How to Stop Spam Comments for GOOD!

SMS Text

I’ve been asked a few times and seen an array of tweets about people having issues with comment spam on their WordPress blogs, even when they’re using tools such as Akismet to try (mostly fruitlessly) to prevent spammers from getting their comment through to the blog or even just the Pending queue.

My blog literally has literally had 0 spam comments, ever. That’s not including manually created comments done by people to try and break past my relentless commentluv barrier but I’m very picky when it comes to allowing comments through onto my blog, I loose a good chunk of around 25% of my comments each day due to me disliking the tone etc… (Apologies in advanced for anybodies who doesn’t get accepted).

The one spam comment that is currently sitting in my qeue though, isn’t even a spam comment:

spam comment aka not spam

The Plugins Setup –

I have a few different plugins I use and I suggest having all 3 enabled and configured correctly for optimal spam stoppage!


The standard WordPress comment stop-a-spammer plugin that’s built into every WordPress installation. Just grab an API key, activate Akismet in your WordPress plugins folder, insert the API key and bobs ya uncle!

akismet stop spam

Akismet is just an identifier, it’ll look for specific comments that tick the criteria of a spam comment and push them into the comment box. This is our almost last layer of protection vs spam comments compared to the other plugins we’ll be using.

Growmap Anti Spambot Plugin

Growmap is made by the same guys who make CommentLuv, which surprisingly enough I also have on my blog. It’s the “Confirm you’re not a spammer” box you might say plastered around various blogs. This is meant to stop software like ScrapeBox and No Hands SEO from being able to submit comments to your box and tends to work very effectively, especially vs the likes of timeout scripts.

growmap anti spambot plugin

Growmap offers a ton of options to further protect your blog, here’s my quick Growmap step by step tibbits:

  1. Change the CheckBox Name Weekly (This stops any bots that have picked up on it from being able to access it again)
  2. Disallow All Tracbacks, these are pretty pointless and when you’re trying to optimize a site why you want 2 way links?
  3. Change the CheckBox Label, this is so bots that are “clever” won’t pick up on the plugin’s default nature that spammers have targeted.
  4. Make sure User Refer Check is Ticked
  5. Make sure you have a maximum of 6 allowed comments in the queue.

AVH First Defense Against Spam Plugin

AVH is a plugin that not many know about and hardly any use. It’s created by the guy behind the Stop Forum Spam plugin so is mainly used on Forums and not on blog comment spam blacklists. This pulls in data from all over the place so people who have been spamming from 100s of different proxies won’t be able to even access the comments of your blog and when they try to post will be immediately blocked.

avh spam access denied

If any comments do get through, you always have the option to report for spam and add it to the blacklist on the SFS database, which means you’re helping the rest of the community using this plugin and making the internet less spammy in general.

spam stop

This means you’ll be improving the community behind SFS, banning someone from your website from ever commenting again and saving the net from spam, 1 little IP at a time!

OnPage Tips/Tricks –

These aren’t the quick and easy install a plugin type tricks and some I don’t recommend if you don’t know your way around the technical sides of CMSs, otherwise get a friend who does and get them to do it for you!

Modify your .htaccess

This is super easy and really helps make your site more secure from both spam and hackers crawling bots.

Prevent Comment Spammers with .htaccess

Just add this to your .htaccess file and replace the “youurl” with your blogs URL (e.g.

# Protect from spam bots
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Ban the Spammers IP Address –

This is simple and you can just add new IPs or even IP ranges to the list –

# block ip
order allow,deny
deny from XXX.XXX.XX.XXX
deny from XXX.XX.XXX.XX
deny from XXX.XX.X.XX
allow from all

This’ll disallow any of those IP addresses from visiting your site.

Well it Works –

I use these 3 plugins across all of my blogs and they genuinely work really nicely, along with the extra tricks, your blog will be protected easily.

Try it for yourself and post your results in the comments section below, and if you have any tips or plugins you use, don’t forget to share them below and we can slowly eradicate the annoyance of spam as dedicated blog owners.

