Receiving wordpress spam can become a huge time waster trying to sort through the legitimate comments from the spam comments.

When your website is built upon WordPress, you’ll encounter not just comment spam, but also registration spam – when a ‘spam bot’ registers as a user of your website.

What Is A WordPress Spam Bot?

A spam bot is an automated program that scours the internet for insecure and vulnerable WordPress installations to take advantage of.

When a spam bot discovers one of these sites, it’s program knows how to find the user registration form at and automatically fills it out.

If the spam bot is sophisticated enough after a successful registration, it will automatically post comments without any intervention from the human spammer. It’s all programmed into the spam bot software.

Why Do WordPress Spam Bots Exists Anyway?

Some WordPress spam comments are so odd that you’d wonder what the purpose is. Comments may just look like random characters or junk jumbled words.

More often than not, the comment will contain a link to the spammer’s website. If the link is not in the body of the comment, it may be attached to the ‘name’ field. In default installations, the link will be included in the WordPress spam comment in some way or another.

The spammer does this to increase traffic to their website (which may be malicious) or for Search Engine Optimization purposes (not so malicious, but annoying none-the-less).

How To Prevent WordPress Spam Bots From Registering As A User

To tackle WordPress spam comments, first we’ll need to deal with the spam bots.

Install Captcha Plugin

Download the Captcha plugin here or search in WordPress admin dashboard under Plugins > Add New for ‘captcha’.

This plugin adds a simple maths problem to all forms on your website. Only a real thinking human will be able to solve the math problem and finish the registration process, effectively stomping on bots.


How To Prevent Malicious User Registrations

Next, it is recommended to tighten up the Discussion WordPress settings to prevent real people (as opposed to bots) from becoming annoying spam commenters.

From the WordPress admin dashboard, go to Settings > Discussion.

Make sure Users must be registered and logged in to comment is ticked.

Make sure Comment author must have a previously approved comment is ticked.

This means you will be able to approve any comments that come in and trash any that seem dodgy. Only previously approved commenters will be able to comment again without your approval each time.

Extra Spam Prevention From Akismet

WordPress usually bundles with a plugin called ‘Akismet’. If you don’t have it installed, search in WordPress admin dashboard under Plugins > Add New for ‘Akismet’ and activate it.

You will need a special API key in order to use Akismet, but that’s no issue. It’s still free to register so follow the prompts to get your API key.

Once you have the key, go to the Akismet Settings and enter it into the field and save the changes. If it’s all good, you should get the green light.

Akismet has already stopped hundreds of WordPress spam attempts from getting through the Inscribd website, so it seems to work very well.

How do you deal with spam?