I got this reader email the other day and thought I should respond publicly as there surely are other newbie bloggers with similar questions and concerns about spam comments:
I am relatively new to blogging. I have been doing it for about 2 months and about 2 weeks ago, I got an influx of comments. At first I was super excited but I realized it was mostly spam, hidden as real comments. I downloaded the Spam Free WordPress Plugin but now I am afraid that all my comments are being blocked. I am so new I do not want to pay for any spam blocking but I need something. What do you recommend? Thanks for your help!
What is comment spam?
You are most certainly familiar with spam emails that get into your mail inbox. These are always trying to sell you something, or the purpose is to steal your data or send you other unsolicited commercial messages. Blog comment spam is similar to this. Biggest difference is that in majority of cases the comment spam doesn’t target you directly, it mostly targets search engines.
One of the first unpleasant surprises a new blogger will encounter is comment spam. Many comments you will get on a new site or even on a more established site, would be spam comments made by robots but disguised as real people making real comments. In a way getting spam comments is a good sign as it means that Google and search engines are ranking your site. The spammers usually find you in the search engine results.
Comment spam is a desperate and not very effective form of mass marketing. It is favored by marketers with products that are hard to promote through legitimate means. Comment spammers’ goal is to leave a link to their site on your site in order to not only attract visitors but also to improve their search engine results.
How do I detect spam?
So how do you recognize a spam comment? Most comment spams are automated messages done by “bots”. They are very obvious and easy to detect. Some spammers are a bit more savvy and stealth. Some hire real people to leave thin, one or two sentence comments that specifically address the points in your post and look perfectly normal. These spammers sometimes hide behind real, human-sounding names, rather than commercial keywords – and this makes them difficult to screen out.
Another nasty trick spammers are now using is to copy the real, intelligent comments on a thread and repost them with a link to their junky URL. They are re-posting real, highly-intelligent, on-topic comments that you’ve seen before so it’s incredibly easy to let them slip by. Be aware of this. These are the signs you should look for to detect spam comments:
- Commercial keyword phrases instead of a real name in the “Name” field
- Spammy-looking URL in the “Name” field
- Spammy-looking URL in the “URL” field
- Links in the body of the comment
- “Nice post” and similar thin type of a comment with no real value or insight
- Comment about something unrelated to the topic of your post
- Comment in a different language than the language you are writing in
How to control comment spam
Luckily for bloggers WordPress is a very advanced anti-spam system. In “Settings” – “Discussion” of your WordPress admin navigation there are several options that can help you control the spam. Here is a guide of your options in that section:
- Default Article Settings – If you prefer not to allow trackbacks and comments on your blog untick “Allow link notifications from other blogs (pingbacks and trackbacks)” and “Allow people to post comments on new articles”. Both of these can actually be changed from post to post. In your post writing screen find “Discussion” and tick or untick the options to “Allow comments” or “Allow trackbacks and pingbacks on this page”.
- Other Comment Settings – Tick to make sure that “Comment author must fill out name and e-mail”. To be even more secure you could allow users to register for your site first and then set “Users must be registered and logged in to comment”. A lot of spam is normally posted on older and more established articles. Use the option to “Automatically close comments on articles older than X days”. Set the number of days to 30 for example and it will drastically decrease the amount of spam.
- Before A Comment Appears – If you tick “Comment must be manually approved” you will manually need to approve each comment before it gets published. The option “Comment author must have a previously approved comment” will then help decrease your workload by automatically allowing comments from people you have approved earlier.
- Comment Moderation – As mentioned above many spam comments have spammy links within them. Set the option to “Hold a comment in the queue if it contains X or more links.” Set the number of links at 2. Here you can also insert any words, names, URL’s, emails or IP addresses that you’d like to manually approve. In these cases WordPress will automatically put their comments for you to moderate.
- Comment Blacklist – Last but not least WordPress allows you to block comments with any specific words, names, URL’s, emails or IP addresses that you assign here. If you get a lot of spam about certain products or from certain IP addresses put them in here.
8 most popular anti-spam plugins
If you are using WordPress’ native comment system, the first thing to do is to setup Akismet plugin. Akismet is installed in WordPress by default, and it will eliminate most comment spam. If you feel you need even more protection on top of having Akismet there are several other tools you can use. There are plugins that introduce CAPTCHA, reCAPTCHA, simple maths and more. Here’s a list of the most downloaded anti-spam plugins:
- Akismet – Akismet is the most popular anti-spam plugin, and is made by the same people that make WordPress so it is a great option. Only thing you need to do to activate it is to get the API key from akismet.com.
- SI CAPTCHA Anti-Spam – This plugin adds CAPTCHA to the forms for comments, use registration, lost password, user log in etc. Visitors will have to type in the code shown on the image in order to post a comment.
- Captcha – Alternative captcha plugin. Adds captcha to any web forms – log in, registration, contact and comments.
- Bad Behavior – This is a PHP-based plugin solution that blocks link spam and the robots that deliver it.
- Spam Free WordPress – This plugin blocks automated spam with zero false positives.
- NoSpamNX – This plugin automatically adds additional form fields to your comment form. These fields are invisible to human visitors but when a spam bot fills these fields blindly the comment will be removed.
- Growmap Anti Spambot - This one adds a client side generated check box to your comment form asking visitors to confirm that they are not a spammer when posting a comment.
- Conditional Captcha – The plugin will serve a CAPTCHA only if Akismet identifies a comment as spam first.
Note that several of the plugins above require your visitors to do some extra work in order to successfully post a comment and not every visitor might be prepared to do more to post a comment. It is important to find a balance between having a good protection from spam comments but not making the usability much worse as you might end with less comments overall. Test some of the plugins and see which of them work and fit your site best.
Alternatives to Worpress’ native comments
Several alternative comment solutions have become available on the market in the recent years. They promote themselves as a better and more spam free alternative. These are the three of the most popular choices:
- Disqus – Disqus replaces WordPress comments and makes commenting easier and more interactive with integration of social media. It features a powerful moderation and admin tool and full spam filtering, blacklists and whitelists. You can see Disqus in action on my blog.
- Livefyre – Livefyre replaces default comments with real-time conversations and a social integration which centralizes social media conversations about your content back to your site. It features spam filtering that keeps the spam out and also has community flagging which allows the community to notify you when a comment is offensive or off topic.
- Facebook comments – This plugin allows you to let people comment on your site using their Facebook profile. These comments are then showed to their friends in their news feeds. The idea with using Facebook profile is not only to make it more engaging but also to limit the number of spam comments as people are using their real names.
A manual check is still recommended
No matter how carefully you go through your WordPress settings, what plugins you activate, and how you read your comments, it’s inevitable that some spam comments will slip past your guard. To make sure that you don’t block any real comments, it is good practice to personally check through the “Spam” folder in your WordPress comments regularly. I do this and once in a while I do find a legitimate comment wrongly marked as spam. It is simple to approve these comments and get them back onto your blog.
It also works the other way around. Do a manual scan of the comments on your blog and once in a while you will find a stealth spam comment that has slipped through the cracks. Spam that comment. Doing this process also helps Akismet improve as the information is sent to them and added to their community created database that improves their spam filtering and blocking.
Implementing and following the guidelines in this post will get rid of the comment spam on your blog and will make your site look beautiful and credible to search engines and visitors alike. Happy blogging!