How to protect WordPress comment forms
7 April 2022
The way WordPress deals with user comments by default is far from ideal. Anyone can submit comments, and comment forms don’t have any spam protection. Unless you disable comments or add spam protection you are likely to quickly get thousands of spam comments. By default, these comments are not published on your website – they are instead stored in the “pending” queue under Comments in the WordPress dashboard. However, they still need to be dealt with one way or another. Also, letting spam bots submit comment after comment after comment is a waste of resources. Spam bots can affect your website’s performance.
Image: the default WordPress comment form is every spam bot’s dream come true.
Changing the default comment settings
You can change the comment settings via Settings » Discussion. To disable comments you can simply untick Allow people to submit comments on new posts. At the same time you probably also want to untick Attempt to notify any blogs linked to from the post and Allow link notification from other blogs. The latter two settings are for so-called pingbacks. Like comment forms, they are mostly used by spammers.
Image: the default discussions settings.
Changing comment settings using a plugin
It is worth noting that the new settings only apply to new posts. Any existing posts on your website will still use the old comment settings. Unfortunately, WordPress doesn’t have an option to change the settings for all existing posts. If your website only has a few existing posts then you can change the settings for each individual posts, one by one. Alternatively, you can use a plugin such as Disable Comments.
Image: plugins such Disable Comments let you change the comment setting on old posts.
Adding spam protection
If you website has comment forms and/or a contact form then it is important to add spam protection to the forms. Without spam protection your website is likely to be inundated by spam bots. This causes a lot of useless traffic to your website, which can also impact the performance of your website. And, dealing with spam is annoying. You might suddenly have to deal with over a hundred thousands spam comments awaiting moderation.
WordPress itself doesn’t have any spam protection. It does advertise Akismet, which is a commercial anti-spam solution. The Akismet plugin is installed by default, but to use it you need to sign up for an Akismet account and, in most cases, pay at least £8 per month. You could get four Mega Deal hosting packages for that price!
Stopping spam comments using All in One Security
Luckily, there are plenty of anti-spam plugins that are trustworthy and free. I personally tend to use the All in One Security plugin, as it has a couple of other useful options, such as the option to change the default login URL.
The plugin has two options for blocking spam comments: it can add a so-called captcha to comment forms and it can add a rule to your website’s .htaccess file that blocks evil spambots.
Image: the All in One Security plugin’s spam prevention settings
The captcha can be a simple maths question, such as “how much is 3 * 6?”. Most spambots are unable to answer questions like that, and those that can are likely to be blocked by the .htaccess rule. The rule blocks any POST requests on wp-comments-post.php where the referer is not your website. This stop scripts that submit comments without even visiting your website. If you are curious, this is the rule the plugin creates:
# BEGIN All In One WP Security
#AIOWPS_BLOCK_SPAMBOTS_START
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$
RewriteCond %{HTTP_REFERER} !^http(s)?://example\.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* http://127.0.0.1 [L]
#AIOWPS_BLOCK_SPAMBOTS_END
# END All In One WP Security
One thing to be aware of is that not all anti-spam plugins work with website builders such as Elementor. If you use tools such as Elementor then there are alternative solutions. A quick online search should yield plenty of results.
Other tips
This article is part of a series about things you can do to optimise your WordPress website and make it more secure. You might also be interested in these articles:
Featured Blogs
How to Choose a Dedicated Server for UK Businesses
Dedicated servers offer numerous advantages for businesses, including optimal performance, speed, reliability, and enhanced security. However, choosing a dedicated server provider for a business can be a challenging task, especially if you’re unsure what factors to consider. Dedicated server requirements will differ based on your type of business type, whether you’re in e-commerce, gaming, media, …
Comparing Dedicated Servers with VPS Hosting
Many businesses begin by managing their own websites or using shared hosting, but as their needs grow, they often require a more robust solution to enhance performance, security, and speed. Whether you run an e-commerce store, an online gaming platform, an IT consultancy, or a news website; increased traffic and business growth may lead you …
Why Choose UK Dedicated Server Hosting for Your Business?
As companies scale their operations and seek to maintain a seamless online presence, many consider upgrading to a dedicated server. This option offers greater control, enhanced security, and improved performance; all crucial elements for growing businesses. Given these advantages, it’s no surprise that dedicated server hosting has become a popular choice. Deciding if it’s worth …
Managed Dedicated Server Hosting for eCommerce Businesses in the UK
As more UK shoppers increasingly turn to online platforms to make their purchases, having a good online platform as an eCommerce business is essential. As your eCommerce operation grows, you may encounter challenges such as higher traffic, slower loading times, and potential security issues, all of which can negatively impact the visitor experience on the …
How Managed Dedicated Servers Can Elevate Your Online Security
Businesses today are confronted with an increasing array of online threats that can compromise sensitive data, disrupt operations, and harm reputation. As cyber threats continue to grow in both frequency and sophistication, the potential for online breaches can pose a significant risk to any business. Failing to implement robust security measures can lead to data …
Managed vs Unmanaged Dedicated Servers; Which is Right for Your Business?
Many businesses rely on hosting providers for dedicated servers to ensure optimal performance, security, and control. Unlike shared hosting, where resources are divided among multiple users, a dedicated server offers exclusive access to all of the server’s resources. This makes it ideal for businesses that experience high traffic, require substantial resources, or operate in data-sensitive …
Dedicated Server Basics; Everything You Need to Know
With businesses receiving more traffic on their websites than ever before, as more people engage online, the need for a dedicated server has become vital. While smaller businesses can often use shared hosting and virtual private servers, larger businesses with high traffic typically require more advanced and comprehensive hosting solutions; dedicated servers emerge as the …
Tips for Creating a User-Friendly Website
When designing a website, prioritising user-friendliness is crucial for success, especially for businesses offering products or services. A user-friendly website is not just nice-to-have; it’s a necessity. It ensures that visitors can easily navigate your site, enjoy a visually appealing interface, experience fast loading times, and seamlessly interact with the content. However, creating a user-friendly …
Discussing the Importance of Server Scalability for Business Growth
For business growth, meeting the increasing demands of customers can be challenging. It’s essential to keep pace with these demands without compromising on performance. As a business expands, it typically encounters higher traffic volumes, larger data storage needs, and the requirement to support more complex applications which is where server scalability becomes crucial. Server scalability …
Effective Ways to Improve the Credibility of Your Website
Now, more than ever, the credibility of a business’s website is crucial for building trust with the target audience and achieving business goals. A credible website not only attracts visitors but also keeps them engaged, encourages conversions, and encourages long-term relationships. A strong online presence is essential for businesses to thrive and compete effectively. Investing …
What our clients say
Great real person support – direct phone number, usually the same individual so any problems are handled by the same people. Excellent.
