About Author

Gregg Housh

Post Date
October 14th, 2018

WordPress is an incredible system to build your business website, niche blogs, personal sites/blogs, even some services. It’s friendliness to SEO, plus its immense coding and designing community make WordPress the best content management system. At the time of this writing, there are over 28,900,000 WordPress websites written in over 120 languages, with nearly a billion page views a month for just the ones hosted at WordPress.com (approximately half of the almost 29 million)! While this success is impressive, it also presents a slight problem for its users:

WordPress Spam

For spammers, automation is profit, and comment spamming is easy to automate. Comment spam is not usually known for having a high rate of success, but if a spammer can make millions of attempts to get through, even a tiny percentage of successful comments can be a massive return on their investment. Most blogs automatically allow public comments on all posts, since this is the default comment setting for WordPress. That default acceptance of comments, coupled with the many ways to automatically detect whether a website is a WordPress blog, and the sheer number of WordPress targets available make them a prime target for spammers. These spammers design automated tools to post on websites, and the tools are very attractive to SEO spammers since WordPress blogs cover every topic imaginable.

Spam on your website isn’t just an annoyance: it can have significant implications for your SEO, on your site’s overall ability to rank well, or even show up in the SERPs at all in some cases. Letting too much spam through in the comments section can clutter your pages, making it harder for search engines to identify the topic of your page. Not to mention how damaging comment spam is to your sites link power and search engine trustworthiness.

Google Webmaster Central says:

FACT: Abusing comment fields of innocent sites is a bad and risky way of getting links to your site. If you choose to do so, you are tarnishing other people’s hard work and lowering the quality of the web, transforming a potentially good resource of additional information into a list of nonsense keywords.

That warning is targeted at would-be spammers, thinking about throwing their links all over the internet, but the penalties from Google aren’t just limited to the sites that are creating all these bad links. Websites that are drowning in comment spam also have penalties applied to their rankings, link “juice,” and results. These adverse effects are amplified when the spammers start targeting your site with tarnished topics such as online gambling, online pharmacies, or other equally harmful content. If your site is relatively new or hasn’t established a large amount of trust, even a small number of these types of spam comments can hurt your sites ranks in search engines.

How Do I Identify Spam?

What do you think of when you think of spam? Some think of a heaping pile of links, obscure or maybe even semi-relevant anchor texts pointing to sales pages or CPA networks, some think of sandwiches (okay, not the sandwiches anymore). Truth is WordPress spam comes in many forms, some a little bit better cloaked than others. Some spam comments are easy to detect due to obvious keyword promoting, link stuffing, garbled messages, or spammy topics. Other comments can look perfectly fine, but still, be causing harm. For instance, what if someone leaves a comment on a post that looks like this?

WordPress Comment Spam

This comment seems harmless. No links in the comment body and there is no apparent profiteering going on. The name field says “John” and if you hover over his name, the link points to a site such as “John’s Super Cool Personal Blog” and his email doesn’t seem to be randomized in any way. This comment is probably not spam. However, the comment adds nothing to the content of the site, includes keywords such as “theme” and “layout” in a WordPress environment which may throw the overall context off a bit. There is a chance this is a legitimate question, and perhaps deserves an answer (new friends are always good, right?).

Now, what if that comment looked a little different?

WordPress Spam Comment

This comment has an obvious red flag: the comment poster is using the name field to specify an anchor text for the URL entered under “Website.” It has the same message body, but it’s spam due to the name and the fact that clicking it brings you to a spammy site centered around pharmaceutical products. Spammers rely on vague comments that could apply to any post since the posting is automatic. Any time you see comments that are unrelated to the specifics of your post, it’s worth looking for other red flags.

Filtering out spam by hand can be an incredibly time-consuming task if your website has even a small amount of traffic. Which is why we’re going to walk you through some of the automated options to help cut down the amount of spam you need to slog through.

Over the Spam and Through the Bots…

To the WordPress plugin website we go. Like I alluded to earlier, WordPress has the largest coding/plugin community of any content management system. Virtually anything you need WordPress to do outside of its essential functions, you click the Add New link under Plugins right in the WordPress Admin panel and search.

In an old version of this article, a list of 8 plugins and far too many screenshots and configuration screens was below this point. Luckily in the six years since I first wrote this article, it has become a lot easier to deal with WordPress spam. So you’ll find a much simpler process below!

The current best tool for the job: WPBruiser

Now that you have a good understanding of comment spam and how it can affect your website, it’s time to show you how to fight it. This usually is where I would write up a tutorial showing you how to install and configure WPBruiser. Luckily I don’t have to, Harper Phillips over at WPShout wrote a fantastic post with all the screenshots and directions you could want. No fluff, no re-reading all of the stuff you’ve already read here. Her post just shows you how to set it up. Read Harper’s post right here.

If after reading all of this you want some help implementing best practices on your WordPress website you should check out our sister company WP Hassle Free. At WP Hassle Free we offer monthly packages for WordPress maintenance. Let us handle your website for you.


Does your site need SEO? Get an audit!