How to prevent spam on a WordPress site?
table of contents
Every WordPress website owner has encountered the problem of spam – unwanted comments, fake registrations, empty form submissions, and automated bot attacks. Spam can damage the reputation of the website and email service, burden the server, and turn real users away. In this article, we’ll look at how to effectively reduce and prevent spam comments on WordPress sites.
Filtering spam comments and messages using a WordPress plugin
Akismet
maspik
the plugin Maspik – Advanced Spam Protection It is one of the most effective on the subject, its settings are simple and easy to configure. Install it, go through the settings thoroughly, and you will usually forget about spam (it is recommended to occasionally go through the list of blocked comments and make sure you have not blocked legitimate comments as well).
En spam
the plugin En Spam Designed for the spoiled among us, just install and forget. No settings. No settings needed. It is very effective for blocking bots. Its disadvantage is that it uses cookies that only allow legitimate submissions, so you will need the users’ permission to do so.
Enabling Captcha in forms
Using Captcha reCAPTCHA of Google or Cloudflare Turnstile Forms will prevent robots from sending fake inquiries.
You can easily add Captcha to WordPress by installing a plugin like “Google reCAPTCHA” or “hCaptcha” that supports integration with form plugins like Contact Form 7 or WPForms. If you use the Elementor Pro form builder, there is built-in integration for Google reCAPTCHA (note that you will still need to handle login forms and post comments separately).
Correct settings for blocking spam in WordPress
-
- > Blocking Anonymous Comments
WordPress has a built-in option to set that only registered users can leave comments, which prevents anonymous spam. Go to “Settings” “Discussion” and check the option “Users must be registered and logged in to comment.
- > Blocking Anonymous Comments
-
- Filter keywords in comments
> You can block comments containing suspicious words (such as “casino”, “seo”, etc.). Go to “Settings” < encoded_tag_closed > “Discussion” and add suspicious words to the filter list under “Banned words”.
-
- Limit the number of links in comments
Spam comments often contain a large number of links. You can limit the number of links allowed in a single comment.
> This is also set in “Settings” “Discussion” under “Hold comment for review if it contains more than… links”, limit the number to only 1 or 2.
-
- Blocking spammers’ IP addresses
> If you see a pattern of spam from certain IP addresses, you can block them manually. We are still in “Settings” “Discussion”. Add the spammers’ IP addresses to the blacklist. Alternatively, use a plugin like “WP-Ban” to block them automatically.
Website registration attempt limit
Bots often try to register on a site to spam. This can be limited by plugins like “Stop Spammers” or “Limit Login Attempts”.
Changing the login address
The default WordPress login page is /wp-admin or /wp-login.php. Changing this address can reduce the number of automated login attempts.
How to do this? Install a plugin like “WPS Hide Login” and set a custom URL for the login page.
Security plugins of all kinds also contain this function, so if you have installed a quality security plugin like “Wordfence” or “Sucuri”, you can use it to change the login address and block wp-admin, and you will also install a firewall that can block automated attacks and prevent access from known bots.
If the site’s content is not updated regularly and is quite static, it is possible and recommended to completely block connection to the site through the hosting company’s interface and allow only you to connect when you want to update content.
