How to Stop WordPress Spam Comments: A Comprehensive Guide

Published 5 February 2024
Agnes Talalaev
SEO wizard at Patchstack
Table of Contents

WordPress is a versatile and widely used content management system, and as a result, has become a prime target for spam comments. In this blog post, we'll dive into how to stop WordPress spam comments.

In recent times, the threat has intensified, posing significant challenges to website owners and administrators. With almost half of all emails sent globally being spam - that’s 162 billion spam emails being sent every day (with 8 billion being sent from the US in just one single day earlier this year), it’s a problem we all face.

But for website owners whose sites contain contact forms, feedback forms, and other myriad ways of encouraging people to reach out, this can become a major headache.

The once relatively straightforward task of distinguishing between authentic user engagement and automated spam content has evolved into a formidable challenge, primarily fueled by the advancing capabilities of artificial intelligence (AI) and large language models (LLMs).

With the advent of AI and LLMs, spam bots have surpassed traditional limitations. Now, these sophisticated algorithms possess the ability to generate content that mirrors human language, making the identification of spam increasingly complex.

The sheer volume and nature of these automated spam attacks have elevated the problem to unprecedented levels. It is now more important than ever to implement proper security practices and spam filtering techniques.

In this article, you’ll discover exactly why it is so important to stop WordPress spam comments – and some of the techniques you can implement to help win the war on spam.

Let’s get started!

stop wordpress spam comments

Why do you need spam filtering?

As AI-driven spam bots continue to evolve, traditional spam prevention methods are becoming obsolete. If you don’t adapt and evolve with time, your website will be riddled with countless spam messages.

The repercussions of unchecked spam infiltration extend beyond mere annoyance, impacting the integrity of user interactions, website credibility, and even search engine rankings.

Let’s see how:

  1. User Experience and Credibility: Spam-laden comment sections hurt the user experience and undermine the credibility of your website. Visitors may be put off by the presence of irrelevant or even potentially harmful content, leading to a decline in user engagement.

  2. Search Engine Optimization (SEO): Search engines prioritize user-friendly and credible websites. The infiltration of spam can adversely affect SEO rankings, pushing a site lower down the search results

    Read more about SEO spam and cloaking here.

  3. Data Security: Sometimes spam can also pose data security risks as spam comments may contain malicious links that attempt to exploit vulnerabilities in a website. 

  4. Brand Reputation: A website's reputation is closely tied to its ability to maintain a secure and spam-free environment. Spam-ridden comment sections can damage the brand image, especially if visitors associate the site with unreliable or inappropriate content.

Let’s see some of the ways you can combat spam bots on your website.

stop wordpress spam comments

Using built-in features to stop WordPress spam comments

WordPress comes with built-in discussion settings that can be used for managing interactions on your website. By optimizing these settings, you can take advantage of a suite of tools designed to regulate the flow of comments and engagement. 

To find these settings, go to your WordPress dashboard and navigate to Settings > Discussion.

stop wordpress spam comments
  1. Disable Comments Entirely: The quickest way to stop spam is to turn off the comments section across your entire website. If you don’t need comment functionality, this will be a simple and effective way to get rid of unwanted comments.
  2. User Registration Requirements: Making users register and log in before commenting adds a hurdle for spammers, who often prefer quick and anonymous submissions.
  3. Comments Closure: It is possible to automatically close comments on older posts to prevent spammers from targeting inactive pages. This will allow you to foster lively discussions on recent posts while preventing bots from targeting older pages.
  4. Require Manual Approval: You can turn on this setting so that all new comments will require manual approval before they are displayed on the site. This adds a human layer of scrutiny, preventing automated spam from cluttering your website. However, moderating every comment can be tedious.
    To make this process a bit easier, you can relax your moderation rules and automatically approve comments from users who have commented before. Requiring comment authors to have a previously approved comment reduces the likelihood of new, potentially spammy users gaining immediate access.
  5. Hold Comments with Multiple Links: Many spam comments have multiple links, so automatically blocking comments that pass a link threshold will make sure that comments that are spam get blocked.
  6. Use Keyword-Based Moderation Filters: You can create a list of disallowed words or IPs that trigger comment moderation. This will ensure that comments containing spam-related content are flagged for review. You can take a more stringent approach by placing comments with specific keywords directly in the Trash.

