In the beginning the online universe was formless and void. Then lo, the internet was created and it was good. But as the digital gods rested after their glorious endeavor, sneaky little spammers crept into every shadow and crevice they could find and began inflicting us all with a constant stream of garbage.
Honestly, fighting spam can feel like a never-ending game of whack-a-mole. You block off one path, and they immediately find another. But that doesn’t mean we should stop trying to block them, right? Constant vigilance!
Luckily, WordPress has a number of good ways to make life difficult for spammers, so let’s go through a few, and hopefully we can stop those discount Viagra emails you’ve been getting.
Turn On Comment Moderation
One of the most prevalent kinds of WordPress spam is comment spam — junk messages left as comments at the bottom of your pages and posts, usually with a link to some completely irrelevant service. And one of the best ways to combat comment spam is to turn on comment moderation. To do this, you go to the Discussion settings page and make it so comments must be approved before they show up on the front end. You can either make it so that every comment requires approval or you can opt for a slightly looser setting which allows people who have a previously approved comment make further comments without the need for approval. Either way, you’re going to want to check the boxes that send you an email when people comment or a comment needs moderation, so that you can respond in a timely manner.
Use An Anti-Spam Plugin
There are a few anti-spam plugins out there, but the best option is Akismet, which is developed by the makers of WordPress and ships with every version. Akismet does require setting up a free account with them before it will function, but they are pretty good about walking users through that process. Once it’s activated, it monitors your site in real-time and blocks spam with 99% accuracy. Occasionally it’ll let something through, but that’s why you turned on moderation!
One thing to note is that very rarely Akismet will flag a real comment as spam, and when that happens you don’t get notified. You can protect yourself against that by occasionally looking through the spam it’s collected to make sure nothing got accidentally blocked.
Turn Off Comments on Older Content
Most people comment on a post shortly after it’s published, so another way to combat comment spam is turn comments off entirely for posts older than a certain age. You can do that on the same Discussion settings page we mentioned earlier, and I recommend giving posts at least 30 days before comments are removed.
What About Contact Forms!?
Ok, so we’ve got comment spam mostly covered, but what about all that spam coming directly to your email via your contact form? Well, the biggest weapon in your arsenal is to use a reCaptcha, which can stop spam-bots in their tracks. It’s not a very subtle solution, and it forces real people who want to contact you to jump through some extra hoops, but if nothing else is working for you, then give it a shot. Luckily there are some other options available as well. If you are using a popular form plugin like Gravity Forms or Contact Form 7, you can integrate your forms with Akismet, giving you an extra layer of protection. You can also set up a “honeypot” which is a hidden field that real people can’t see, but that spam-bots will fill out. Anytime the honeypot field is filled out, you know you’ve got spam and can block it automatically. Most popular form plugins have an option to add a honeypot.
Alright! Now you’ve got some weapons to use in the war against spam! Want to make sure your website it as protected from spam as possible? Give the Solamar team a shout.