WordPress is one of the most popular platforms for building a website; as of 2020 there’s over 75 million sites using it. Being that popular, though, means it’s a large target for spam. While the platform has improved on stopping spam attacks over the years, there’s still room for improvement.
Easy to recognize, spam is the annoying, cluttering, sometimes fooling, messages that pop up in emails, forums, and comments, wreaking havoc on your site. Click the wrong link and you’ll have a virus; too much spam and your site’s SEO ranking will drop. Have a comment section filled with fake users promoting working from home? Real users are likely to click off your site and to another. Not to mention waking up to inboxes filled with ads for fake drug prescriptions can be a rough start to anyone’s day.
So how do you prevent spam on your WordPress site? There are a few easy steps that you can follow that are not as daunting as they seem and require no coding. Once you implement a few of these, you will see the spam stop.
To Prevent Spam on Blogs and Forms
- Require registration to leave a comment on blogs
Instead of allowing anyone to post comments on your site, have your users register first. This is a small step and help prevents bots from automatically choking your forums or blog post with gibberish. By having a person register, you are helping to confirm that it’s an actual user on the other side of the screen.
To enable registering on your site simply go to Dashboard > Settings > Discussion > Other Comment Settings. From there you will want to select ‘Comment author must fill out name and email’ as well as ‘User must be registered and logged in to comment’.
- Disable URLS / Block Words and Phrases
While spam bots are getting smarter everyday, they still aren’t very smart. If you have received a lot of spam, look at some of the phrases they are using. Often spam will repeat the same wording or mention the same products they are selling over and over. If you block these, you will block the bots.
Along these lines, avoid allowing links in comments and in forums. Almost all spam comments try to lead people to another site. It is recommended to reduce the amount of links allowed within a comment, or better, not allow links at all.
To reduce your links and block certain words go to those same settings for discussion (Dashboard > Settings > Discussion ) and scroll to the bottom where you will find Comment Moderation and Disallowed Comment Keys. The Comment Moderation section is where you can adjust the settings for the links allowed in each comment, holding it until it is approved by a moderator. Below that is the comment keys where you can black list words, author names, emails, and more.
In this section you will also find the checkbox to completely disable comments. This is a good option to stop spam if you don’t want or needs comments on a blog, as there’s nothing to attack.
- Use reCAPTCHA
The most common solution to preventing spam is Google’s reCaptcha. There are currently two versions out there, V2 and V3. V2 is the infamous ‘I am not a robot’ checkbox that is seen across most of the internet, while V3 is the newest version. It measures each page with a score to see if the interaction on your site is legitimate using a JavaScript API.
Putting reCAPTCHA on your website is simple and quick. To do so, you must visit the Google reCAPTCHA website and register your website to obtain the API keys. Once you have those you can add them to either the form plugin you are using following their specific directions, typically found under settings, (you can also add reCaptcha to a manually coded form) or, if you need to add it to the comment section, you will want to install reCAPTCHA for your WP comments form plugin. This will allow you to enter those API keys and then your comment forms will automatically be protected from spam.
- AntiSpam Plugins
Askisment Antispam
If you have followed the above steps and you are still receiving spam through forms or comments, then it’s time to bring out the professionals. Plugins are an easy and effective way to prevent spam on your website. Most are plug and play, only needing to tweak a few settings depending on where your spam is being received.
The most popular is Askismet, a plugin introduced by WordPress that comes preinstalled on many installations and themes. However, there are other options out there including Antispam Bee and CleanTalk, and WPBruiser. Any of these are sure to catch the last of the spam that manages to sneak it’s way through.
Most of the above plugins only block spam on comments and contact forms, leaving any emails vulnerable. However, there is a simple plugin fix: email encoder. There are a few out there, but the easiest and fastest one to use is: Email Encoder. It is a plug and play plugin with advanced options that will prevent any spammers from targeting your email.
Following these methods on the list will be a powerful way to prevent spam comments and boost your SEO ratings to make your WordPress site shine.