Killing WordPress Comment Spam for Fun and Profit

I recently had to “reboot” this blog as I had to remove it from a wordpress-multisite installation and serve it as a standalone instance. By the way, if you’re starting a new WordPress project, avoid multisite installations like the plague, they really don’t work well and are an expensive pain to spin off, as the plugins that actually work for multisite installations are typically much more expensive than the (often free) ones that do not require that capability.

This aside, one of the big problems you will come up against when administering a “default” wordpress installation is comment spam. Basically you will see hundreds of comments on your posts pile up, but when you actually have a look at those comments you will quickly realize that almost all of them will be essentially from bots that attempt to spam your posts with links. But you can avoid this with a few very simple steps that will stop the spammers dead in their tracks.

WordPress Settings

The relevant settings can be found by logging into your WordPress instance as an administrator, then from the Dashboard going to Settings > Discussion.

Default post settings

The first thing to do is decide whether you want to allow comments on your posts at all. It’s not as obvious as thing as it might seem. If you try to measure engagement by relevant comments on WordPress, you will likely be very disappointed. A much better measure of engagement is how much discussion you can generate on social media sites on which you share your posts. So, the easiest way to cut down on spam is to disable comments entirely by unselecting the checkbox next to  Allow people to submit comments on new posts and skipping the rest of this article.

Other comment settings

If you do allow comments, the most effective way to cut down on the amount of spam is to select Users must be registered and logged in to comment in this section. Spammers are just not going to go through the trouble of registering as a user and will just skip your site, which is the best scenario.

Before a comment appears

Unless you expect that your blog will be a particularly busy one in terms of users comments — and in 2026 that is not a very likely eventuality — make sure to select both the Comment must be manually approved and Comment author must have a previously approved comment options. These will make sure that spam comments do not appear under your posts by default. I believe that those are the default settings in WordPress, but you’ll want to double-check.

Comment Moderation

At this point your installation is already pretty secured, but to “bulletproof” things you should change the Hold a comment in the queue if it contains X or more links option to 1 instead of the default 2.

Conclusion

Just adjusting your WordPress settings in the ways described above should cut down the spam submitted to your site by 99%. Sure, having a large number of comments on posts may seem encouraging if you’re starting a new project, but what you really want is engagement, not people using your site to advertise (mostly) porn and other questionable sites. And in my experience the engagement will actually come from the forums and social media sites on which your share your posts, and not those left on your site.

Thanks for attending my TED talk…

A fresh look?

I thought it would be amusing to shake things up with a skin change — also a WordPress upgrade broke the plugin I was using to generate the excerpt for my stories on the front page, so this was a move of necessity more than whimsy. This little number is called Head 1.5 and it’s by Priss. It’s quite pleasant once your eyeballs stop hurting (it is a rather bright template).

Back… for now

I finally managed to unwrangle the mess that WordPress’s database update had left behind (seriously, who could fathom that a database update would cause problems in relation to a graphics file in a theme I had installed and wasn’t even using?). I still think it’s a hell of a mess, but frankly I haven’t had the time to develop my own solution for the time being so at least it’s fixed and I have a means of giving out my opinions to the world again, flawed or uninteresting as they may prove. I do have a number of articles planned but yet-unwritten on a variety of subjects, like the BMW 1-series (which I drove a while back), the Zend Framework (which will be the basis of the blog that will succeed this one), duck (which is a delicious if fatty meat), and lots of other stuff.

Blog update

I managed to “unbork” things that the WordPress “update” messed up — mostly by removing dead links — and put in a silly placeholder for the “about” page so clicking the link doesn’t cause an error anymore. All in all however, I’m pretty determined to write my own software again and ditch WP, at least I’m sure my own SW won’t have the sort of surprises I’ve been seeing this week.