Block Spam on WordPress

I’ve been blogging on WordPress for more than two years now and have grown in that time to become a full-fledged (solopreneur) blogger. I’ve also got my own niche website that you’re currently on, which is a guide for solopreneurs to start their own blogs. To help you out, I’ve decided to write a guide on how to block spam on WordPress. When I started out on the path of blogging, I was quickly confronted with the issue of spam, which is a type of unwanted comments, user accounts, and emails that you’ll inevitably receive if you start blogging.

You’d be surprised at how much spam your blog can accumulate. Anything is possible, from comment spam, form spam, forum spam, to spam bot user accounts. Nothing takes the wind out of my sail more than getting excited because a few new visitors signed up for my email newsletter only to find out they’re spam accounts!

Luckily, I found a few ways to stop spammers in their tracks. 

Choosing the Right WordPress Form Plugin to Combat Spam

Using a WordPress anti-spam plugin is the easiest (and fastest) way to slow down the influx of spam on your website. Most often new bloggers rely on a free Akismet account, which certainly gets the job done. 

However, as your blogging knowledge grows, you’ll eventually want to reduce the number of plugins you rely on to improve your website performance, which means finding a WordPress security plugin that also includes anti-spam. This eliminates the need for a separate anti-spam plugin. Plus, odds are you’ll want to include revenue-generating add-ons like display ads and affiliate marketing to your website, which technically requires an upgrade to a paid Akismet account.

Prevent Contact Form Spam Submissions

 I’ve gotten more contact form spam than any other type of spam. When I first started blogging, it seemed like I’d get a few spam emails daily from my contact forms. I managed to put a stop to them after following the below recommendations.

Use reCAPTCHA Checkbox

reCAPTCHA is one of the best ways to verify your contact form is filled out by human visitors. Most contact form plugins have the capability to activate reCAPTCHA to prevent spam emails. Another option is the invisible CAPTCHA which works in the backend and doesn’t require a user to check a box. 

Prevent Spam Bots From Seeing Your Form

This step is more invasive than others, so I don’t typically recommend it. However, it is a viable option. You can use password protection or only show your form to registered users of your WordPress site. Keep in mind that if a visitor isn’t logged in, then they’ll see a default WordPress message that reads, “To view this protected post, enter the password below.” 

Block Spam Active IP Addresses, URLs, and Phrases

A more tedious yet effective method of blocking spam is to “blacklist” specific IP addresses (or IP ranges), URLs, and phrases you often find in the spam content on your blog. Most anti-spam plugins feature a blacklist which you can add to. Some even come with built-in lists of notorious IP addresses and URLs.

Block New User Registration Spam

Once a new user is registered, they can post as many comments as they want without getting filtered for spam. You can either prevent users from commenting by using a third-party discussion plugin or use an anti-spam plugin that prevents user registration spam. 

Use Honeypot to Catch Spambots

The honeypot approach is sort of the opposite of reCAPTCHA technology. Where in reCAPTCHA users must check a box or sometimes perform an action like retyping characters, choosing images with a specific object, or solving math problems, honeypots only appear to bots. 

Honeypots provide a challenge that is visible to bots but not humans. If the challenge gets attempted, then the commenter is obviously a bot and is blocked. Some anti-spam plugins like Antispam Bee offer this feature.

Prevent Post Spam Comments

If you’re a new blogger then you likely get excited when you get a new comment on one of your posts. It’s a bummer to get to your post and read the comment only to realize it’s just spam. One way to reduce the number of spam comments on posts is to tweak your WordPress blog discussion settings to get more real visitors – legitimate visitors. 

Modify Requirements to Comment on a Post

The following list of recommendations will not only reduce spam comments but also improve your search rankings. Spam links to websites known for abusive traffic will impact your search rankings on search engines like Google. 

Oh, and if you don’t like the native WordPress comment system, you can use a third-party commenting system like Disqus or Facebook.

  1. Reduce the number of links allowed per post
  2. Remove Website URL Field from Comment Form
  3. Disable HTML in Comments
  4. Set a Minimum and Maximum Comment Length
  5. Disable Trackbacks in WordPress
  6. Create a list of ‘blacklisted’ words

Turn On Comment Moderation in WordPress

One option I always enable when I create a new WordPress blog is comment moderation. That’s why you won’t see your comment immediately after submitting it on my posts. I moderate comments to ensure only real users interact with me on this site.

Disable Comments on Media Attachments

Another spam issue easily avoided is to disable comments on all media attachments. Unless you have reviews or need comments on digital media products, I suggest disabling this feature.

Turn Off Comments on Old Posts

Odds are, you won’t be activating this feature any time soon (or ever). If you’re just getting started blogging then you likely don’t have old posts. However, a few years from now you may have posts that don’t receive much traffic and may warrant disabling comments. Another reason for disabling comments on old posts is if the post is about a current event that isn’t current (like a news update). There’s no point in having comments on two years after something happened, in theory.

Switch Off All Comments

The final way to block spam comments is to simply switch off all comments on your website. However, I can’t think of a single reason to justify this action. If you follow the above advice, then you should never get inundated with spam comments or feel overwhelmed by them. 


As you can now understand, blocking spam isn’t exactly easy, but at least it’s possible using the right tools and best practices. At a minimum, moderate all comments in the first few years of your blogging journey. Additionally, don’t hesitate to use reCAPTCHA technology to nearly eliminate spam emails from your contact forms. 

You’ve got enough work to do on your blog so why waste time with spam?


Q: What is comment spam in WordPress?

A: Comment spam is unwanted content appearing on comment sections of blog posts, typically consisting of advertisements, weblinks, trolling, and abusive content.

Q: What Are Spam Bots?

A: Spambots are automated programs that create accounts on blogs and other websites with the intent of sending spam messages in post comments and contact forms.

Q: Why does WordPress have so much spam?

A: WordPress does not come preconfigured with the ability to block spam. Thus, unless a WordPress administrator takes steps to block spam, the blog will receive spam content.

Q: What is Form Spam?

A: Form spam are unwanted contact form submissions consisting of unrelated content, advertisements, solicitations, trolling, and abusive content typically sent as an email from a contact form on a WordPress website.

Q: What is WordPress Registration Spam?

A: Some WordPress websites allow user registration for subscribers. Registration spam is the unwanted creation of user accounts for the sole purpose of creating unwanted user content.

Q: What is forum spam?

A: Forum spam is posts on Internet forums that contain links to malicious websites, advertisements, trolling, and abusive content.

Q: What is social spam?

A: Social spam is unwanted content appearing on social networking services or any website with user-generated content.

Q: What is a spam blacklist?

A: Spam blacklists are compiled IP addresses and domain names consistently associated with generating spam content.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.