- Delete obvious spam instead of leaving it pending indefinitely.
- Use comment replies to encourage real conversation and signal that the discussion is monitored.
If your site receives many comments, assign moderation responsibilities to a team member or use role-based permissions in WordPress so the queue does not become a bottleneck.
Reduce spam by hardening the site
Spam comments often arrive alongside broader abuse attempts, so site security matters.
A secure WordPress installation gives spam filters a better chance of working correctly.
Keep WordPress, themes, and plugins updated
Outdated software can expose comment forms and related APIs to abuse.
Regular updates help close vulnerabilities that bots and attackers exploit.
Use a reputable firewall or security plugin
Security tools such as a web application firewall can block suspicious requests before they ever reach your comment form.
Rate limiting, bot detection, and IP reputation checks are especially useful on high-traffic sites.
Protect against brute force and automated abuse
Even though comment spam is different from login attacks, the same automated infrastructure often powers both.
Limit repeated requests, block abusive user agents, and monitor for unusual traffic spikes from the same IP ranges.
Clean up existing spam efficiently
Stopping future spam is only part of the job.
If your site already has a backlog, cleaning it up helps keep the database manageable and improves moderation accuracy.
- Delete spam in bulk from the Comments screen.
- Empty the spam folder regularly so old entries do not accumulate.
- Review legitimate comments that were incorrectly flagged to improve filter settings.
- Remove links or patterns from your blacklist if they are causing false positives.
For older sites with large comment archives, database optimization can help after bulk deletions.
Always back up the site before making large moderation or cleanup changes.
Improve comment quality with policy and design
Technical defenses work better when paired with clear expectations.
A concise comment policy tells readers what is allowed and discourages low-quality submissions.
Publish a comment policy
State that promotional links, hate speech, and irrelevant comments will be removed.
Keeping the policy visible near the form reduces ambiguity and gives moderators a consistent standard.
Make the comment form less attractive to bots
Remove unnecessary fields, avoid generic form labels, and consider limiting URL fields if they are not essential.
A simpler form reduces opportunities for bot abuse and improves user experience.
Encourage signed-in comments when appropriate
Requiring registration can reduce anonymous spam on membership sites, internal communities, and niche publications.
This trade-off works best when your audience values identity and accountability.
Measure which anti-spam methods actually work
The best way to stop WordPress spam comments is to combine controls and track results.
Review how many comments are blocked, how many legitimate comments are delayed, and which settings create the best balance.
- Monitor spam volume before and after each change.
- Track false positives so real users are not frustrated.
- Test plugin updates and form changes on a staging site when possible.
- Adjust moderation thresholds based on your site’s traffic and audience behavior.
Sites with highly engaged communities may need a lighter touch, while low-traffic blogs can often use stricter controls with little downside.
The right setup depends on comment volume, audience trust, and how much moderation time you can realistically spend.