4 Simple Ways To Kill SPAM From Your WordPress Site

4 ways to kill spam

According to recent activity reports from WordPress.com, people are writing about 70 million new posts each month. With over 2.3 million blog posts going live each day covering every possible topic, it’s no wonder that these are the front lines in the battle against spam. How can we kill spam on our WordPress sites?

What is Spam?

Spam is any unsolicited commercial or bulk email that is sent to you or your website. We’re probably most familiar with the junk that ends up in our email inbox. Unscrupulous marketers gather massive mailing lists and pepper us with emails that we didn’t request in direct violation of CAN-SPAM laws. However, as WordPress users we can also be subjected to comment spam. Here, our blog posts are inundated with fake comments that can have malware links, sales pitches, or other off-topic information designed to make them money.

Even worse, the sophistication of many of these spam operations has automated a lot of these processes. Bots and spiders are crawling the web looking for vulnerable places to deposit their payload.

Interestingly, the term spam instead of being an acronym, has its origins in the Monty Python Spam sketch. The sketch references the Hormel company’s spiced ham in a tin, but the over-the-top sketch turns ordering into an unforgettable deluge of Spam.

https://www.youtube.com/watch?v=M_eYSuPKP3Y

How Can We Stop Spam?

We have four tools or techniques that can help you combat spam either on or originating from your WordPress website.

Automatically close comments to reduce targets

The first thing you need to do is minimize the opportunities for spam bots to attack your site. An often overlooked setting in WordPress is the ability to automatically close comments after a certain period of time. More often than not, bots target older posts on a site because there’s a better chance that the comment will go unmoderated. Here’s how to get this done:

  1. Log in to your WordPress admin.
  2. Navigate to the discussion subpanel under the settings section.
  3. Under the second subheading “Other comment settings”, you’ll find the option to “Automatically close comments on articles older than 14 days.”
  4. Check the checkbox, and change 14 days to 30 days.
  5. Save your changes.


If it makes sense for your blog, you may want to deactivate comments altogether or make it so that only registered users are allowed to post comments. This will add an extra barrier against spam bots.

Fight comment spam with Akismet

Occasionally, a spam comment will get through your defenses. Not to worry, Akismet is your last line of defense. Akismet is a plugin written by Automattic that checks comments and trackbacks for their spam probability. The system isn’t foolproof, but it learns and adapts to popular comment spam techniques. Akismet is one of the default plugins you’ll see with a WordPress installation. However, if you’ve removed Akismet you can always grab it from the repository.

  1. Activate the plugin.
  2. Sign up for a WordPress.com API key. These keys are free for personal blogs. You’ll want a paid subscription for a business or commercial site.
  3. Copy and paste this key into the Akismet subpanel under the plugins section.

As a side note Akismet also has an add-on for Gravity Forms which allows your form responses to benefit from the same great spam fighting features.

Fight comment spam with Antispam Bee

Akismet isn’t the only spam fighting plugin on the block. One very popular plugin is Antispam Bee. Similar to Akismet this plugin flags spam and makes it ready to remove. This plugin is free to use and is available on the repository. While there are many spam fighting plugins on the repository, there are two reasons to feature Antispam Bee. The first is that it has over 300,000 users, active development, and a five star rating. The second is that with the upcoming GDPR, it’s important to note that Antispam Bee doesn’t store any private user data.

  1. Get the plugin.
  2. Upload the plugin to your plugins folder.
  3. Activate the plugin.
  4. Configure the plugin.

Protect your inbox with SpamShiv Lite

Occasionally you may need to post an email address for your readers to get in touch with you. That being said, putting an unencrypted email address out on the web is a TERRIBLE idea. If you put an email address out on your website, you will absolutely get spam.

So, how do you avoid this? WordPress has some built-in methods to encrypt email addresses that make it very difficult for email harvesters to grab your email addresses. The problem is that there is no easy way to incorporate it into your content. We’ve created a free plugin that will make this a thing of the past. Not only does our plugin automatically encrypt email addresses that you post in your content, it runs through the entire output of your page and encrypts every email address it finds. It does the work for you. We encrypt email addresses using the built-in method “antispambot().”

  1. Get the plugin.
  2. Upload the plugin to your plugins folder.
  3. Activate the plugin.

We hope that this information helps you to reduce and probably eliminate spam originating from your WordPress blog all together. If you have any questions about the plugins here or you want to discuss a security approach for your website feel free to reach out to us.

Written by the Team at Pixel Jar

We hope you got something useful out of that post. If you'd like to read more we have an active blog with topics across the spectrum of website development. If you're researching information for a project we'd love to talk to you about it.

Security at Scale

Security at Scale

We recently had a chance to sit down with Tony Perez, the CEO for Sucuri. Sucuri is one of our go-to partners in assisting with our client’s security needs. Talking with Tony Pixel Jar: For readers who aren’t familiar with Sucuri, tell us a little bit about how you got started in the security space.…
Read More
microservices for wordpress

Serverless Microservices for WordPress

Microservices: Imagine that your application (for example, your WordPress site) is broken into smaller services (i.e. microservice). Each service handles one part of your application’s operation. One service might only handle the authentication of users. Another service might handle the comment system. Yet another service might handle the routing of web pages. All of these…
Read More
how-to-perform-a-website-audit_sidebar

Maximize your website's appeal and keep everything working for the best conversions.

How Can We Help You?

We want to build your next project.

Connect with Pixel Jar

Our Community

Subscribe to learn more about the goings on at Pixel Jar.

  • Note: Your email will be added to our CRM and be used to receive emails from Pixel Jar. You can unsubscribe at any time.

  • This field is for validation purposes and should be left unchanged.