Dealing with Comment Spammers in WordPress

If you’ve been on the internet for any amount of time you’re probably familiar with “spam” in your email inbox. For the uninitiated, spam is an unsolicited commercial message trying to sell you something. Some of this is generated by botnets, groups of hijacked PCs which are working secretly for a botnet controller, sending unsolicited mail using the mailbox of unsuspecting PC owners, or probing websites for security vulnerabilities. Other spam is posted by people who have nothing better to do.

So what does this have to do with WordPress blogs? Well just like you can get spam messages in your inbox, people will leave spam comments on your blog. Unlike email spam, where the target is you, in an attempt to get you to buy something, comment spam generally targets search engines like Google or Yahoo! trying to increase the PageRank of a website.

You are probably aware that Larry Page and Sergey Brin of Google pioneered a search technique called PageRank. Basically what it does is, in addition to looking at the content of a page they index, they also look at who links to a page and what that link says. This technology is what made Google very good at returning relevant results, and made it the most popular search engine today. So why on earth would a spammer target a search engine through your WordPress blog? Simples! As Aleksandr Orlov the meerkat would say!

By posting a comment on your blog with a back-link to the site they are promoting, they hope to cash in on the PageRank of your site and so increase the ranking of the target site. With hundreds of bots in a botnet, all probing for open comments on WordPress blogs, they could theoretically get to the top of Google search listings for a targeted key phrase. What is possibly more annoying for the webmaster of a spammed blog, linking to a site which is identified by Google as a problem site, could damage the PageRank of the blog which has been spammed. This comment spam or link spam as it is known can be the bane of a popular WordPress blog.

So how do you avoid getting spammed by the comment spammers? Try the following simple tips:

  • Activate the Akismet wordpress plugin
  • Install a CAPTCHA (Completely Automated Public Turing-test to tell Computers and Humans Apart) on your comment form
  • Set Discussion Settings to An administrator must always approve the comment

If you are up to editing your web server system files, you can also block the IP address of frequent spammers if you find that a few IP’s are constantly sending comment spam. The easiest way to get rid of these spamers is by blocking their IP address using .htaccess method; adding the following to your .htaccess file:

<limit GET POST>
order allow,deny
deny from xx.xxx.xxx.001
deny from xx.xxx.xxx.002
deny from xx.xxx.xxx.009
allow from all
</limit>

You can list as many sites as you like in the list, putting each one on a new line as above.

By the way Spammers, posting spam to comments on this site will get you an entry on the Google spam report at https://www.google.com/webmasters/tools/spamreport, as we use Google Webmaster Tools. As we moderate every comment before it is posted on the site, link-spam will never see the light of day, so you are just wasting your life.

For legitamate ways to increase the PageRank of your homepage, see our earlier post on the subject entitled Improving Your Search Engine Results

If you are interested in even more imaginative ways to fight link spam, check out Conversation With An Idiot Link Broker, from Danny Sullivan at Search Engine Land! Click here to read Conversation With An Idiot Link Broker