Spammers, Bots, and Your WordPress Website

If you go online, chances are you’ve seen spam somewhere. But what if you are a business owner and your website is being flooded with spam?

One of our long-time clients sent us a question recently:

“Do you have any advice in preventing bots from sending spam comments to our website? I get a lot of bogus comments and delete them, but is there a way to prevent this?”

Spamming, simply put, is a method of sending many unsolicited messages on websites or services.  When a website receives bogus comments that are unrelated to the blog content and ridiculous emails from online forms, this is a form of website spam. Advertisers, scammers, and hackers send website spam for various reasons, including black-hat SEO techniques, attempting to sell services, or attempting to find vulnerabilities in websites that help them spam other people.  Unfortunately, this is a very common issue in WordPress sites, since it is the leading blog software.

Published spam on a website does not look good. It gives off the appearance that the website is not managed well (if at all) and that the site is not as reputable as other ones. If you looked under this blog and saw that there were more comments about other websites that are completely unrelated like pharmaceuticals and handbags, you would probably assume the blog is unprofessional, poorly maintained, or hacked.

Now, you could easily just go through and delete a spam comment if it is a rare occurrence. They are irritating but deleting one comment takes just a click inside the WordPress admin. There are ways to automate the process of cleaning up comment spam or even preventing it. If comment spam is a reoccurring annoyance, then you might need to take additional steps.

Manual Comment Maintenance

When you do see spammy comments in your WordPress admin, mark them as spam instead of just deleting them.  This helps to train WordPress and any other spam detecting plugins that similar comments or comments from those same users are suspicious.  You also need to regularly empty the spam database, using the Empty Spam button, so the comments can be cleared out and free up your database space.

Adjusting Discussion Settings

Check your settings under Settings > Discussion.  This area offers various options to customize the way that comments are handled on your WordPress site.  Several of the options are selected by default, and they might not be ideal.  For example, you may not want to allow people to post comments on new articles by default and instead turn on comments for specific posts.  You can always overwrite the settings by editing the options in a single post directly.  You can also require users to be logged in and registered to have the privilege of commenting.

Using Akismet

One way to alleviate WordPress spam problems is by using the Akismet plugin. Akismet automatically filters out the spam comments on your website or blog, making your life much easier and your website much cleaner. In order to incorporate Akismet and take advantage of its spam filtering, you need to order a key code from their website. You can use Akismet on a personal website for free, and there is a small monthly fee for business websites.  Akismet can also be extended with other plugins to prevent known spamming servers from abusing your contact forms.  There are other plugins available that offer similar spam filtering protection.

Adding Captcha

Another service is CAPTCHA, a familiar feature to Internet users today. CAPTCHA incorporates a simple test for humans to solve or a special code to enter before their form can be submitted. Generally, the test is typing in a word or series of letters shown in an image to prove that you are an actual person and not some spamming robot. According to CAPTCHA, bots are unable to solve many of these tests and are less likely to spam websites as a result. There are many free services and plugins that allow you to add this feature to the bottom of your comment forms and contact forms.

Using Third-Party Discussion Tools

Some people also use third-party services like Facebook or Disqus for commenting instead of the native discussion features. With Facebook, users who want to comment on your blog or website will need to do so from their Facebook account, which means it is much more likely that a real person is engaging with the blog. This can also add a sense of community and social following to the blog.  A potential disadvantage of this approach is scaring off readers who do not use social media or who prefer not to use their personal social media accounts on other websites.

Spam is ugly, intrusive, and just plain annoying. It is also manageable, even preventable, with the right settings and measures. Consider one of the services mentioned above the next time you see someone spamming on your site