How to Reduce Spam Comments on Your WordPress Blog

If you’ve ever checked your blog to find that you have 1,234,567 (or any other annoyingly high number) new comments, only to learn they’re all from spammers, this post is for you!

Recently spam comments on my blog started to become a real problem. I was getting almost 100 new spam comments a day (which seemed insanely high). Thankfully they were almost all being caught in Akismet, so I only had to go in and delete them when I felt like it, but it was still irritating. So I did some research on how to stop (or reduce) the number of spam posts I was getting. Here’s what I found out!

How to Reduce Spam Comments on WordPress: 3 Tips

1. Use Akismet if You Aren’t Already

Akismet comes pre-intstalled in every WordPress blog (.com and .org). It’s a spam-catching filter for your comments, and it does a darn good job. If you haven’t already, head over to and get an API key (it’s free for personal use) and then come back to your blog and enter it. The best part about Akismet? It learns, so you can tell it something is spam and it’ll remember for next time.

2. Close Comments on Older Posts

I found this tip in a post called 5 Ways to Reduce Comment Spam. When you close comments on older posts, you give spammers less to target. I choose to close comments older than 3 months (90 days) and it has made a HUGE difference in the number of spammy comments I’m getting.

To close comments on older posts go to ‘Settings’ > ‘Discussion’ and then look for ‘Other Comment Settings’ and tick the box next to ‘Automatically close comments on articles older than __ days’ and enter in a number. Don’t forget to ‘save’ before leaving the page :)

3. As a Desperate Measure, Use CAPTCHA or Some Database Trickery ( only)

If you’re using Akismet and you’ve closed comments on your older posts, and you’re still getting too many spam comments, there are a few drastic measures you can take. One of them is CAPTCHA.

You’ll recognize CAPTCHA as those often-hard-to-read-and-sometimes-crazy-making letters that you have to enter to complete a task on certain websites, usually to submit something or join. CAPTCHA is a really good way to stop spammers because they pretty much can’t get by it, but it’s also going to discourage some people from posting comments as it can get really frustrating.

You can find lots of CAPTCHA plugins if you’re interested. Really Simple CAPTCHA is one of the more popular ones.

If you can stand a few comments in your spam folder, you might be better off not including CAPTCHA on your site.

The other drastic measure involves making changes to your .htaccess files and blocking IP addresses. This is outside my tech realm right now, but if you’re interested, you can learn more about it in this post from Combating Comment Spam/Denying Access.

Bonus Blog Safety Tip: Make Sure Your WP Admin Username is Anything But Admin

This isn’t a way to reduce spam, but it is a way to protect yourself from hackers. I’ve recently read a lot about how to easiest way to protect yourself from hackers on WordPress is to change your username to something other than the default, Admin. Since all blogs start with the username Admin, it’s really easy for hackers to take advantage of those of us who didn’t bother to change it. Once they have your username, all they have to do is crack your password (which is hopefully strong so they can’t, but still…). To learn how to change the username for your admin account, check out, WordPress Tip: Don’t Use Admin, Seriously.

It Can Work!

I don’t want to jinx myself or alert spammers to my lack of spam comments, but since I completed items 1 and 2 above, I have had only 2 or 3 spam comments a week. Who knows how long that will last, but for now, it’s lovely.

Find Out More About Protecting Your WordPress Blog:

I recently came across a book that I wish I’d found a whole lot sooner. Digging into WordPress answers just about every question I’ve ever had about setting up a site, and has a whole chapter on keeping your blog safe from spammers and hackers. It has tips for total beginners, but it also explains:

  • how WordPress works,
  • how to customize your theme,
  • how to optimize for SEO,
  • how to keep your site secure (!),
  • and lots of other stuff.

The part that I really like about this book is that the authors (Chris Coyier and Jeff Star) update it periodically as WordPress changes, and the updates are included once you buy the book (you can download a new pdf version, but they won’t send out a new print version, which is understandable because that would be crazy expensive).

Stay Tuned for Next Week:

Next week I’ll be posting about how to protect yourself from spam on Twitter, and how Twitter let’s you fight back (which feels awesome). And if you missed the first post in the Fighting Spam series, you can find it here: Tips for Fighting Spam – Part 1.

Do you have any tips for preventing spam on your blog? Do you get spam on your blog, or is it just me?

Author: Carrie Mumford

Carrie Mumford is a writer and content manager living in Calgary, Alberta. She write short stories and non-fiction articles, and blogs about technology, editing, writing and (of course) books.

  • This is good info. I have been pleased with Akismet. A couple of strange spam comments got through the filter and indeed they were on older posts. After I ticked them off as spam though, I haven’t had any other problems.

    So far I don’t feel the need to take drastic measures. But it’s good to know I have more options down the road if need be.

    As far as CAPTCHA, I really struggle getting through their gateway in order to make comments, in particular my troubles are on Blogger sites, not WordPress. In fact, I’ve had such trouble that I have given up posting comments and stopped visiting those sites because I can’t comment or engage in the conversation.

    • That’s happened to me before! Sometimes CAPTCHA is more frustrating than my desire to leave a comment. It seems that a lot of sites are phasing it out, but I think it’s tough to move away from because it’s so effective (apparently even at keeping the legit people away :)

  • Closing comments on older posts is the tip of the day! Akismet has performed nearly flawlessly, but I was looking for a way to stop them from arriving. Seems that one post in particular was getting all the spam comments. I even tried adding rules to combat spam bots in my .htaccess file. Never thought to close off comments on older posts. Brilliant!

    • So glad it helped, Randy! Since I turned off comments on older posts, my spam comments have almost entirely stopped. I had the same problem as you right after closing off old posts: the spammers were focusing on one post in particular. Now they’re generally leaving me alone. Fingers crossed it stays that way!

Comments are closed.