ZeroToWP

Comment Spam

Quick Definition

Comment spam is automated junk comments posted by bots on your WordPress site to promote links, inject malware, or manipulate search engine rankings. It is the most common nuisance every WordPress site faces.

Patchstack guide on stopping WordPress spam comments

What Is Comment Spam?

Comment spam is irrelevant, automated messages posted in your WordPress comments section — typically by bots, not real people. These comments exist to promote external links, inject malicious URLs, or manipulate search engine rankings through link placement.

A typical spam comment looks like: "Great article! Visit my site for cheap watches at spam-link.com" — often with broken English, generic compliments, and multiple URLs. Spam bots can submit hundreds of these per day if left unchecked.

Comment spam causes real damage:

  • Database bloat — Thousands of spam entries grow your database and slow down queries
  • SEO harm — Outbound links to spammy sites can hurt your search rankings if not properly nofollowed
  • Security risk — Some spam comments inject malicious scripts or phishing links that could harm your visitors
  • User experience — Legitimate commenters are discouraged when they see a comment section full of junk
  • Admin overhead — Manually moderating hundreds of spam comments wastes your time

WordPress has some built-in protection — Settings > Discussion lets you require name/email, hold comments with multiple links for moderation, and create a keyword blocklist. But built-in settings alone are not enough for any public-facing site.

How to Stop Comment Spam

The most effective approach combines multiple layers:

  1. Install an anti-spam plugin
    • Akismet — The default WordPress anti-spam plugin, powered by a global spam database. Blocks 7+ million spam comments per hour across all WordPress sites. Free for personal blogs, paid for commercial sites. See our essential plugins guide
    • Antispam Bee — GDPR-compliant alternative that runs locally (no external API calls). Completely free.
  2. Enable the honeypot technique — A hidden form field that humans cannot see but bots fill out, instantly flagging them as spam. WP Armour and Antispam Bee both use this.
  3. Require registration — Under Settings > Discussion, enable "Users must be registered and logged in to comment." Eliminates automated bots entirely but reduces legitimate comments too.
  4. Use a WAF — Cloudflare or Sucuri blocks known spam bots before they even reach WordPress.
  5. Limit links per comment — Set the "Hold a comment in the queue if it contains [2] or more links" option in Discussion settings.

Why It Matters

Every WordPress site with comments enabled will get spam — it is not a question of if, but when. Dealing with it from day one (install Akismet or Antispam Bee immediately) saves you from database bloat, security issues, and hours of manual moderation. It is one of the first things you should set up on a new WordPress installation.

Sources

Related Terms

FirewallA firewall monitors and filters incoming traffic to your WordPress site, blocking malicious requests like hacking attempts and brute force attacks before they reach your server.NonceA nonce (number used once) is a unique security token WordPress uses to verify that a form submission, URL action, or AJAX request was intentionally made by the current user — protecting against CSRF (Cross-Site Request Forgery) attacks.SanitizationThe process of cleaning and filtering user input to remove potentially harmful data before saving it to the database, protecting your WordPress site from security vulnerabilities like XSS and SQL injection.

Related Articles

Antispam Bee Review: Is It Worth It? (2026)Honest review of Antispam Bee — the GDPR-compliant spam filter that blocks comment spam without CAPTCHAs or sending data to external services. Completely free.7 Essential Plugins Every WordPress Site Needs (2026)Don't install 30 plugins. Start with these 7 that every WordPress site actually needs — for security, SEO, speed, and backups.
← Back to WordPress Glossary