Reduce WordPress Comment Spam

  • follow us in feedly
Published May 12, 2013 by Brad Knutson
Reduce WordPress Comment Spam

If you run a WordPress site, then you know first hand how bad the comment spam problem is. Spammers have gotten better over time at writing scripts and programs that crawl the web and target WordPress sites and spam them with comments in the hopes of placing a backlink.

To many bloggers running WordPress, this will look familiar:

WordPress Comment Spam

On this very site, I get about 200 spam comments each day. If it wasn’t for Akismet (I’ll talk about Akismet at the end of my post), I would spend hours every single week deleting comment spam.

There has to be something we can do to reduce the number of spam comments. How are spammers targeting WordPress with such consistency? Let’s go over a few ways that spammers target WordPress sites, then I’ll discuss ways to mask your site and make it harder for spammers to find it.

“Powered by WordPress” Footprint

A lot of WordPress themes include a line in the footer that says “Proudly Powered by WordPress.” The default themes that come with WordPress include this line, and so do a lot of custom and premium themes.

Spammers use this to search for sites that identify themselves as WordPress sites. Go ahead and punch the phrase “proudly powered by wordpress” into a search engine, and include a keyword. I ran a search for the phrase and included the keyword “insurance.”

WordPress Comment Spam - Searching

One of the top results fits our parameters, and makes a good target for comment spammers. Clicking through to the site shows the phrase in the footer.

Proudly Powered by WordPress

So how can we get rid of this? This one is simple, all we have to do is open up our theme’s footer.php file and remove the line.

“Leave a Reply” Footprint

Another common phrase used to identify WordPress sites is “Leave a Reply.” This appears by default in many themes immediately above the comment form.

WordPress Leave a Reply

Running a Google search for the phrase and a keyword produces more targets for comment spammers.

WordPress Comment Spam - Leave a Reply Search

Unlike the “Proudly Powered by WordPress” phrase, the best-practice method of changing this text doesn’t involve opening a template file and modifying the text. To modify this text, you’ll need to add a function to your themes functions.php file.

function change_comment_title ($arg) {
	$arg['title_reply'] = __('Share Your Thoughts' );
	return $arg;
}
add_filter('comment_form_defaults','change_comment_title');

I chose to change the “Leave a Reply” text to “Share Your Thoughts.” If you scroll down the page to the comments section, you’ll see the text change.

“Your email address will not be published” Footprint

The final WordPress footprint that spammers key in on is the text that appears immediately below “Leave a Reply.” This text states “your email address will not be published.”

WordPress Leave a Reply

Just like the first two footprints we discussed above, running a Google search with a keyword will quickly produce some WordPress sites that are probably highly targeted by spammers.

Like the “Leave a Reply” text, we need to add a function to our functions.php file to change the text. I’ve chosen the text “Your email address will not be shown.” It accomplishes the same thing, but is changed enough that will deter spammers.

function change_emailnote ($arg) {
	$arg['comment_notes_before'] = __('<p class="comment-notes">' . __( 'Your email address will not be shown.' ) . ( $req ? $required_text : '' ) . '');
	return $arg;
}
add_filter('comment_form_defaults','change_emailnote');

WordPress Meta Generator Tag

The WordPress meta “generator” tag is one that even the most experienced WordPress developers can overlook. It appears in the head section of the web page source, but can still be targeted by spammers if they know what they are doing. The tag looks like:

<meta name ="generator" content="wordpress 3.5.1">

As you can see, it’s a dead giveaway that you are using WordPress. Removing this line from your source would be another great step towards “hiding” your site from spammers, and reducing the number of spam comments.

Again, we’ll be working in your theme’s functions.php file. Add the following line.

remove_action('wp_head', 'wp_generator');

You may also consider adding the following lines, but they are less important.

remove_action('wp_head', 'rsd_link');
remove_action('wp_head', 'wlwmanifest_link');

Akismet

Of course, we can make all the modifications in the world to our WordPress installation, but spammers will still find a way to find us and automate their comments. No matter what we do, there will always be spammers out there who actually do their work manually. The steps we took above should help reduce the number of spam comments that are generated by a spammers program seeking WordPress sites specifically.

