Managing Spam on your Website

Learn why spam is a problem for all WordPress sites, why you should control it, and tips for managing it.

Learning outcomes

  1. Identifying and understanding why managing spam is important.
  2. How to mark something as spam on a WordPress site.
  3. Choosing, installing, and activating an anti-spam plugin.

Comprehension questions

  1. What are backlinks?
  2. How can you combat spam within your WordPress dashboard?
  3. What type of plugins will protect you against spam?


Good day and welcome to Learn WordPress. My name is Wes Theron and today we are looking at how to manage spam on your website. If you have an email address, you’ve likely received spam. And we all know how that makes us feel. Spam refers to unsolicited commercial messages. It is when you receive something you never asked for, or when somebody tries to sell you something you don’t need. And this unfortunately happens in WordPress too. Comment spam happens when a spammer posts comments to your website via the blog or contacts page. And that is something we want to try and avoid.

After completing this lesson, you should feel comfortable identifying and understanding why managing Spam is important, marking something as spam on a WordPress site and choosing, installing and activating an anti-spam plugin. Hopefully spam will be something of the past after today. Most spam comments contain links to the spammers’ website. Their goal is to increase the number of backlinks to the website by publishing them anywhere and everywhere they can. The hope is that the higher the number of backlinks, the higher their search engine PageRank will be. But in reality, search engines view these types of links as low-quality backlinks and they do not help spammers. Instead, they sometimes hurt PageRank. Why does spam hurt your site? These spam posts can make your website look less credible, include information that you don’t want your readers to see, and sometimes even cause problems with your website’s SEO.

By default, WordPress comes with some built-in features to help prevent spam on your site, which can be found in the Settings, Discussion page in your dashboard. Let’s look at five ways you can manage your spam in the Discussion page.

Number one, limiting the number of links allowed. Since spam comments work through backlinks and encourage visitors to the spammer’s site. Many spam comments will include a high number of links. You may be able to catch some spam comments on your site by setting a limit to the number of links allowed before it will be held for moderation or for an admin to approve. Just something to take note of, the link limit is set to two links by default, but you can lower it to one link per comment. It is not recommended to set the limit to zero otherwise all comments will be held for moderation.

The second step you can take is changing the comment moderation settings. In addition to limiting the number of links in a comment you can also apply specified words, phrases, username, email, or IP addresses in the comment moderation text field to automatically hold comments containing these elements in the moderation queue. As you will see I’ve selected words like gambling, insurance, win and a cryptocurrency website, as these are things you will often see in spam comments, but you’re welcome to look at previous comments to flag certain words.

Next, you can disallow comment keys. Much like the comment moderation setting. You can also specify words, phrases, user name, email, IP address, or the browser’s user agent string to automatically place a comment in the trash. This is particularly helpful for known spammers that may be using the same IP address or phrase for their spam comments. And this means you do not need to manually move the comment to the trash from the moderation queue.

The fourth step you can take is to disable trackbacks. A large part of spam is trackbacks. For most blogs, you don’t need to enable trackbacks and this is a simple way to lower the amount of spam you may be receiving.

The last step you can take in the Discussion page is to select all comments to be moderated. When this option is selected, all comments made on your site will appear in the pending queue in your dashboard under comments. Now that we have gone through the steps individually, let’s put them all together in a screencast.

Go to the dashboard and make your way to the Discussion page. Seeing that it’s at the top: Firstly, disable trackbacks. Thereafter, tick “comment must be manually approved.” Then we will limit the amount of links allowed to one. Now we move on to adding specified information to the comment moderation text to hold comments containing these elements. And lastly, we will add to the ‘disallow common keys text field’, and I will right ‘prize.’ Please remember to save any changes that you have made. Before we move on to plugins, let’s look at how to mark a comment as spam. Go to comments. And as you will see, we have two spam comments here. Click on both. ‘Cryptocurrency Mania’ and ‘Win Big’. Go to the bulk action, ‘Mark as spam’, and then apply, and you’re done. Now we will focus our attention on using an anti spam plugin. It is a highly beneficial and common approach to preventing spam comments.

There are many free and paid plugins that offer spam protection for your website, which you can find through the plugin directory. Anti-spam Bee is an excellent open-source plugin and it’s free for personal and commercial use. Another plugin that is included with your WordPress installation by default is Akismet. To activate Akismet, click on plugins and ‘add new’, you will see Akismet second on the list, and click on instal now. Wait a moment for the installation to complete and then click on activate. Once you click activate, you will be redirected to a page requesting that you set up an account with Akismet. Akismet is free for personal use, so you can select what to pay even if it is $0. So I will go ahead and drag the bar on the right to $0 and continue with a personal subscription. And once activated, there are a number of settings you can change for how you’d like the plugin to manage spam on your site.

Let’s look at a few more security plugins to consider, REcapture is a technology used to tell robots and humans apart. Find the right REcapture plugin as this makes it very hard for spam bots to infiltrate your website. Lastly, spam plugins can stop and delete a lot of spam comments, but it can’t stop spammers from accessing your website. Too many requests from spammers to submit comments can slow down your site and negatively affect performance. A firewall plugin such as ‘All in one WP security and Firewall’, ‘Wordfence’, ‘Sucuri’ or ‘Jetpack’ will help you block unwanted requests before they even reach your site. These plugins will ward off automated bots and scripts from trying to leave comments.

In conclusion, in case you feel that you don’t need comments on your WordPress site or comment moderation goes out of your hands, remember that you can always switch off comments in WordPress. I trust these steps will help you secure your site and intercept spammers. Visit Learn WordPress for more workshops and training material.

Workshop Details


Wes Theron

I am an Instructional Designer for the WordPress open-source project sponsored by Automattic. I am a strong supporter of the open-source movement. I have a background in education and content development. I am a husband, father, dreamer and lifelong learner.