Stop WordPress Spam

Written by
Typical Read
11 minutes

WordPress is the most popular and widely used CMS out there — it's also targeted the most by spammers for that same reason. The good news is, spam can easily be controlled. Meet WordPress Zero Spam, stop WordPress spam from overwhelming your site.

WordPress spam is a plague. It seeks out & multiples faster than COVID-19. Unlike COVID, there’s an effective vaccine for it — WordPress Zero Spam, it’ll stop WordPress spam in its tracks and with little to no configuration required.

Why is WordPress Spam such a problem?

What is spam? Spam is an internet phrase that defines unsolicited emails and links. They are posted to generate high clickthrough rates to other websites. It is another strategy used by sites to drive traffic and influence search engine rankings.

Spammers make use of specialized software to single out websites depending on a range of factors including content and keywords. In basic terms, spammers joyride on the success of sites.

If you permit comments or form submissions on your site, you’re bound to get some spam. As your site grows more popular, that spam is likely to become an even larger issue. There are many types of spam these days, but most of it is automated, posted by spam bots that use short, generic messages as a cover for including links. Learning how to stop WordPress spam is critical for several reasons.

Google Bombing

One of Google’s search techniques is PageRank which not only considers the content of the page being indexed but also looks at who links to the page and what exactly those links say.

When the technique was launched, it was quite effective at sending back relevant results, and it further catapulted Google into the position of the most popular search engine. Spammers, however, found a way to override the technique’s integrity with a strategy called “Google Bombing.”

In practice, a google bomb requires many websites to link to a page with similar link text to improve the ranking of that page. Let’s say a spammer has a site called “Americanbooks,” and they want to rank highly on Google with that keyword. They will leave comments across many websites which will contain the link text “Americanbooks” to be indexed by Google.

Whatever form it takes, WordPress spam is a real problem because:

  • When your comment sections are filled up with spam messages, it’s harder for legitimate visitors to have conversations.
  • Leaving spam comments on your content makes your site look unprofessional and uncared for.
  • A lot of these comments include malicious links, designed to trick visitors into giving away personal information.
  • If left unattended, spam can trigger search engines to block your site.
  • It could affect your site security

The good news is, there is a solution to stop WordPress spam!

How to Stop WordPress Spam

We all love WordPress, but one frustrating thing out of the box is dealing with large volumes of spam. No matter what type of blog your business runs, your sure to have to figure out a strategy on how to stop WordPress comment spam and form submission spam at some point.

Clearly, it’s vital to do everything you can to stop WordPress spam from appearing on your site. Fortunately, this isn’t difficult to do once you install WordPress Zero Spam and follow these simple guidelines.

The Must-have WordPress Spam Prevention Plugin

There are a ton of WP plugins out there that taut they stop WordPress spam — most fall short. There is one however that has had proven successful for over 8+ years, has tens of thousands of active installs, and tons of positive reviews to verify it’s a success.

WordPress Zero Spam

That plugin is WordPress Zero Spam.

WordPress Zero Spam makes it simple to stop WordPress spam in its tracks. It takes little to no configuration — just install, activate and say goodbye to spam.

It’s also packed with a ton of useful features:

  • No captcha, spam isn’t a users’ problem
  • No moderation queues, spam isn’t a administrators’ problem
  • Blocks 99.9% of spam submissions
  • Blocks spammy IPs from ever seeing your site
  • Auto-block IPs when a spam detection is triggered
  • Manually block IPs either temporarily or permanently
  • Developer-friendly, integrate with any theme, plugin or form
  • Detailed logging to catch & block recurring spammers
  • Advanced settings for complete control over spammers
  • Charts & statistics for easy to understand spam analytics
  • Checks known spam blacklists to prevent access

Not only does is it fully-featured, but also compatible & helps block WordPress spam from other third-party plugins:

Note: This plugin does not support Jetpack Comments. For more information, see

More Tips to Stop Spam Permanently

In addition to installing WordPress Zero Spam, there are some other things you can do to stop WordPress spam in its tracks. Following one or more of the recommendations below will allow you to easily reduce your spam by 99.9%.

Yes, you can really reduce it that much! Stop wasting time managing spam comments and focus on growing your blog and business.

