There are a few steps you can take to reduce the amount of SPAM comments submitted to your WordPress posts and pages. You can pick and choose your level of defense, as there are always trade-offs.

  1. Forcing login to post a comment
    This is a great option if you don't mind maintaining user accounts, but if you are forcing login solely to reduce SPAM, and for no other reason, you might consider trying the steps below first. Forcing login will always reduce the number of genuine comments posted to your blog, for the simple fact that some users just don't want to spend the time to register in order to offer their feedback.

    In Admin: Settings -> Discussion -> Users must be registered and logged in to comment

    You might also consider experimenting with the other options within the Discussion settings.

  2. Removing "spammer-friendly" fields.
    The website field, found on WordPress comment forms by default, is a quick way for spammers to provide a backlink to their website, with no other purpose. Consider removing this field if it provides no other value.

    In your themes's single.php, replace

    comments_template() or comments_form() with:

        $fields =  array(
            'author' => '<p class="comment-form-author">' .
                        '<label for="author">' . __( 'Name' ) . '*</label>'.
                        '<input id="author" name="author" type="text"
                                value="' . esc_attr( $commenter['comment_author'] ) .
                        '" size="30"' . $aria_req . ' /></p>',
            'email'  => '<p class="comment-form-email"><label for="email">' . __( 'Email' ) . 
                        '*</label>' .
                        '<input id="email" name="email" type="text"
                                value="' . esc_attr(  $commenter['comment_author_email'] ) . '"
                                size="30"' . $aria_req . ' /></p>',
        $comments_settings = array(
            'fields' => $fields

  3. Disallow HTML in Comment

    Add the following code to your wp-comments-post.php file located in your blog root (around line 76):

        elseif ( $comment_content != strip_tags($comment_content))
            wp_die( __('Error: HTML not allowed.') );

    Very important note: This approach is not feature proof. If you upgrade to a higher version of WordPress, you'll find that this change will be overwritten. Unfortunately, we could not find a way to do this using the WordPress theme engine.

    After we do this, consider hiding the note about the ability to add HTML comments to the comment body. To do this, CSS is probably the best route, so we don't have to modify the WordPress core files:

    .form-allowed-tags { display: none; }

  4. Install a CAPTCHA plugin

    The Captcha plugin seems to be well maintained, and stays current with WordPress releases.


Leave a Reply

Your email address will not be published. Required fields are marked *