Allowing visitors to submit comments on your WordPress website is a great way to produce new content without any effort on your part. Each comment is essentially fresh, new content – something that search engines love. Commenting also boosts visitor engagement, as users can share their opinions and discuss topics with one another directly on the page.

However, the downside to enabling visitor comments is the potential for spam. It’s not uncommon for some WordPress sites to receives hundreds or even thousands of irrelevant spam comments per day. Trying to separate the genuine comments from the spam ones can be a tedious, time-consuming task. So, how can you protect your site against this behavior?

Close Comments on Old Articles

Spammers often target older posts and pages for two reasons: the post/page contains keywords for which the spammer is attempting to rank, and older posts/pages are less likely to be moderated.

To disable comments on old articles, access Settings > Discussions > and check the box next to “Automatically close comments on articles older than X days (the default 14 should suffice).

Moderate Comments

While you’re in the Discussions section of your site, go ahead and make sure it’s set up to moderate all new comments. This is done by checking the box labeled “Comment must be manually approved.” Without this option checked, spam comments will be immediately published to your site.

Disable Access To Comments File

A slightly more technical safeguard against spam is to disable access to your wp-comments-post.php file. This will have absolutely no effect on actual human visitors, but spammers who attempt to leave comments via automated programs won’t be able to access the necessary file.

To disable access to your comments file, add the following code to your site’s .htacces file:

<IfModule mod_rewrite.c>

RewriteEngine On


RewriteCond %{REQUEST_URI} .wp-comments-post.php*

RewriteCond %{HTTP_REFERER} !.*yourdomainname.* [OR]

RewriteCond %{HTTP_USER_AGENT} ^$

RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]


Technical jargon aside, this code only allows comments to be submitted when the referrer is your site.

Use an Anti-Spam Plugin

There are dozens of WordPress plugins available designed to weed out spam comments. One of the most effective anti-spam comments is Akismet (comes bundled with all new WordPress installations). According to the company’s official website, it has stops over 7.5 million spam comments each hour. There’s a catch, though, Akismet is free to use for personal sites but you have to pay to use it on commercial websites.

Alternatively, you can use one of the dozens of other anti-spam plugins available on the WordPress marketplace. Stop Spammers is an excellent, and free, plugin that cross-checks visitors across multiple databases to determine whether or not they are genuine. It comes with a wide variety of customizable options, although the default settings are usually enough to block out 90% of spam comments from being submitted.

Or Contact WebWize At 713-416-7111

Before making a final decision on a Web Design Company, spend a few minutes on the phone with us.

About Glenn Brooks

Glenn Brooks is the founder of WebWize, Inc. WebWize has provided web design, development, hosting, SEO and email services since 1994. Glenn graduated from SWTSU with a degree in Commercial Art and worked in the advertising, marketing, and printing industries for 18 years before starting WebWize.