1. Reduce the number of links allowed per post.

Most WordPress spam is designed to add links in your comment section and trick people into clicking on them. One way to stop WordPress spam is to permit fewer links in your comments. Legitimate visitors will also be prevented from posting many links, but slowing down the spammers can be worth that potential inconvenience.

From your WordPress dashboard, you can navigate to Settings → Discussion to make this change. Look for the Comment Moderation section:

Stop WordPress Spam

Here you can decide how many links will be permitted in a comment before it is flagged for moderation. You can even reduce the number to zero if you want to require moderation for any comment with links.

2. Disable HTML in comments.

Another handy tip to stop WordPress spam in comments is disabling HTML in comments. HTML can be used to hide spam links in WordPress comments.

Simply add the following code to your theme’s functions.php file or a site-specific plugin:

if ( ! function_exists( 'wpzerospam_filters' ) ) {
  function wpzerospam_filters() {
    remove_filter( 'comment_text', 'make_clickable', 9 );
    add_filter( 'comment_text', 'wpzerospam_strip_comment_links_display', 10, 1);
    add_filter( 'comment_text_rss', 'wpzerospam_strip_comment_links_display', 10, 1);
    add_filter( 'comment_excerpt', 'wpzerospam_strip_comment_links_display', 10, 1);
    add_filter( 'preprocess_comment', 'wpzerospam_strip_comment_links', 10, 1 );
add_action( 'after_setup_theme', 'wpzerospam_filters' );
if ( ! function_exists( 'wpzerospam_strip_comment_links' ) ) {
  function wpzerospam_strip_comment_links( $comment ) {
    global $allowedtags;
    $tags = $allowedtags;
    unset( $tags['a'] );
    $content = addslashes( wp_kses( stripslashes( $comment ), $tags) );
    return $comment;
if ( ! function_exists( 'wpzerospam_strip_comment_links_display' ) ) {
  function wpzerospam_strip_comment_links_display( $comment ) {
    global $allowedtags;
    $tags = $allowedtags;
    unset( $tags['a'] );
    $content = addslashes( wp_kses( stripslashes( $comment ), $tags) );
    return $comment;

This code changes HTML code into HTML entities which are displayed as the code and are not parsed by the browser.

If you don’t feel comfortable editing code, WordPress Zero Spam also has this as an option to turn on in the settings page.

3. Create a list of ‘blacklisted’ words.

Most spam comments contain a lot of recognizable keywords. This makes it easier to spot them and to stop them from appearing on your website. You can simply create a ‘blacklist’ of words to stop WordPress spam, and your site will flag any comment containing one of them.

To do this, return to Settings → Discussion in your WordPress dashboard and find the Comment Blacklist section:

Stop WordPress spam with blacklisted words

Here, you can enter your list of words. When any comment is posted that contains one of those words, it will be sent straight to the trash. Of course, it’s important to choose the words in your blacklist carefully, so you don’t delete comments by legitimate posters. For suggestions, you can check out the recommended comment blacklist for WordPress on GitHub.

4. Remove the comment author link.

Another way to stop WordPress spam is to add a snippet of code to your WordPress site to simply remove the WordPress author comment links.

To do this, you can write your own simple plugin.

Start by creating a file in your wp-content/plugins directory for the plugin. Call it something like kinsta-comment-author-link.php.

Then in the plugin file, add this code:

if ( ! function_exists( 'wpzerospam_filters' ) ) {
  function wpzerospam_filters() {
    add_filter( 'get_comment_author_link', 'wpzerospam_remove_comment_author_link', 10, 3 );
    add_filter( 'get_comment_author_url', 'wpzerospam_remove_author_url' );
    add_filter( 'comment_form_default_fields', 'wpzerospam_remove_author_url_field' );
add_action( 'after_setup_theme', 'wpzerospam_filters' );
if ( ! function_exists( 'wpzerospam_remove_author_url_field' ) ) {
  function wpzerospam_remove_author_url_field( $fields ) {
    if ( isset( $fields['url'] ) ) {
      unset( $fields['url'] );
    return $fields;
if ( ! function_exists( 'wpzerospam_remove_comment_author_link' ) ) {
  function wpzerospam_remove_comment_author_link( $return, $author, $comment_ID ) {
    return $author;
if ( ! function_exists( 'wpzerospam_remove_author_url' ) ) {
  function wpzerospam_remove_author_url() {
    return false;

Save the plugin file and activate it in the Plugins screen in your admin screens.

