Home / Security / How to Prevent Comment Spam


If you own a self hosted blog and you are using WordPress as your blog platform, this post may shed some light on how to combat comment spam.

We all dislike spam and even most of us don’t like the edible kind. If you are using Akismet as your spam blocker you are smart, but there’s more you can do to stop some of those pesky spammers who just know how to get around the system.

Akismet blocks comments based on IP, content and commenter email – See development. There’s just one problem, spammers can use proxy servers to disguise their IP (Internet Protocol). Internet Protocol (IP) is a protocol used for communicating data across a packet-switched internetwork using the Internet Protocol Suite, also referred to as TCP/IP. An IP address looks like this – 999.999.999.999.

Note: It’s very important to mark these posts as spam and not delete them. This will help aid and identify spammers and the Akismet database.

Spammers use proxy servers to mask their IPs thus fooling Anti-Spam tools from blocking the IP from posting. There are more ways to make it difficult for these spammers to post comments.

WordPress Configuration

In addition to having Akismet installed, you should also download and install the plug-in WP-SpamFree Anti-Spam.

In the WordPress Admin Console click on the WP-SpamFree link under Settings. There you will find an option called “Allow users behind proxy servers to comment?” deselect this option. This will prevent would be spammers that use proxies to post a comment.

Go to the Discussion link under Settings and do the following;

  • Select – An administrator must always approve the comment
  • Deselect – Comment author must have a previously approved comment

This will prevent those pesky spammers from posting links in the URL field to non relevant websites that they’re trying to promote by commenting on dofollow blogs. You must have seen some of these comments, see below.

  • Great article, I bookmarked your blog
  • Thanks for sharing I will tell my friends

The tougher you make it for the spammer to comment, the more likely they will move on.


About the author: Frank Jovine


The idea for Tech Jaws and most of the look of the site came from Frank’s mind – a place you wouldn’t want to vacation. Frank takes his run of the waters up North, and has been building successful web sites for years. He’s a regular within social communities like Facebook, Twitter, StumbleUpon, Reddit and Digg. His favorite appetite for tech savvy web sites include, TechCrunch, ZDNet, and helping members in Yahoo Answers in the Computer category.


Recent posts in Security



  1. Luckily, I haven’t had too many issues with comment spam (yet!). Most of those hitting my blog get caught with akismet because they’re not smart enough not to include 20 links in the comment. ;-)

    Another thing I’ve done is disallow comments on posts over X days old. A lot of my comment spam is directed at posts that are months old. I suppose they think I’ll be less likely to spot it that way.

    Great article, I’ll tell my friends. (couldn’t resist)
    .-= Joanie´s last blog ..50 Ways to Improve Your Health =-.

  2. How does that anti-spam plugin filter out spam? Does it look to see if there is a X_FOWARDED_FOR header or does it also have a database of know proxies – like Tor?

    IMO, probably one of the best ways to reduce spam would be to change the wp-comment.php file to something else as spam apps post to that URL.

    I have thought about blocking comment from people that have [seo] or [web design] in the comment name to block manual spam attempts as those are the most common.
    .-= David´s last blog ..Supply and Demand for SEO in the UK =-.

  3. Oh this is something that I should definitely do, and as fast as possible.

    I’m just tired of amount of spam that I receive on my blog. I hope it diminishes after applying these two… :)

    Thanks Frank!
    .-= Gennice´s last blog ..If Websites Were Like People =-.

    • Gennice,

      I take this serious as I average about 8 comments per post and some days a lot more. This could be a pain and time consuming going through nonsense comments.

  4. I need to look at my comment moderation again. I think some people have taken advantage of the automatic approval once a comment has been approved before by putting in one awesome comment, and then nothing but crap thereafter. Thanks for the reminder!

    ~ Kristi
    .-= Kikolani´s last blog ..WordPress Thesis Theme Customization Part Four A: Custom Coding =-.

    • That is a popular one. Another one that caught a lot of people out a while back is that top commentors plugin used to decide the top commentor based on name. So you could just Google to find sites using the plugin and then comment using the name of one of the top commentors and your URL would replace that of the one in the sidebar top commentors bit.

    • Kristi,

      It is best to just moderate all. You are right in saying they provide a quality comment than all hog wash thereafter.

  5. It’s funny. I think the spammers figure that “Great post! Keep it up.” will flatter me enough to approve their comments. I just dopn’t know what planet they live on. Honestly, I could care less what site they link to (other than a couple red-flag niches) as long as they add something of value to the discussion. But you still need to moderate, because only a human can judge the quality of a post. You know what else, and maybe it’s just me, but if their contribution is good enough, I don’t care if their name is just a keyword phrase. But if their comment is borderline, I tend to disapprove those without real names. I wonder if others take the same approach.
    .-= David Leonhardt´s last blog ..Want a link on a throw-away domain? =-.

  6. Akismet works very well most of the time. However I don’t like to require an administrator to always approve every comments. If you actively manage your blog and someone leave a ridiculous comment like. Nice post, thanks. It’s easy enough to simply delete these. In my opinion it takes away from commenting experience for commentators when they don’t get to see their comments appear on the blog. I personally get kind of annoyed when I got to a blog and leave a well thought out comment and it goes to moderation and I don’t get to see it or at least not for awhile. I also like to use bad behaviour in conjunction with Akismet. This works by analysing the http request to see if it looks spammy or not. It prevents most automated spam robots from ever visiting your site and thus cuts down on overall comments spam. I also like and use spam free. :-)
    .-= Gerald Weber´s last blog ..How to Free Your StumbleUpon Inbox From “SPAM” Shared Messages =-.

    • Gerald,

      By not allowing an admin to approve each time, it’s easy for someone to fool you with a quality comment the first time than BS thereafter.

  7. this post is a real help for me
    i am using akismet on my blog but still get new ridiculous advertising comments everyday…
    i hope this second tool combined works not just twofold…
    .-= abdullah´s last blog ..Sony and Toshiba are the Weakest in business : Acer CEO expresses. =-.

  8. Frank, I should consider checking this plugin!

    I am impressed by how commentators are trying to fool my blog with link-dropping, non-relevant comments, spam (of course) and all that stuff you face since you own a ‘self hosted blog’. Even if I am moderating comments -for that purpose only- I do get comments that seems relevant but when reading them carefuly, I find nothing but holy crap!
    .-= Hicham´s last blog ..Lockerbie: Who deceived Who? =-.

    • Hicham,

      I find it entertaining when a commenter tries to get under the radar by posting a quality comment the first time than spam thereafter.

      • Indeed Frank, this is what I am for “quality comment” that add to the post and enrich all of us. Another importat reason for moderating rather than ‘thanks, great post, nighty night’ :D
        .-= Hicham´s last blog ..Egypt @ Digital Age =-.

  9. Pingback: Flashback Monday - Wordpress Basics, Thesis, and Life

  10. argh yep spammers are the bane of any webmaster; I had to tackle it a lot on my blog since it became do-follow.

    I actually tested out many setups and have actually talked about it at length here:

    .-= Donace´s last blog ..Mafia Wars Collections and Items =-.