How to stop spam in WordPress comments just by tweaking a few settings

Combating spam is something every user on the Internet deals with on everyday basis. Whether you’re getting spam to your email address, smartphone or WordPress site, you know how annoying it can be. And just after smart people develop special software and implement different tactics to stop spam in WordPress, spammers find new ways to get to you.

The battle between spammers and users of various Internet services is a never-ending one, but you can’t be the one to surrender. When it comes to WordPress, there are some tricks you can use to at least reduce the number, if not stop spam in WordPress comments completely.

In today’s article, we are about to show you some tips and tricks that you can implement right away. Without installing additional plugins. But if you are looking for a WordPress plugin to recruit in the war against spam, don’t forget to come back next week or subscribe to our notifications because we will show you a list of the best anti-spam plugins for WordPress.

Activate your Akismet account

Akismet (a strange name derived from the company names Automattic and Kismet, not a sound you make while sneezing) is an advanced anti-spam service that comes preinstalled with every WordPress installation. Used by millions of users, the plugin isn’t here by chance. It’s one of the best WordPress plugins to help you stop spam in WordPress comments and should be the first thing to set up.

You will be aware that your Akismet isn’t active. For starters, you will see a big button telling you to activate it. The other clue will be the number of spam comments you’ll start getting hours after you have the site hosted on a server.

For many, this fantastic plugin will be more than enough. So, before you start searching for another plugin and before trying out extra tips and tricks on how to stop spam in WordPress comments, you have to give Akismet a chance. The plugin is free for personal use, but you can choose any of the professional plans if you need one.

  1. Sign up for Akismet account or log in to an existing one
  2. Get your API key
  3. Navigate to Settings -> Akismet
  4. Paste the API key
  5. Relax and let the plugin fight spam for you

Although the plugin’s algorithms work great, sometimes they might miss a comment or two. On other occasions, even a valid comment may end up marked as spam. That’s normal, and you will have to check for comments manually or check the statistics if you use any of the paid plans.

Check Discussion Settings

While customizing your theme, selecting plugins you will use, and writing new posts, you may forget to check the Discussion Settings. And those contain important stuff that might help you stop spam in WordPress comments. You can find all the options in Settings -> Discussion.

Change Comment Settings

Depending on the kind of the site you have, you can allow only registered and logged in users to leave comments on your site. If that was something you wanted, just checking the little box in the settings will help you with the spam because people (and bots) who aren’t registered won’t even get a chance to write comments.

WordPress discussion settings

The other interesting option is the one that allows you to close comments on old articles. Select the option and choose how old an article should be before WordPress automatically closes comments on it. It might not be the best choice for all sites, but it will be a life-saver for some. For example, if your site only publishes news, you might want to close comments after the article is thirty days old. Think about if you need comments on old articles.

If you don’t get a lot of comments, it may be a good practice to schedule all the comments for manual approval. By doing this, even if a spam comment passes by Akismet or any other plugin you might use, you can still stop it before it gets published. After that, you can automatically allow comments from previously approved authors.

Comment Moderation

Usually, spam comments will contain several links. You can quickly stop spam in WordPress comments just by holding comments which have more than two or three links. You can activate the filter from the Settings -> Discussion -> Comment Moderation where you get to choose the number of links allowed per comment.

Although spammers are aware of this and many will use just one link per comment, make sure you have the option selected. Even if it stops just one spam comment, it will be worth it.

Stop comments with specific words

The next field on the discussion settings page allows you to block comments which contain specific words in content, name, URL, and email. You can even block IP addresses from here.

The words you’re going to use here depend on your blog. If you write about smartphones, for example, commenters probably won’t use names of medicaments which are a common thing in spam comments. So you can find a list of meds and add them here. We also suggest that you take a look at a list of common spam words that will help you with this setting. Additionally, if you know the IP address of a spammer, add it here.

Similarly, you can put comments with specific words and IP address directly in the trash.

Disable HTML in comments

By default, WordPress allows everyone to use HTML tags in comments. If you want to stop spammers, you can easily disable HTML in comments by putting the following code in your function.php file:

function plc_comment_post( $incoming_comment ) {
$incoming_comment['comment_content'] = htmlspecialchars($incoming_comment['comment_content']);
$incoming_comment['comment_content'] = str_replace( "'", ''', $incoming_comment['comment_content'] );
return( $incoming_comment );
function plc_comment_display( $comment_to_display ) {
$comment_to_display = str_replace( ''', "'", $comment_to_display );
return $comment_to_display;
add_filter( 'preprocess_comment', 'plc_comment_post', '', 1);
add_filter( 'comment_text', 'plc_comment_display', '', 1);
add_filter( 'comment_text_rss', 'plc_comment_display', '', 1);
add_filter( 'comment_excerpt', 'plc_comment_display', '', 1);

Don’t allow pingbacks and trackbacks

By default, WordPress allows pingbacks and trackbacks. Pingbacks will automatically send a comment to your site if someone links back to your article. While this can help you know when someone links to you, spammers often use this method to get notified. Trackbacks are similar, but they have to be sent manually. If you don’t use them, uncheck the option.

Disallow comments coming from other sources

Spammers are smart. They will use different tactics and techniques to get what they want. In this case, they will send comments from other sources. To stop spam in WordPress comments that don’t even come from your site, you will have to update your .htaccess file.

Before even trying to modify .htaccess file, please create a backup of the file.

  1. Open .htaccess file
  2. Copy and paste the code:
  3. RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.** [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
  4. Chance the URL to your blog on line #4
  5. Save changes

Block spammer’s IP address

If you keep on getting spammed by the same guy, you can block the IP address he was coming from. As WordPress developers allowed you to do so from Settings -> Discussion, we suggest adding the IP address there. But if you want to block IP addresses manually, you can also do that by modifying the .htaccess file.

  1. Navigate to .htaccess file and open it
  2. Copy and paste the code:
  3. Order allow,deny
    Deny from
    Allow from all
  4. Change the IP address you wish to block
  5. Save changes


Combating spam is an ongoing battle. You always have to keep an eye on the spam comments, and you can’t risk posting spam on the site you’re working on so hard. By utilizing the techniques we covered in this articles, you will reduce spam comments in WordPress.

Start Blog Book


This guide is an introduction to mastering the art of blogging. It provides easy to follow steps to start, maintain, and grow your blog.

Read the guide

One thought on “How to stop spam in WordPress comments just by tweaking a few settings

Leave a Reply

Your email address will not be published. Required fields are marked *