If you have run a WordPress site for more than a few weeks with comments enabled, you have seen them: dozens or hundreds of comments that say nothing meaningful, littered with links to pharmaceutical sites, gambling platforms, or worse. Comment spam is automated, relentless, and completely divorced from your actual content - bots do not read posts before spamming them. Left unchecked, approved spam comments damage your site's credibility and can even affect your SEO if spammy links are visible to search engines.
The good news is that comment spam is one of the most solved problems in WordPress. A few tools and settings together make it nearly a non-issue.
Akismet: The First Line of Defence
Akismet is a WordPress plugin developed by Automattic (the company behind WordPress.com) that filters comment spam using a cloud-based machine learning system. It analyses every comment submitted to your site and marks likely spam before it appears publicly.
Pricing: Akismet is free for personal non-commercial sites. For business sites, the paid plans start at a modest monthly fee. Given how much time it saves, the cost is trivial.
Installation and setup:
- Install the Akismet Anti-Spam plugin from the WordPress plugin directory
- Activate it and click the Set up your Akismet account button
- You will be taken to Akismet.com to create an account and get an API key
- Enter the API key in the plugin settings
Once configured, Akismet works silently in the background. It does not eliminate spam comments - they still get submitted - but it catches them before they appear on your site and sends them to the spam queue for you to review or delete in bulk.
Check your Akismet spam queue periodically to make sure legitimate comments are not being incorrectly filtered. This is rare, but it happens.
WordPress Comment Settings That Reduce Spam
Beyond Akismet, WordPress has built-in settings that make a big difference. Go to Settings > Discussion in your WordPress dashboard:
Require moderation - Enable "Comment must be manually approved." This means no comment appears publicly until you approve it. Slower, but eliminates any chance of spam appearing on your site, and allows you to review borderline cases.
Require name and email - Enable "Comment author must fill out name and email." Bots can still fill these fields, but it adds friction.
Close comments on old posts - Enable "Automatically close comments on posts older than X days." Spam bots love to target old posts because they may have less active moderation. Closing comments on posts older than 30-60 days eliminates a huge portion of spam attempts. Most legitimate readers comment within a week of publication anyway.
Comment moderation rules - Under the Moderation section, you can add words, phrases, or IP addresses that trigger automatic moderation or spam flagging. Add common spam phrases you see repeatedly.
Adding a CAPTCHA
A CAPTCHA challenge stops bots by requiring the commenter to prove they are human. Two good options for WordPress:
hCaptcha - Privacy-focused alternative to Google reCAPTCHA, free for most sites, and available via the hCaptcha for WordPress plugin.
Google reCAPTCHA v3 - Runs invisibly in the background, scoring visitors by behaviour without showing a challenge. Available through several WordPress plugins including WPForms and individual CAPTCHA plugins.
Adding a CAPTCHA to your comment form stops most bots before they even submit a comment, which reduces load on your server and your spam queue.
Disabling Comments Entirely
If comments are not central to your site - and for many business websites, they are not - the cleanest solution is to disable them completely.
Go to Settings > Discussion and uncheck "Allow people to submit comments on new posts." For existing posts, you can bulk-disable comments from Posts > All Posts, select all, and use the Bulk Actions menu to close comments.
This is particularly appropriate for:
- Business websites where customer communication happens through a contact form
- Portfolios and creative sites
- Service pages and landing pages
- Sites where you lack time to moderate a comment section
There is no SEO penalty for disabling comments. Many high-quality sites operate without them.
Cleaning Up Existing Spam in Bulk
If spam has built up in your comments, clean it efficiently. Go to Comments in your WordPress dashboard and filter by Spam. Select all spam comments and delete them permanently. For very large spam backlogs (thousands of comments), the WP-Optimize plugin can clean the spam comments table directly from the database, which is faster than doing it through the dashboard.
Why Fighting Spam Protects Your Reputation
Approved spam comments containing links to questionable sites can signal to Google that your site is associated with spammy content. Even in the spam queue, a very large number of spam comments in your database can slow down your site by bloating the database. Regular cleanup matters.
With Akismet, sensible discussion settings, and a CAPTCHA in place, most WordPress sites go from hundreds of spam comments per week to a trickle - or none at all.
