User Tools

Site Tools


Managing Comment Spam

You make an excellent page. Custom designed, representing the perfect you, in as much as the perfect you can be distilled into ones and zeroes. You have a clever idea for a blog, fully of ironic textlinking and witty captions. You post it. You advertise on Twitter and Facebook. You even share it on Google+. You are sitting back, watching your pageviews skyrocket on the Jetpack plugin for Wordpress, marvelling at the hordes of visitors reading your blog post: people from Florida, Barcelona, Vietnam, etc. You open your email, satisfied with an argument well-crafted, a digital document well-designed. You see that you have 5 comments pending approval on Wordpress and you think, “I'm in the big leagues now.”

Turns out that the commenter of all five comments has the name “maillot de foot” and an IP address in Senegal or Czeckeslovakia or Ohio. The comment reads “This exceptional blog post is good for you. If not getting visitos… please FOLLOW LINK for prime time seo.” You see another advertising “enhancement” products. Guess what? YOU GOT SPAMMED.

Don't panic. You (probably) haven't been hacked. You will be able to mark these pending comments as spam (this is the default option for almost all CMS frameworks such as Wordpress, though not for Weebly, so make sure you get to approve comments before you publish your page). Just reject it using the link in your email or on your CMS dashboard. You are going to get spammed if you have anything someone can type into on your site (comments, registrations, messageboards).

Luckily, you can make it (mostly) go away with a well-chosen plugin. Using standard CAPTCHA is fine, though it is flawed, especially because it can also filter out regular visitors to your site who are visually impaired. Try Bad Behavior 2 and/or Akismet (Akismet is already installed by default on Wordpress, but you have to activate it (click Plugins, then find Akismet and activate it).


To get started we need to install a plugin. To do this, we'll start at the Dashboard.

Navigate to Plugins > Installed Plugins.

At or near the top of the list of plugins that are automatically installed in a new WordPress installation is Akismet. It is not activated, so part of the process of getting Akismet is activating the plugin. Before you activate it, however, you need to get something that might sound somewhat strange to you: an API key. API stands for Application Programming Interface, and it's a way for programs and services to “talk” to each other. The Akismet plugin requires you to get an Akismet API Key, which is simply a “code” that you supply when activating the plugin. The key is free if you use it on a personal WordPress installation, and you can get there by clicking on the link in the description of the plugin, or just go to the Akismet website.

Once you arrive on the Akismet for WordPress site, click the Get an Akismet API key button.

If you have an account at you can sign in with that login and get your key. Otherwise, fill in an email address, a username, and a password to use for a new account. Click the Sign up button to proceed.

On the next screen, you'll select what type of plan you need. Click on the sign up button under “personal, non-commercial sites” (if you want the free version of the plugin).

On the next page they list a recommended donation. You can adjust the slider down to $0. The smiley face will begin to frown, but at least your key will be free. You will also need to fill in your name for contact information and click Continue.

That's it, you're done! You're finished with the sign up process for your key, and it will be displayed on the page for you (we've blurred ours out). Now follow the steps that they show you for using your new key. You will enter the key in either the Akismet area under Plugins or JetPack (if you have that installed).

An additional note: If you installed Wordpress through Domain of One's Own using Installatron you will also have another spam plugin “Cookies for Comments” activated automatically which helps to catch spam that Akismet might not.

wordpress/managing_comment_spam.txt · Last modified: 2015/06/04 19:25 (external edit)