Using anti-spam plugins

Another approach is to use specialized plugins that sift through comments, forms, and interactions to weed out unwanted spam content. Anti-spam plugins typically employ a range of techniques, from heuristic analysis to real-time monitoring, to identify and filter out spam submissions. 


Akismet is trusted by millions of WordPress users. It was developed by Automattic, the team behind WordPress itself. Akismet uses a sophisticated algorithm to analyze comments and submissions, identifying and blocking spam with accuracy. It operates seamlessly in the background, sparing site owners the need for manual intervention.

> Check out Patchstack’s assessment of Askiment’s vulnerability history.

There are many very effective plugins available in the market. When choosing, make sure you install the plugin from a trusted source, and keep an eye on the security practices and updates the plugin team has done on their plugin. 

You can also check if it is mentioned in the Patchstack WordPress vulnerability database to see if the plugin developer is active in fixing its vulnerabilities. If you need any help in choosing a secure plugin for your site, do not hesitate to ask for help or guidance from our team.

Use Captcha to stop WordPress spam comments

When it comes to safeguarding your WordPress site against spam, one popular option is the use of Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart), a tool designed to distinguish between human and machine interactions and help you stop WordPress spam comments and these attacks. 

While it is tempting to use a Captcha everywhere on your site, you should keep in mind that these are not infallible. Many tests can be bypassed by robots – while at the same time being a hindrance to users, and some legitimate users may get annoyed by them.

Older tests required users to decipher distorted characters, but they became obsolete once computers were able to recognize characters much faster than a human ever could.

With the advancements in AI, a new wave of Captcha is emerging in which users are asked to perform a variety of puzzles, such as dragging a slider, picking the odd one out, rotating an image, etc.


Several plugins enable the integration of user-friendly Captcha into WordPress sites. Integrating Captcha solutions, such as Google reCAPTCHA, or alternatives such as hCaptcha, and Cloudflare Turnstyle, provides a comprehensive defense against automated spam comments on your WordPress site. 

captcha demo

Setting up a plugin requires registering your site with the chosen CAPTCHA service. After selecting the appropriate version, you’ll receive a site key and a secret key. These keys are then seamlessly integrated into the plugin settings on your WordPress site.

Use a third-party comment system

If you’re not satisfied with the in-built commenting system of WordPress and want to try out something else, you could start exploring third-party commenting systems. These come equipped with advanced features such as AI-powered moderation tools.

Modern comment systems can apply presets for general content safety using moderation profiles. These filters categorize content (categories include hate speech, violent content, sexual content, bullying, and promotion) based on severity, allowing you to remove objectionable content without manual intervention. This will allow you to proactively halt toxic and inappropriate comments without involving any additional manual work on your part.

If this is something you’re interested in, we recommend checking out the best WordPress commenting plugins article by Servebolt. This article compares some of the best-commenting plugins available for WordPress.


In summary, as the technology continues to evolve, it is essential to address and stop WordPress spam comments proactively. Using effective measures not only addresses the immediate threat but also ensures the long-term viability and credibility of your website in the face of increasingly sophisticated AI-powered spam bots. 

And beyond spam, if you take the security of your website seriously, we strongly recommend taking a look at what Patchstack offers.

Patchstack is a vulnerability management platform that offers proactive security measures, continuous monitoring, and fast patching to protect your WordPress site from potential threats and vulnerabilities.

A holistic approach that combines WordPress's built-in features with external tools such as CAPTCHA solutions, and anti-spam plugins, along with Patchstack provides a robust defense against the escalating threat of spam comments.

By incorporating these strategies, you can significantly enhance your website's security and ensure a positive and secure user experience.

Register with Patchstack for free today to ensure the security of your website and the protection of your brand’s reputation.

The latest in WordPress How-To's

Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.