Spring fever: 3-month free hosting trial + domains up to 90% off first year compared to year 2. **

Claim offer
Start

Start

Start working on your business or idea.

Domain Transfer domain Web hosting Email
Build

Build

Build your website or online shop with our great tools.

Website Builder WordPress Online Shop
Grow

Grow

Grow your online presence with professional tools.

Security Marketing Office 365
More domain choices
.com
$ 5.99 $ 26.99 /1st year
.one
$ 1.99 $ 16.99 /1st year

Log in

Control Panel Webmail Website Builder Online Shop File Manager WordPress

How to protect your WordPress site against spam?

Learn how to protect your WordPress website against spam in numerous ways!

You can protect WordPress and web forms from spam by installing great plugins and activating the anti-spam features that WordPress offers to combat spam.

We all love WordPress and the endless possibilities it enables us with. However, there is one thing that makes us want to rip our hair out – Spam. Spambots evolve just like us. Receiving spam despite all the measures we have implemented to detect, and combat spam can be a tough pill to swallow. Thus, every time spam finds a new way to enter your website, you need to find a new way to combat it. 

These measures include, for example, finding the best free anti-spam for WordPress or the best ReCaptcha plugin. We apply various methods to hinder these spambots, but they sometimes get the better of us. It subsequently leaves us with the ultimate question of how we can stop and protect our web forms from spam? 

Usually, you add contact forms on your websites to enable visitors to get in contact with you; it’s always fun and exciting when a visitor wants to reach out. Sadly, that feeling does not last long when you receive spam all the time through these contact forms. 

We’ve compiled a list of measures, in this article, that can help you prevent unwanted comments in WordPress by implementing a few easy measures. Just call us the WordPress anti-spam team. 

On this page

Get started

6 In-built WordPress features that can combat spam.  

Before we start bringing in external sources, we can consult with WordPress and see how WordPress can help us. WordPress actually has features built-in that can protect you from unwanted comments and protect your WordPress site. These features include:

Limit comments or disable comments – up to you.

You can disable comments on your pages by clicking on Settings→Discussion. However, this one is tricky because who doesn’t love to receive a comment from a visitor or a potential client? This setting applies to a person who operates a website that does not require its visitors to comment.

Or it could be that you have written an article about a touchy subject that you don’t want people to comment on because you don’t want to start a debate. You can disable comments on that specific post and save yourself lots of headaches.

Disable anonymous comments

WordPress allows you to disable anonymous comments, and this a good spam protection. You choose to receive comments only from people who are willing to write down their name and other contact information. This makes the spambots’ lives harder to send you spam. They can still send you spam but trust us; they will have a harder time doing so.

Comment moderation

You can choose this option if you want to be really meticulous. Comment moderation entails that you read and approve every comment before you make it visible to your visitors. This is also an arduous process as you will still receive spam, but in this way, you ensure that your visitors will only see top-quality comments as you’ve most likely deleted any spam-related comments. 

You can also hold comments for moderation based on links, numbers, certain words, URLs, or names. This way, some comments will automatically be approved, and others await your approval. 

Comments by logged in users

You have the option to choose and ensure that only users/visitors who are logged in to your website can comment on your posts. This typically only works if you have a membership community and looking for exciting debates within your community.

The question you should ask yourself once you’ve decided on a membership community is whether you want to moderate the registration process, or can anyone become a member in your community?

Block spam by limiting words

Going back to point three regarding comment moderation – you can choose to allow visitors the freedom to comment while simultaneously choosing certain words to block from being commented upon. This could, for example, be words that you’re certain spammers will use. However, it can also be that you don’t want people to comment profanities on your website. Or maybe you don’t want users to comment on your competitor’s brand. It is a great feature that WordPress has included in its settings.

Including several links in the comment is something that spambots often do. This is to drive online traffic to the spambots’ websites. You can choose to completely ban links from being included in the comments or reduce it to one or two.

Hopefully, some of these features will protect your WordPress website from spam and can combat spam; however, if you’re looking for more advanced ways to help with your spam issues we’ve got you covered.

Using WordPress plugins to fight spam

In addition to the features that WordPress offers, you can also ’employ’ another WordPress spam fighter. Plugins. There are great plugins available that can help you combat spam and prevent unwanted comments in WordPress. One of the plugins that we would like to shine an extra light on is Akismet.