Warning: This plugin may not work with some themes, depending on the way comments are coded within them. If your WordPress theme is using the standard comments form, it will work. If not, try checking out the code for your theme’s comments form to find the filter hook being used.

The WordPress Zero Spam plugin also has this option if you don’t feel comfortable editing code.

5. Restrict comment privileges to registered users.

The goal of most spammers is to post on as many pages and sites as possible. This means if you can make it more challenging for them to add their comments to your site, they may just move on to the next target.

You can stop WordPress spam by restricting comment privileges to people who have registered on your site. This puts an extra hurdle between spammers and your comment section. As a side benefit, it encourages visitors to sign up for an account or a membership.

This option is also available in the Settings → Discussion section in WordPress. You’ll find it under Other comment settings:

Simply check the box labeled Users must be registered and logged in to comment, and save your changes.

6. Setup a web application firewall.

Adding a web application firewall (WAF) such as Sucuri or Cloudflare can help dramatically cut back on the amount of spam your WordPress site receives.

Why? Because these services sit between your WordPress host and your website to block and filter out all the bad proxy traffic and bots. They also allow you to easily block entire countries with a click of a button.

A WAF can also help decrease your bandwidth and visits usage, in turn, helping you save on your monthly web hosting bills. This is a very effective way to stop WordPress spam.

7. Set up a comment moderation system.

Comment moderation is when you require some or all comments to be approved by a person before they are permitted to appear on your site. If you have the time and resources to spare, this can be a smart strategy.

In WordPress, you can enable a comment moderation system very easily. Simply go back to Settings → Discussion, and check out the Before a comment appears section:

Enable comment moderation to stop WordPress spam

By selecting Comment must be manually approved, any comments made on your site will be held as Pending until they are reviewed. You can then check out each one, and decide whether to let it through or trash it. You can find more advice on setting up a comment moderation system in the WordPress Codex.

WordPress Spam FAQs

How do I stop WordPress spam?

In short, install the WordPress Zero Spam Plugin. You can also implement one or more of the following solutions to stop WordPress spam:

Reduce the number of links allowed per post
Disable HTML in comments
Create a list of ‘blacklisted’ words
Remove the comment author link
Restrict comment privileges to registered users
Setup a web application firewall.
Set up a comment moderation system

How do you block certain IP addresses in WordPress?

WordPress Zero Spam has the ability to auto-black and manually block known spam IP addresses. This can be done via Admin > WP Zero Spam > Blocked IPs/Blacklisted IPs.

How can I mark comments as spam in WordPress?

If a spam comment has been posted to your site you can mark it as spam simply by going to Admin > Comments, then hover your cursor over the comment and click the Spam link.

What’s the best anti spam plugin for WordPress?

There’s a number of WordPress spam plugins out there, most fall short of their promises. That’s why WordPress Zero Spam stands out. It’s been around for over 8 years, has tens of thousands of active installs and tone of 5 star reviews. Best part, it’s completely FREE. No ‘premium’ versions need to be bought.

In Conclusion

WordPress spam comments can quickly clutter up your site, making it look unprofessional and driving real visitors away. Cleaning up all that spam after the fact is challenging. This means you should strongly consider putting a little upfront time into developing a strong anti-spam strategy.

To stop comment spam on your WordPress site, you can:

  1. Reduce the number of links allowed per post
  2. Create a list of ‘blacklisted’ words
  3. Set up a comment moderation system
  4. Restrict comment privileges to registered users
  5. Use an anti-spam plugin, such as WordPress Zero Spam.
  6. Move to a third-party comments plugin.

Do you have any questions about how to implement any of the techniques we’ve introduced? Ask us in the comments section below!

Join the conversation.

Your email address will not be published. Required fields are marked *

All comments posted on 'Stop WordPress Spam' are held for moderation and only published when on topic and not rude. Get a gold star if you actually read & follow these rules.

You may write comments in Markdown. This is the best way to post any code, inline like `<div>this</div>` or multiline blocks within triple backtick fences (```) with double new lines before and after.

Want to tell me something privately, like pointing out a typo or stuff like that? Contact Me.