-Guest post on How to Combat Blog Comment Spam by WordPress Security Expert Regina Smola at WPSecurityLock.com. Is your blog secure? Ask Regina! -
Tips to Combat Comment Spam for WordPress
Comment spam is a problem for both website owners and the visitors reading them. They can be a nuisance to manage, but you must be vigilant in combating spam!
The ugly truth! Spam comments on your blog leave your readers with a bad impression of your site, discourages them from commenting, and they may never return. It demonstrates lack of care and laziness by the webmaster.
So what can you do to manage your comment spam?
Here’s some quick tips to reduce and filter comment spam:
1. GENERAL SETTINGS – Log-in to your WordPress Dashboard (wp-admin) and go to Settings> General. Make sure that Membership “Anyone can register” is unchecked. The last thing you want to do is allow your spammers to become a registered member of your site.
2. DISCUSSION SETTINGS – From the Dashboard, go to Settings > Discussion.
Other comment settings: Make sure “Comment author must fill out name and email” is checked. You definitely want to know who left the comment.
Before a comment appears: You should check “An administrator must always approve the comment.”. If you check “Comment author must have a previously approved comment” then it will auto approve their next comment, so use this with caution.
Comment Moderation: The text box for “Hold a comment in the queue if it contains… should have a 1 in it. You always want to moderate any comments with links in them. Below this box, you can also add some spam catcher words, names, urls, e-mail, and IPs.
Comment Blacklist: You can fill out the text box with the content, name, url, e-mail or IP you want to blacklist on your WordPress blog.
3. SPAM FILTERING: Install, activate and configure an spam filtering plugin like Akismet or Defensio Anti-Spam.
By applying these simple tips, will help to reduce the amount of comment spam from appearing on your blog.
Securely yours,
Regina Smola
WordPress Security Expert
http://www.wpsecurityLock.com
Follow WPSecurityLock on Twitter
Become a Facebook Fan
Regina, You always talk about the importance of changing the admin user name from “admin” to something else for higher blog security. What do we need to know about admin, editor and guest logins?
Kurt,
Thanks for publishing my guest post. I truly appreciate it.
Other WordPress users.. that’s a great question. One important thing to understand is what capabilities are you giving your users. You need to trust them and trust that they’re using a safe computer. Any username and password should be hard to guess.
Tip: Settings > General > Uncheck “Anyone can register.” There should be no reason to allow everyone to visit your wp-register.php page and join. Use a membership plugin that offers security features, such as setting password strength/length.
WordPress Roles and Capabilities: http://codex.wordpress.org/Roles_and_Capabilities
Great post! I don’t have a ton of comment spam because I have to approve first time posters but I had a check mark in that first one you explained so I changed that. Very wise tips!
Thank you, Kurt, for posting Regina’s great blog! It was so timely as I am in the middle of getting my site set up. I followed all the steps right away. I am frantically preparing for NAMS6 to get the most benefit from from you experts.
See you in two weeks or so, Ute