Beginner WordPress User

0 of 25 lessons complete (0%)

Security, Spam and Backups

Managing spam on your site

This is a preview lesson

Register or sign in to take this lesson.



Let’s talk about managing spam on your website. Allowing comments on your website is a great way to connect with your readers or clients and build a community. Unfortunately, allowing comments also opens the door for spammers. We have all received messages about becoming rich overnight or purchasing unwanted products. Comment spam happens when a spammer posts comments to your website via the blog or context page. In this lesson, we will look at how you can manage and avoid spam on your website by using WordPress’s built-in features and an anti-spam plugin.

Limiting the number of links allowed

Let’s start with the built-in features. By default, WordPress has some built-in features to help you prevent spam on your site, which can be found on the settings discussion page in your dashboard. Number 1: Limiting the number of links allowed. Since spam comments work through backlinks and encourage visitors to the spammer’s site, many spam comments will include a high number of links. You may catch some spam comments on your site by limiting the number of links allowed before it will be held for moderation or for an admin to approve. Just something to take note of. The link limit is set to two links by default, but you can lower it to one link per comment. It is not recommended to set the limit to zero otherwise all comments will be held for moderation.

Update comment moderation settings

The second step you can take is to change the comment moderation settings. In addition to limiting the number of links in a comment, you can also apply specified words, phrases, usernames, emails, etc., in the comment moderation text field to automatically hold comments containing these elements in the moderation queue. I have selected words like gambling, insurance, win, and a link to a cryptocurrency website. As these are things you will often see in spam comments, you are welcome to look at previous comments to flag certain words.

Disallow comment keys

Next, you can also disallow comment keys, or, to put it differently, you can have comments with specified words or elements automatically deleted. This is like the comment moderation setting, but here, you can specify words, phrases, usernames, IP addresses, and so forth to automatically place a comment in the trash. This means you do not need to manually move the comment to the trash from the moderation queue.

Disable trackbacks

The fourth step you can take is to disable trackbacks. A large part of spam is trackbacks. Trackbacks and pingbacks notify you that another blog has linked to your content and vice versa. However, spammers often abuse this feature by sending trackbacks and pings from spam websites.

Extra built-in features

The last step on the discussion page is to select all comments to be moderated. You can do this by selecting Comment, which must be manually approved. Or you can choose not to receive any comments at all by deselecting Allow people to submit comments.

Mark comments as spam

Before we move on to plugins, let’s look at how to mark a comment as spam. Go to comments, and as you will see, we have two spam comments here. Click on both. Cryptocurrency Mania and Win Big. Go to the bulk action, mark it as spam, and then apply.

Anti-spam plugins

Another effective way to manage and stop spam is by using an anti-spam plugin. Many free and paid plugins offer spam protection for your website, which you can find through the Plugin Directory. Some plugins worth mentioning are Anti-spam Bee, Clean Talk, and Akismet. There are multiple plugins to choose from in the Plugins Directory, so find the one that meets your needs. In this example, I am going to install and activate Akismet. Make your way to plugins and click on Add New. Select Akismet and then click on Install Now. Wait for the installation to complete, then click on Activate. Once you click activate, you will be redirected to a page requesting that you set up an account with Akismet. Akismet is free for personal use, so you can select what to pay, even if it is $0. I will go ahead and drag the bar on the right to $0 and continue with a personal subscription. Once activated, there are several settings you can change for how you would like the plugin to manage spam on your site.


Let’s look at a few more security plugins to consider. CAPTCHA is a technology used to tell robots and humans apart. Find the right CAPTCHA plugin, as this makes it very hard for spam bots to infiltrate your website.


Spam plugins can stop and delete many spam comments, but they can’t stop spammers from accessing your website. Too many requests from spammers to submit comments can slow down your site and negatively affect performance. A firewall plugin such as All in one WordPress Security and Firewall, WordFence, Sucuri, or Jetpack will help you block unwanted requests before they even reach your site. These plugins will ward off automated bots and scripts from trying to leave comments. I trust these steps will help you secure your site and intercept spammers.