Activate the Akismet plugin

If you decide that you want to allow comments from anonymous users, the Akismet plugin is essential. The Akismet plugin is installed by default on your WordPress and free of cost if you are running, for example, a blog. However, if you are running a commercial website, then you need to pay for the license. Once you have decided whether you will be running a blog or a commercial website, you will receive an API key for your specific purpose. Subsequently, you need to activate the plugin using your API key from Akismet.   

Once you have activated the Akismet plugin, Akismet will monitor and check all comments for spam and will only allow legitimate comments to appear in your comment’s moderation list.

Other WordPress plugins that can help you combat spam.

Below is a list of honourable mentions; other plugins that are also good at protecting your WordPress website from spam and some tips and tricks we have included to help you fight against spam. 

  • Antispam Bee

Antispam Bee plugin is free of cost whether you are running a blog or a commercial website. The plugin will help you combat spam on your WordPress and is also GDPR compliant. Additionally, the Antispam Bee will offer you monthly statistics on how much spam you receive.  

  • Titan Anti-spam & Security 

Titan Anti-spam & Security plugin blocks the spam bots from doing their job. If you get the pro version of this plugin, it will also block spam that has been submitted manually. This plugin offers you other security features as well that will most likely come in handy. 

  • WPBruiser

The WPBruiser plugin, formerly known as Goodbye Captcha, is a plugin that combats spam by activating its anti-spam protection already during sign-ups and when someone wants to reset passwords etc. It’s a free plugin that basically offers your website spam protection in all your forms, whether it’s registration forms or contact forms.

  • Spam protection, Antispam, Firewall by Cleantalk

This plugin ensures that all comments go through their validation process where the plugin checks whether the comment has its JavaScript disabled or if blacklisted HTTP links are included in the comment. Additionally, the plugin goes back in the archives and removes old spam comments and spam users.

How do I turn off user registration?

If your website does not offer a membership community, we recommend turning off the user registration. You should only allow this feature if it’s required for users to be logged in to comment on your posts or if the website’s content is restricted to members only. This is due to the fact that the user registration feature is most often used for sending spam if you don’t have any legitimate use for it.  

Go to Settings→General you can find the settings for Membership. Make sure the box for “Anyone can register” is unchecked.

Use CAPTCHA in forms

Do you know how every time you try to register on a website or fill in a form, the website requires that you prove that you are not a robot? Well, this is what Captcha does. 

You should have Captcha in your forms to verify that the user is human and not a robot or in this case, a spambot. 

Add a ReCAPTCHA plugin to your WordPress website to stop spam. This plugin will protect your web forms from spam. It will distinguish between actual human beings writing a comment or spambots just being bad. Even though sometimes it even gets tricky for us humans to select, for example, all the palm trees in the box, trust us, robots don’t even have a clue what a palm tree is. 

As the spam bots become smarter, so does the Captcha. It will only ask you to pass another test (a total of two) if your behaviour on the website is suspicious. Otherwise, you only need to check a box to confirm that you are not a robot. 

We recommend Google’s own Google Captcha (Recaptcha) by BestWebSoft. Once you add this plugin to your WordPress, it will ask your visitor to check the box each time they are about to register or fill in a form. 

Now you are ready to enter the world wide web with a suit of armour in the form of anti-spam for your WordPress website and various plugins that will protect all your web forms from spam. Keep in mind that you can also add a firewall to reduce the number of spam comments you receive significantly.

Since you are now protected from unwanted comments, do enjoy all the comments you receive as they are most probably nothing but real comments from your visitors who want to send you kudos!

Create the email account wordpress@ on your domain

By default, WordPress uses wordpress@yourdomain.com as the “from” address when sending notifications. By creating the account in your mail administration, you will be notified when WordPress has tried to send a message but was unable to deliver it. To make it easier for you to manage, you can forward the emails to your primary email account on your domain, and create a filter to move messages to a specific folder.

If your inbox is piling up with emails of undelivered messages, then that’s an indication that your website is being used to send spam. To stop this unfortunate situation, look at, for example, your contact form and disable it. 

We hope our favourite plugins and tips and tricks will help protect your WordPress website from spambots!

Build a WordPress website

Related links