Eliminate Comment Spam – In 2 Easy Steps


If you have a WP site up and it’s been indexed for any amount of time then you’re well aware of what ‘Comment Spam’ is.  Before you know it comments are flooding into posts you’ve made but the joy of having your content found online is quickly replaced by the realization that all the comments are absolute junk.

Comment spam is nothing more then people leaving comments on your site for the specific purpose of having a link back to their website placed on your site hoping to improve Search Engine Rankings.  Now I don’t mind giving a person a link back if they leave a comment which is related to the post and generally helps add to the discussion.  That’s what commenting is for.  But 95% of the time that is not the case.  Spam comments are usually vague statements like “Great Post!”  and then a dozen links to various websites.

Stopping Comment Spam

Now you can use the menus within your sites admin area to mark spam comments or just delete them but a better way is to stop the comments from being made on your site to begin with.  After all who wants to waste their time moderating comments when it’s better spent developing your site?  Below I’m going to list 2 simple methods you can use to eliminate 95% of the comment spam your site receives.

Back Things Up!

Before you do anything, especially when modifying code within your site as these steps will be doing, you want to create a full backup of your files and database before proceeding.

Eliminate Comment Spam From Offsite

When people make a comment on your site they are obviously on your site having just read your post.  But that isn’t the case with automated software that many comment spammers use.  They are accessing your commenting system automatically from within the program.  You can block them with changes to your .htaccess file that will detect whether the comment poster is actually on your domain or not.  To do this you’ll need FTP access to your website.

Using FTP download the .htaccess file from the root of your domain.  If you don’t have the file then just create one with a plain text editing program like notepad or textedit.  You want to add the following code to the .htaccess file.  Replace where you see YOURDOMAIN with whatever your actual domain is.

RewriteEngine On
RewriteCond %{REQUEST_URI} /(comments-post|setup)\.php$
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

This will Detect when a comment is being made and it will check to see if it’s being made on wp-comments-post.php.  It then checks if the referrer is in your domain or if no referrer it sends the spam bot back to it’s originating server’s IP address.

Comment Form Nonce

A nonce is a “number used once” to protect URL’s and forms from being misused.  If automated software tries to alter the contents of a URL then the nonce will be rendered invalid and the attempt will fail.

Once again you’ll need to be able to FTP into your site or alternatively use the editor from within the WP appearance menu and add the following code to the functions.php file.

function add_comment_form_nonce_field( ){
  wp_nonce_field( 'anti_spam_nonce_field' );
add_action( 'comment_form', 'add_comment_form_nonce_field' );

function check_comment_form_nonce_field(){
  if( !wp_verify_nonce( $_REQUEST['_wpnonce'], 'anti_spam_nonce_field') )
    die('Security check failed');
add_action( 'pre_comment_on_post', 'check_comment_form_nonce_field');

This will add a nonce to your wp forms field.

Those two steps will decrease the amount of junk comments made dramatically as it will eliminate the Spam Bots from commenting and then you’ll just have to deal with the actual humans that haven’t figured out comment etiquette yet.

For even more ideas check out Mitz’s post on her blog here.

Got any other good ideas?  Let me know in the comments below.


Thoughts and Comments