blank

Letting visitors comment on your WordPress posts can boost engagement and build community, but it also opens the door to spam. Unchecked spam can fill your moderation queue, clutter your site, and hurt your reputation and SEO. Fortunately, WordPress has several built‑in and plugin‑based tools to help you manage comments and fight spam effectively.

In this guide, you will learn how to set up WordPress comments properly, configure spam protection, and reduce both human and bot‑based spam while keeping genuine comments visible.

Table of Contents

  1. How WordPress Comments Work
  2. Step 1 – Enable or Disable Comments Site‑Wide
  3. Step 2 – Configure WordPress Discussion Settings
  4. Step 3 – Use Comment Moderation and Blacklists
  5. Step 4 – Install Akismet Anti‑Spam (Free Version)
  6. Step 5 – Add reCAPTCHA to Your Comment Form
  7. Step 6 – Protect Contact and Form Spam Too
  8. Final Checklist for Clean, Spam‑Free Comments

How WordPress Comments Work

WordPress comments are messages left by visitors under your posts or pages. By default, comments can be open or closed per post, and you can choose whether they appear immediately or wait for manual approval.

Key components of the comment system:

  • Comment form – The box visitors use to submit their name, email, website, and message.
  • Comment moderation – Options to approve comments before they publish.
  • Spam queue – Comments identified as spam are stored separately and can be permanently deleted.

Properly configured, your comment system can be a powerful engagement tool instead of a spam trap.[Akismet]

Step 1 – Enable or Disable Comments Site‑Wide

Before you worry about spam, decide whether you want comments enabled on your site.

  1. Go to Settings → Discussion in your WordPress dashboard.
  2. Under Default post settings, check or uncheck:
    • Allow people to submit comments on new articles.

You can also disable comments per post. Edit a post, expand the Discussion panel, and toggle comments to Open or Closed.[WordPress.com]

If you rarely want comments (for example, a brochure website), you can disable them entirely to remove spam risk.

Step 2 – Configure WordPress Discussion Settings

WordPress includes several comment‑related settings that act as your first line of defense against spam.

Set sensible default rules

In Settings → Discussion, configure options like:

  • Allow visitors to post comments on new articles – Keep on if you want comments.
  • Users must be registered and logged in to comment – Reduces anonymous spam.
  • Comment author must fill out name and email – Ensures basic identification.
  • Comment must be manually approved – Prevents spam from going live immediately.
  • Hold comments with 2 or more links – Many spam comments contain multiple links.

These settings alone can significantly reduce visible spam without needing plugins.[TeamUpdraft]

Enable notifications and moderation

Further down the Discussion page, you can enable:

  • Email me whenever anyone posts a comment – Alert you to new comments.
  • Email me whenever a comment is held for moderation – Keeps you in the loop.

With these settings, you can review every comment before it appears, which is ideal for small blogs or business sites.[Hostinger]

Step 3 – Use Comment Moderation and Blacklists

WordPress allows you to automatically hold or block comments based on specific words, IPs, or domains.

Add words to comment moderation

In the Comment moderation field, add common spam keywords such as:

  • “casino”
  • “viagra”
  • “free money”
  • “SEO services”

Comments containing these words will be held in the moderation queue for you to review manually.[TeamUpdraft]

Create a comment blocklist

Below the moderation box is Disallowed Comment Keys. This is a “hard block” list: any comment containing these words is sent directly to the trash.

Use this for:

  • Repeat spam domains (e.g., “fake‑seo‑site.com”).
  • Known spam IP ranges or suspicious phrases.

Update this list as you notice new spam patterns.[WordPress Codex]

Step 4 – Install Akismet Anti‑Spam (Free Version)

Akismet is the most popular anti‑spam plugin for WordPress and is included in many WordPress hosting packages. It uses a global spam database to automatically detect and filter spam comments and contact‑form submissions.

Install and activate Akismet

  1. Go to Plugins → Add New.
  2. Search for “Akismet Anti‑Spam”.
  3. Install and activate the plugin.
  4. Follow the setup wizard and enter your Akismet API key (free personal key is available).

Once activated, Akismet starts checking all comments and contact‑form submissions against its spam database.[Akismet]

Review spam and clean up

Go to Comments in your dashboard and switch to the Spam tab. You can:

  • Manually review suspected spam.
  • Restore false positives.
  • Delete spam in bulk to keep your site clean.

Regularly cleaning the spam queue helps improve Akismet’s accuracy over time.[Learn WordPress]

Step 5 – Add reCAPTCHA to Your Comment Form

reCAPTCHA is an effective way to block spambots without adding heavy friction for real users.

Install a reCAPTCHA plugin

  1. Go to Plugins → Add New.
  2. Search for “Advanced Google reCAPTCHA” or similar plugin.
  3. Install and activate it.

Google reCAPTCHA can be added to both comment forms and contact forms to reduce bot spam.[Hostinger]

Configure reCAPTCHA

After installing:

  • Go to the plugin settings and enable reCAPTCHA for the Comment Form.
  • Enter your site key and secret key from Google reCAPTCHA.

Now, visitors must complete the reCAPTCHA challenge before they can submit a comment, which greatly reduces automated spam.[tagDiv]

Step 6 – Protect Contact and Form Spam Too

Many spam attacks target contact forms, not just comment sections. If you use contact forms (Contact Form 7, WPForms, etc.), ensure they are protected as well.

Options include:

  • Enable Akismet for forms (if the form plugin supports it).
  • Use reCAPTCHA integration inside your form.
  • Disable comments on pages that only exist for forms or landing.

Combining Akismet and reCAPTCHA gives strong protection for both comments and form submissions without hurting conversion too much.[Smackcoders]

Final Checklist for Clean, Spam‑Free Comments

Before you consider your comment system secure and spam‑resistant, use this checklist:

  • Decide whether comments are enabled site‑wide or per post.
  • Configure WordPress Discussion settings to require name, email, and manual approval.
  • Set a limit on the number of links in a comment (for example, 2 links).
  • Add a list of common spam keywords to “Comment moderation”.
  • Update the “Disallowed Comment Keys” blocklist as needed.
  • Install and activate Akismet Anti‑Spam (free or paid).
  • Enable reCAPTCHA on your comment and contact forms.
  • Regularly review the Spam tab in WordPress Comments and clean up old entries.

With these steps, your WordPress site will allow genuine engagement while keeping spam to a minimum. This also improves user experience and makes your site more trustworthy for Google and Google AdSense.[WordPress Codex]