It’s important to have a fall back plan, and have Akismet installed. Akismet filters the spam comments out so you don’t have to see them if you don’t want to. It’s extremely accurate – I’ve found it to be 99.9% accurate on this site. It’s a huge time saver and I can’t imaging managing my site without it.

The following two tabs change content below.
Founder at Inbounderish
Brad Knutson is a Web Developer in the Twin Cities area of Minnesota. He has experience working with WordPress and Drupal, and also has an interest in SEO and Inbound Marketing.

Keep Up-to-Date

Subscribe

Topics

See a complete list of topics discussed in blog posts here.

Check These Out

Get 2 Weeks Free! Sign Up Today! Premium Managed WordPress Hosting Genesis Framework for WordPress SEO is complex. Tools should be simple. Thesis Theme for WordPress:  Options Galore and a Helpful Support Community

13 thoughts on “Reduce WordPress Comment Spam

  1. Ivan

    I was having the same type of issue with one of my friends blogs. Great idea on changing the default skin text to help reduce the spam on the site. In the end I think the owner of the site still has to spot check the application to make sure they are getting the expected results. Thanks again – and really like the screen shots.

    Reply
    1. Brad Knutson Post author

      Hello Ivan,

      I’m glad you liked the post. I wish I had made these changes from the very beginning, because after these bots find your site, they keep coming back – even after you make the changes. I still get thousands of spam comments a week, but the number isn’t increasing as it was before.

      Thanks for the comment!

  2. Kelly Vaught

    Thanks Brad,

    I get bombarded with a ton of comment spam everyday on multiple sites of mine. Getting email notification of this spam is irritating and distracts from legitimate comments and other email. I’m going to try your suggestions – I imagine they’ll make a big difference. I’ll let you know how it goes.

    Kelly Vaught

    Reply
  3. Mike Roberts

    Hi Brad,
    I usually just install Akismet but I like how you talk about tackling comment spam at the source – Scrapers and footprints. It’s an idea I have not tried yet with my websites, the less software and scrapers that find the WordPress footprint the better.
    Great write up.

    Reply
  4. Kelly Vaught

    Hey Brad,

    When I try to change the “Leave a Reply” Footprint using the method you suggest, I get an error message that says: “Not Found

    The requested URL /blog/are-major-league-baseball-umpires-out-of-control/ was not found on this server.”

    Any ideas on why this might be happening? Does it matter where the new function code is placed in the functions.php file?

    Reply
    1. Brad Knutson Post author

      Hey Kelly,

      That’s very strange – generally when a WordPress site comes up with an error like that there is an error in the code somewhere.

      Where the block of code goes in the functions.php file doesn’t really matter, but to be safe – put it right at the end before the closing php tag (?>)

  5. Kelly Vaught

    Yeah agreed. That’s where I placed the code, so I’ll dig around a bit and see if I can make it work. Thanks Brad. Please let me know if you think of any possible solutions.

    Reply
  6. Reginald

    Hi Brad,

    Thanks for sharing. Very good tips. I am thinking of ditching WP comments due to 500 spams a day is crazy. And my visitor counts shoot up big time!

    Bet you understand what that means as I believe you are using premium WordPress hosting.

    Nonetheless, great tips and thanks for that!

    Reginald

    Reply
    1. Brad Knutson Post author

      Nope – since we are editing the theme’s functions.php file, updates to WordPress core won’t overwrite our customizations. The only way our work would be overwritten is if you are modifying the functions.php file for a WordPress or third party theme (like twentytwelve for example) that has an update pushed. If you’re modifying the functions.php file for your custom theme it will never be overwritten and you won’t have to redo these customizations whenever you update WordPress.

  7. suzanne

    Its really nice. This page contain a huge amount of material. I think it would be more and more effective for all.
    Personally I like this job. Thank you for sharing.

    Reply

Share Your Thoughts

Your email address will not be shown.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">