How to Block Spam on WordPress

Spam is the scourge of the internet. No one wants to have spam comments filling up their WordPress website. It reflects poorly on you as a site owner, and this is especially true if you WordPress site represents your business!

No Spam!Fortunately there are some great tools available to make eradicating spam on your WordPress site a piece of cake.


The easiest way to deal with over 99% of your spam is to use the single most downloaded WordPress plugin, Akismet. (It comes bundled with the core WordPress software.)

Once you activate Akismet you will have to enter your WordPress API key. There are a couple way to get one.

If you have an account at then you already have one. (If you don’t you can sign up for free.) Simply go to your Profile Personal Settings and you’ll see your API key near the top of the page.

Copy that string of letters and numbers and paste them into the Plugins –> Akismet Settings on the dashboard of your own site. Then click the “Update Options” button and you’ll be set.

Then Akismet will automatically compare every comment to their database. The ones it calculates are spam will go to a spam moderation folder on your dashboard and your site visitors will never see them. For the occasional spam comment that gets through you can just click the red “Spam” link under that comment in your comments list and it will pull it back from your site.

It’s a good idea to scan through all the comments that get marked as spam periodically because it will also occasionally mark a legitimate comment as spam. When it does, just click the yellow “Not Spam” link and the comment will be move to your moderation folder where you can approve it so it shows up on the front page of your WordPress site.

A couple things about the way Akismet works. The filter learns from every single WordPress site owner. By marking spam comments as “spam” or “not spam”, you are “training” Akismet – and not just for your site, but for every WordPress site that’s using Akismet.

Because that’s the case, it’s a good idea to be judicious with marking comments as spam. When you do you are affecting that commenter across every WordPress site. Using that power vindictively could very well come back to haunt you. I’m just saying.


A strong Akismet competitor in my mind is Defensio. Defensio actually does more than just protect your site from spam. It also can filter out profanity and keep out links to malware by blocking links to executable files and scripts.

I was an early tester for Defensio and I have to say I like the service. The way spam is presented makes it a little faster to double check for good comments trapped by mistake. I switch between Akismet and Defensio on my sites and both do a great job.

Here’s a video with more about Defensio:

Like Akismet you will also need to get an API key to use Defensio on your site. You get one by signing up on their website.

One note: You don’t want to run Akismet and Defensio at the same time. Deactivate one before you activate the other so they don’t conflict with one another and cause problems with your site.

Bad Behavior

Another line of defense against spam on your WordPress site is Bad Behavior.

Bad Behavior is designed to use along side other spam filters such as Akismet or Defensio and works differently. Instead of filtering spam comments once they are entered into your website, Bad Behavior targets the methods by which spam is delivered.

If you still feel overwhelmed by dealing with your spam with one of the other plugins, you can add Bad Behavior and dramatically reduce the number of spam comments you ever even see on your site. Bad Behavior will block most spammer from even being able to access your site.

Simply install the plugin, activate it, and your WordPress site is doubly protected! runs on the Genesis Framework

affiliate program logo

The Genesis Framework empowers you to quickly and easily build incredible websites with WordPress. Whether you're a novice or advanced developer, Genesis provides the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go. It's that simple - start using Genesis now!

Check out these incredible features and wide selection of designs. There are so many to choose from they created this handy theme chooser to help you find the perfect theme for your needs. With automatic theme updates and world-class support included, Genesis is the smart choice for your WordPress website or blog.

Or you can even Become a StudioPress Affiliate yourself to start earning today!


  1. Also look at Cookies for Comments and Simple Trackback Validation. Both work great.

  2. Since I use comments moderation on both my site and another one I admin, I’m able to delete spam comments before they ever get published. I keep some (unpublished) strictly for entertainment value. Like the guy who is being held hostage by the Russian mafia (Viagra) and will be killed if I don’t approve his comment. (Viagra)

    • Heh. Hope he had good life insurance then.

      The only downside to moderating everything manually is it can lead to sifting tons of spam to find the good comments. If I tried that approach here I think I’d loose it and turn off comments all together.

      I admire your diligence. 🙂

  3. I can also recommend the http:BL plugin, which uses data from Project Honeypot to help block spam. You can choose what threat level you want to block, and various blacklists to check against.

    When I first activated it on my site, my Akismet spam block stats took a very visible plunge, because http:BL was catching spam first.

    • Heya Dougal! I hadn’t heard about that plugin before. Thanks for letting us know about it.

      (And for those who don’t know him, you’ll find Dougal’s name on the About Page listed as one of the developers.)

  4. Good stuff, Chris. Timely too: I’m getting way too much spam; looks like I’ll give Defensio a try instead of Akismet.

    • Heya Matt! If that doesn’t knock it back for you then you might check out some of the plugins mentioned by Otto and Dougal. You can take their advice about WordPress to the bank.

  5. The first is to use the plugin that is provided by WordPress called Askimet. If some spam gets through its filter, mark it as spam (don’t delete it) and the program will get more efficient at recognizing spam in the future. Similarly, check the spam messages regularly and if a legitimate comment is incorrectly labeled as spam mark it ‘despam’ and this will help train the software.Another important step to take is to make sure that only registered users can comment. This will help cut down on the junk that is generated by spambots.

  6. Thank you. I’ve been having a spam problem for awhile now. This should help. Plus it helps to know not to trash the spam, but mark it as spam so to train the software.

Comment Policy: Your words are your own, so be nice and helpful if you can. Please, only use your real name and limit the number of links submitted in your comment. If in doubt, please take a moment to review our full Comment Policy before you click "Post Comment" so we don't mark your comment as spam.

Speak Your Mind