How to Block Spam Comments in WordPress

Reading Time: 3 min, 45 sec

If you have been running a WordPress website for a while, you know how frustrating spam comments can be. I have managed several WordPress sites over the years, and dealing with automatic comments filled with random text and links is something every site owner faces at some point. These comments not only make your site look unprofessional but can also hurt your SEO and waste your time. Over the years, I have developed a set of practical ways to block spam effectively. Here is what works.

1. Enable Comment Moderation

One of the first things I do on every WordPress site I manage is enable comment moderation. Go to Settings > Discussion and check “Comment must be manually approved.”

This simple step ensures that no comment appears without your review. It may sound tedious if your site gets a lot of traffic, but trust me, it is far better than letting random bots post links freely. I usually recommend combining this with automatic spam detection plugins so you do not have to manually review every single comment.

2. Use Akismet

Akismet has been a lifesaver for me. This plugin automatically filters out most spam comments and stores them in a separate spam folder. Once installed, all you need is to get the free or paid API key. Over the years, I have noticed that Akismet catches 90–95% of automated spam. Occasionally, a legitimate comment might end up in the spam folder, but I can quickly approve it from the dashboard. It is a small price to pay for peace of mind.

3. Close Comments on Older Posts

Spam bots often target older posts because they assume these pages are less monitored. One of my go-to strategies is to automatically close comments on posts older than 30 or 60 days. You can enable this under Settings > Discussion > Automatically close comments on posts older than X days.

In my experience, this step alone can cut down a huge chunk of spam without affecting your active discussions.

4. Add Captcha or reCAPTCHA – Stop Bots in Their Tracks

Adding a Captcha or Google reCAPTCHA to your comment form is a highly effective way to block automated spam. I use the Advanced Google reCAPTCHA plugin on most client sites. It is subtle for real users but a strong barrier for bots. If you rely on built-in comment forms, plugins like reCAPTCHA by BestWebSoft work very well too.

5. Limit Links in Comments

Most spam comments contain links. WordPress allows you to hold comments for moderation if they contain more than a certain number of links. I personally set this limit to one or two links. This stops spam bots that automatically insert multiple promotional links without interfering with genuine comments from readers.

WordPress comment forms have a URL field. You can also remove that URL field to prevent comments spam. You can read this guide to Remove The URL Field From WordPress Comments Form.

6. Use the Comment Blacklist

WordPress has a powerful blacklist feature. Any comment containing words, IP addresses, or URLs in the blacklist is automatically sent to spam. I recommend keeping an updated list of common spam words and phrases.

Over time, you will notice patterns in the spam comments targeting your site, and updating your blacklist is a simple yet effective habit I follow religiously.

7. Consider Third-Party Comment Systems

If spam continues to be a problem, I sometimes recommend switching to third-party comment systems like Disqus or Commento. They offer robust moderation tools, automatic spam filtering, and even social login options for users. I have used Disqus on high-traffic blogs, and the reduction in spam was immediate.

8. A Personal Tip: Monitor and Learn

Finally, my personal tip is to periodically check your spam folder. Occasionally, legitimate comments end up there. Reviewing them not only ensures you do not lose genuine engagement but also helps you identify new spam patterns. Over time, you will get a sense of how spammers operate, and your blocking strategy will become more effective.

Conclusion

Blocking spam comments in WordPress is not about one single solution. It is about layering different strategies: comment moderation, Akismet, Captcha, link limits, blacklists, and occasionally third-party systems. Implementing these steps has helped me keep client sites clean, professional, and secure. With the right approach, spam can become a minor annoyance rather than a constant headache.