Pssst…come closer.
Did you know that spam costs American firms and consumers almost $20 billion per year?
That’s right. And this includes those goofy comments and trackbacks you receive on your blogs.
Regardless of whether you’re building WordPress websites for hundreds of clients or simply managing one or two sites for your own company, the threat is out there, and it means business.
The most noticeable form of spam on a blog is the comment that makes little to no sense. These are easy to identify, but man are they a pain to get rid of once you start accumulating hundreds.
But just like all types of spam, the hackers are interested in making you feel good about the message you’re receiving, in turn prompting you, or one of your site visitors, to click on a link.
Think about if you’ve ever sold an item on Craigslist. Your heart jumps for joy once you receive an offer you can’t believe, but then the truth comes out. The spammer sends you an email saying they’ll wire you the money once you send the item.
Boom. Spam detected.
However, it wasn’t always that easy to identify spam, and since blogs are being targeted more than ever, newer bloggers are not trained to spot false comments and other messages.
Trackbacks, comments and pingbacks are generally great for your blog. However, seeing as how bloggers get excited about these communications, it’s easy for hackers to take advantage of you through these pathways.
Here’s the deal: Spam can be created through any pingbacks, comments or trackbacks.
- Comments show up when someone writes a message under a blog post.
- Pingbacks are automated messages when someone links to your website.
- Trackbacks are manual messages from the blog owner when they link to your site.
So what happens when one of these come through as a spam message? Is there anything you can do?
Can’t You Just Ignore Spam?
A rookie mistake involves leaving spam to make it look like the blog has more comments and pingbacks. Is there any harm in publishing spam, or even not approving it and letting it sit on your dashboard?
Both methods are going to hurt you in the long run. You may not notice it when a blog is just getting started, but here’s a list of what problems can arise:
- Bad links mean that Google will not appreciate your site. Search engines are beginning to crack down on bad internal links, and this means that it’s in your best interest to prevent pingbacks and trackbacks from unreputable sources. Otherwise, you could see your SEO rankings decline.
- Spam on your website shows people that you may not be active on your site. Put yourself in a user’s position. If you go to a site and see that the comment area is filled with spam messages, it becomes clear that whoever is moderating the website is either not doing their job right or they haven’t updated the site much.
- Any type of spam can slow down your site. For example, if you check your WordPress backend and notice hundreds of blocked comments, it still helps to delete them so they don’t hurt your speeds. That’s why it’s crucial to clear out spam that accumulates in the backend of your WordPress site.
- Many spam comments and trackbacks provide links. This is terrible news for the relationship between you and your readers. If someone clicks on one of those links and gets a virus, it’s on you. Basically, you may lose your credibility by exposing users to such links.
Now that you know why it’s essential to prevent spam, keep reading to walk through the 9 steps to keeping spam away from your WordPress blog for good.
Step 1: Automatically Run Your Comments Through a Spam Filter
Spam accounts for quite a bit of work on your end if you don’t take action. Sifting through the waves of messages yourself will quickly prove impossible.
That’s where automation comes into play.
Although no plugin is going to completely prevent your blog from accumulating spam, Akismet serves as the closest solution.
What’s wonderful about the Akismet program is that it comes with all WordPress installs. Simply activate the plugin and you’re on your way. If for some reason you can’t find it in your plugin list, feel free to install it from the Akismet homepage.
The process is fairly simple: Visitors submit comments through your blog, and the Akismet plugin decides whether or not they’re spam or not.
All of this happens without you seeing a thing, so it’s wise to check-in on the comment history (on occasion) to locate any non-spam comments that were accidentally classified as malicious. What’s cool is that each comment shows misleading links and repeat offenders to potentially block those spammers in the future.
This depletes most of the spam cleanup for you, but you still have nine more steps to consider.
Step 2: Manually Identify Items That Aren’t Spam
As stated in the first step, some comments and pingbacks will be legitimate, yet Akismet may throw them in the spam folder.
