I recently had to “reboot” this blog as I had to remove it from a wordpress-multisite installation and serve it as a standalone instance. By the way, if you’re starting a new WordPress project, avoid multisite installations like the plague, they really don’t work well and are an expensive pain to spin off, as the plugins that actually work for multisite installations are typically much more expensive than the (often free) ones that do not require that capability.

This aside, one of the big problems you will come up against when administering a “default” wordpress installation is comment spam. Basically you will see hundreds of comments on your posts pile up, but when you actually have a look at those comments you will quickly realize that almost all of them will be essentially from bots that attempt to spam your posts with links. But you can avoid this with a few very simple steps that will stop the spammers dead in their tracks.

WordPress Settings

The relevant settings can be found by logging into your WordPress instance as an administrator, then from the Dashboard going to Settings > Discussion.

Default post settings

The first thing to do is decide whether you want to allow comments on your posts at all. It’s not as obvious as thing as it might seem. If you try to measure engagement by relevant comments on WordPress, you will likely be very disappointed. A much better measure of engagement is how much discussion you can generate on social media sites on which you share your posts. So, the easiest way to cut down on spam is to disable comments entirely by unselecting the checkbox next to  Allow people to submit comments on new posts and skipping the rest of this article.

Other comment settings

If you do allow comments, the most effective way to cut down on the amount of spam is to select Users must be registered and logged in to comment in this section. Spammers are just not going to go through the trouble of registering as a user and will just skip your site, which is the best scenario.

Before a comment appears

Unless you expect that your blog will be a particularly busy one in terms of users comments — and in 2026 that is not a very likely eventuality — make sure to select both the Comment must be manually approved and Comment author must have a previously approved comment options. These will make sure that spam comments do not appear under your posts by default. I believe that those are the default settings in WordPress, but you’ll want to double-check.

Comment Moderation

At this point your installation is already pretty secured, but to “bulletproof” things you should change the Hold a comment in the queue if it contains X or more links option to 1 instead of the default 2.

Conclusion

Just adjusting your WordPress settings in the ways described above should cut down the spam submitted to your site by 99%. Sure, having a large number of comments on posts may seem encouraging if you’re starting a new project, but what you really want is engagement, not people using your site to advertise (mostly) porn and other questionable sites. And in my experience the engagement will actually come from the forums and social media sites on which your share your posts, and not those left on your site.

Thanks for attending my TED talk…