As WordPress developers, we work hard in the hopes our sites will become popular enough to attract a large following. Sadly, that popularity sometimes comes with a price: comment spam. We’ve all seen comment boxes fall prey to spammers, and some WordPress sites are bombarded with hundreds, sometimes thousands, of dubious comments every week.
On the surface, spam may seem harmless enough, but left unchecked it can begin to have a debilitating effect on your site. Readers and non-spammy commentators will feel squeezed out, and that reputation you’ve worked so hard to cultivate could soon be in tatters.
Luckily, taking the fight to the spammers and cleaning up your comments page isn’t too difficult, and there are a number of small steps you can take to all but eliminate spam from your WordPress site entirely.
One of the most valuable tools in the war against spam actually comes pre-installed with WordPress. Askimet is a spam detecting plugin that simply needs to be activated, at which point you’ll be given an API key. Once it’s up and running, the plugin scans comments submitted to your blog and filters out the genuine comments from the spam comments. Although it will sometimes accidentally consign user comments to the spam folder, recovering them is simple and it’s a small price to pay for a spam-free site.
No cookies for you
Almost every spambot runs on some kind of automated script; something that can actually be used to your advantage in the fight against spam. So they can hit as many sites as possible in the smallest amount of time, bots avoid downloading images, cookies and stylesheets. With the Cookies for Comments plugin on your WordPress page, every time someone attempts to access a comments page they are sent a cookie or stylesheet. Legit users will download these files automatically, leaving them free to comment.
Honeypot is the sweetly-named service that tricks spambots into revealing themselves. To enable it you’ll need to install WP Spam Fighter and then turn on Honeypot protection in the settings menu. This cunning plugin works by adding an invisible box to your comments section, visible only to bots. Most bots are hardwired to fill out all fields in a form, so the plugin can flag spammers and stop them from coming back.