Therefore, that user is left in the dark and it makes it seem like you rejected their comment.
That’s why it’s wise to occasionally go through and manually identify items that aren’t spam.
How do you do that? Follow these steps:
- Check to see if the person uses a strange email address. There’s no chance you’ll want to send a message to each commenter to see if the email is real, but many spammers use weird emails like myemail@emailme.com, or something with tons of numbers. If I stumble upon a comment that I’m not sure is legitimate, but the email looks bogus, I go ahead and delete it.
- Evaluate whether or not the user places a useful link in the comment or pingback. When you notice a comment or pingback that could potentially be a real one, take a look at the link provided. Some comments don’t have one, but all pingbacks should. If you’d like to protect your users, only approve comments that you’d like them to click through.
- Do you notice a real name? Many spammers use keywords instead of real names in order to boost SEO rankings of some other site.
- Another easy way to distinguish between spam and clean comments is to read the comment or pingback. Does it have anything to do with the post? If the wording could apply to any post on any subject, it’s most likely spam.
Step 3: Disable Your Trackbacks and Moderate First Time Commenters
Seeing a trackback shows that people are talking about your website, but when it’s spam, it can often cause more damage than a spam comment.
Therefore, it’s worth considering disabling your trackbacks altogether. You have plenty of other ways to check which websites are linking to your site, and you don’t have to worry about managing the spam messages. For example, the Moz’s Open Site Explorer offers free information on the URLs that link to your site, along with a spam score to figure out if they’re credible.
You can even go into tools like Google Analytics to see where the inbound traffic is coming from.
Step 4: Disable Your Comments After a Certain Period of Time
Did you even know you can disable your comments after a period of time passes?
Are you now wondering what the point of this would be?
Well, as blog posts age (and gain social shares, comments and credibility) their Google PageRank increases (anywhere from 0 to 10.) This is fresh meat for SEO spammers, since they know you won’t pay much attention to older posts, and they also realize that the posts are coming up high in search engine rankings. So their spam links will be seen by more people.
Since fewer legitimate people are prone to comment on your older posts, consider shutting off your comments after maybe one or two months.
Go to your WordPress dashboard and click on Settings > Discussion. Under the Other Comments Settings, check the box that says Automatically Close Comments on Articles Older Than (blank) Days. Specify the amount of time you’d like to keep the comments and hit the Save button.
Step 5: Forget the Captcha and Use an Ultimate Anti-Spam Plugin
A Captcha is a tool that asks your users to punch in a simple code to prove that you’re human before logging into a blog or posting a comment. You can see an example of one below. Chances are, you’ve used one in the past.
Captchas are highly effective when it comes to keeping out spammers, but users find it extremely tedious to punch in this information just to join in on the discussion.
You’re better off using a plugin that takes care of spam without the Captcha.
For example, the Anti-Spam by CleanTalk plugin stops things like spam comments, registrations, orders, bookings, widgets and more. All of this occurs without the need for a Captcha.
We also recommend the Anti-Spam plugin if you think it suits your needs better. However, refrain from installing both since they may conflict with each other.
Step 6: Make Bots Reveal Themselves With Spam Fighter
Another useful solution for preventing spam comes in a more lightweight form than some of the other plugins. The WP Spam Fighter plugin is for those who maybe don’t want a super complex Anti Spam system, since it takes two situations into consideration.
First, it checks to see if the commenter only took a few seconds to post a comment. Then it sees whether or not the user filled in any hidden fields.
Real people generally take time to read the post, so it’s most likely spam if the comment is posted within seconds of landing on the page. The same goes for filling in hidden fields, since real people can’t see these.
Step 7: Take Out That Useless URL Field in the Comment Area
Take a look at the field where people type in their comments on your website. I’m assuming it asks for a name, email address and a message.
But what about a website? Are you expecting people to tell you the URL of their business website?
If so, there’s no reason for this.
The URL field is an interesting area since it attracts both real and fake spammers.