Charles Floate

Charles Floate

Internet Marketing Consultant at Charles Floate
I'm Charles Floate, a 19 year old SEO & Internet Marketing specialist from the UK. I've been in SEO for close to 8 years now... Read Full Bio
Charles Floate
Charles Floate

Latest posts by Charles Floate (see all)

Get the latest news from Search Engine Journal!
We value your privacy! See our policy here.
  • simon

    Hi Charles

    a couple of points. your God of SEO site has people using your commenting system to post links back to their site in quite an obvious way. Also, you do a heck of a lot of blog spam, i.e. your ranking for rand case study, you apologised to all those blogs you spammed.

    A bit cheeky writing this article me thinks 😉

    • Kalee

      Never seen Catch Me If You Can? If he’s been doing it, then he probably has better advice on how to stop it from happening. Just my thoughts.

  • Enstine Muki

    Hi Charles,
    Have you tried the new commentLuv Antibacklink plugin?
    Looks like that works with a bunch of options to kick out unwanted comments . That’s the only one I have now and I’m almost 100% comfortable with it

  • sajith

    This article is really informative for blocking spam. In the wordpress , the last part is informative as spammers ignore all plugins (infact they say hi hi to those plugins) and goes to directly the page wp-comments-post.php.
    Or I think so. I have tried lot of plugins to stop spam, but there was no use as the spam was keep on coming. Onetime they injected 35k comments to slow down the website.
    Finally I removed the file “wp-comments-post.php” and the spam stopped.
    I reinstalled the file after adding the following code at top of wp-comments-post.php. After wards upto now there is no spam problem for me. Who knows how many months it will work??

    What it does, It just check who is the referrer, and if the referrer is not your domain, it exit the page with a message. You can cut and past this in your browser and you will see that the script is working

    I still could not understand why wordpress folks not implemented something like this?? May be they are more interested in selling Akismet.
    I am posting this here hoping that some php expert will look to this and post a reply, as I am not expert in PHP scripts


  • sajith

    Code is here it is php

    $ref= $_SERVER[‘HTTP_REFERER’];
    $domain = $_SERVER[‘SERVER_NAME’];
    $result =strpos($ref, $domain);
    if ($result === false) {
    echo “thanks for visiting me. Anyway no donut for you now”;

  • Cole Wiebe

    Hi Charles,

    I appreciate your post… good timing. We’ve always used Askimet to filter spam, but on some of the sites we maintain something more robust is required. I have downloaded the other two and we shall give that a go.

    – Cole

  • sajith

    The php code I have added on the post did not show up in the commend. I think the server deleted it since it has seen < ? php. So I have again posted it. Can you please append it with older comment or approve it?

    $ref= $_SERVER['HTTP_REFERER'];
    $domain = $_SERVER['SERVER_NAME'];
    $result =strpos($ref, $domain);
    if ($result === false)
    { echo "thanks for visiting me. Anyway no donut for you now";

    thank you

  • Bashir Ahmed


    If you’ve not tried, then check out G.A.S.P plugin By Andy Baily. I’m using it on my blog with Premium CommentLuv.

    Btw: Akistmet is nice one plugin to stop comment spam. I liked the provided code for .htaccess file.

    Thanks for sharing!

  • Patrick Coombe

    Great post Charles. Particularly liked the comment by Sajith regarding the hack involving wp-comments-post and htaccess, that is well done.

    Also would like to point out I am seeing an increasing amount of spammers using registered and verified Gravatar accounts to post spam. By using a registered Gravatar account with photo, it makes it more “approve worthy” to webmasters scanning the queue for legit posts.


    I see SEJ also uses the Grownmap anti-spam plugin. Great plugin, but doesn’t work as good as it used to. I particularly saw an increase after WP 3.6 for some reason. Either way I used to get about 1000 spam comments a day now I am down to a dozen which is perfectly acceptable to me.

  • Craig

    I think it is very difficult to edit .htaccess. I am looking for best spam and IP blocking plugin who will be more helpful for my blog.