Think about it. If someone wants to improve backlinks to their site, they may take a shortcut (even though it generally doesn’t work) by typing in a useless comment and sharing their own URL.
The same goes for bots, since many of them also include URLs to get people to click through.
It doesn’t matter which type of comment comes in, you don’t want that URL. Therefore, it’s prudent to remove the URL field in your comment module.
The Disable/Hide Comment URL plugin has the functionality to completely take out that pesky URL option.
Once complete, users will have an easier time posting comments, and you won’t have to worry about people submitting their junk links.
Step 8: Shut Down Your Commenting System Completely
Some people say that turning off your comment area is blog suicide, but tell that to Maria Popova at Brain Pickings. She has made the conscience decision to remove the comments area, and she’s running a multi-million dollar blog.
The choice is completely up to you, but let’s take a look at the benefits and downsides of eliminating your comments area.
What are the benefits of turning off your comments?
- The chances of spam comments are almost completely removed.
- You don’t have to worry about spending time responding to the slew of comments that come in.
- Some argue that it creates more of a personal feel since it requires you to interact with readers through email.
- You can spend more time creating content.
- Some folks who want to discuss your article may turn to social media instead, leading to more distribution possibilities.
It can improve your site performance.
What are some of the downsides of turning off your comments?
- This doesn’t completely get rid of spam, since pingbacks and trackbacks are still a problem. You’re also vulnerable to people hacking into your site through the login area or other means.
- Your users no longer have the chance to give you feedback or discuss what you wrote.
- A certain amount of personal touch is lost, since people cannot hear back from you unless you email them.
- Some of your credibility decreases, since comment counts are great ways to show that folks are talking about your content.
- It becomes more difficult to identify your VIP readers and customers.
Step 9: Consider Going for a Third-Party Comment System
The last and final step has plenty of upsides, but it’s completely optional, considering it requires you to completely abandon the default WordPress commenting system.
When talking about third-party comment modules, options like Facebook, Postmatic and Disqus are usually at the forefront of the conversation.
These platforms generally offer features for logging in with different social profiles, managing comments through a dashboard and moderating one user’s comments throughout the entire website. Postmatic even lets folks reply to a comment from an email inbox (so there’s no need to visit the blog URL.)
Third-party comment modules are rather popular and they work well for spam prevention.
I would look at this from two ways. If you’d like to increase your blog conversions and cut down on spam a little bit, go with a third-party system. If you’re not keen on giving over control of your comments to a third-party, stick with the WordPress version. It’s also worth noting that third-party platforms typically slow down your site a little.
Are Your Websites Ready to Fight Spam For Good?
The time is now to take advantage of the many spam fighting tools available online.
The spammers are constantly waiting for you to fall off your guard, and it doesn’t necessarily matter if you have a high-traffic or low-traffic site. Spammers find value in many types of blog posts, and if you let them in, you’re bound to spend way too much time with moderation or significantly decrease the credibility of your online presence.
Therefore, take a look at your sites (or client sites) and see if you can do anything to fight spam for years to come. Take 20 minutes to walk through the 9 steps for keeping spam away from your WordPress blog, and let us know if you have any questions in our comments section below. No spam please!
Abhay
2 Feb 2016Ultimate guide to protect site from spams. I personally prefer to use spam protection plugin.
Olaf Lederer
2 Feb 2016Hi,
nice write up, but you should take care about that spammers never reach your website! I remember me several websites went down because of spam bots. Check this article about a similar subject.
http://www.web-development-blog.com/archives/why-we-dont-use-akismet/
Luke
3 Feb 2016You forgot adding common patterns to the blacklist section in comment moderation. I’ve done this on my personal blog and it’s the most effective way I’ve found.
Also, I love that you guys have the website field in your comment form even after calling for it a useless feature 🙂
Tesla
8 Feb 2016He Luke,
Glad it worked for you.
Cheers!
Ricky Cooper
12 Apr 2020Well written post.