How to stop Comment Spam in WordPress? Explained

What is Comment Spam in WordPress?

Have you ever randomly started getting 2 comments per day on your blog?

But those comments were just jibberish?  That’s called Comment Spam, and your website could be the target of an SEO attack.

In this article, I explain how to remove comment spam from WordPress with the help of collectiveray, to keep your website safe, and to keep your Google Rankings.

I will touch on why it is so hard to identify recently, as well as why & how it got there in the first place.

what is comment spam?

Anyone with a WordPress site in the past 5-10 years has taken time off their site, only to come back to thousands of unapproved comments.  This can feel overwhelming, like an overstuffed mailbox.

Modern metal mailboxes in an apartment building. Selective focus.

I personally had over 16,000 comments on one website!  This was because comment spam was an old Blackhat SEO practice.

Spam Comments as a Blackhat SEO Technique

For newer website owners, it may look like you have new comments coming in every day, but when you read them, they are just jibberish.

Comments will have randomly generated text, thanking you for your ‘much deep content’.

Or they’ll talk about male fertility pills, spreading words like viagra and cialis all over your website & search results.

The worst part is, the user had no idea that it was going on, and it had been silently killing their SEO Rankings!

These comments are based on a concept of Black Hat SEO, where users once thought they would get specific SEO benefits by spamming their own website URL onto other peoples websites.

So essentially they would comment on 1000 websites a day with a link to their website.  However, this behavior gets penalized severely by Google.

Wordpress Comment Spam is a form of Blackhat SEO, which Google penalizes for.

Spam Comments as an SEO Attack

Recently this technique is used as a successful SEO Attack.

Basically a person (or bot) can jump on your website, find anything with a form, or in these days even a search bar, and exploit the way WordPress handles Comments and Search Results.

The user ‘abagtcs reported this issue to WordPress several months ago, stating:

WordPress echoes back searched-for terms on its search results page.

Web spammers have started to abuse search features of those sites by passing in spam terms and hostnames in the hopes of boosting the search rankings of the spammers sites.



The good news is that you can put an end to these comments, and regain control of your SEO rankings.

The difficulty level is rated Easy/is rated for beginner to intermediate.  The comments themselves could be the sign of a bigger, underlying problem.  Sometimes, malware will cause this type of behavior, so it is important to search for it.

If you find any malware during initial inspection, or during the free malware scan, you will need to a malware removal service.

How to stop comment spam in WordPress

Try these steps first

  1. Check your files manually in your file manager.  Generally, these files are VERY easy to spot, with names like i9sksapple3s.php”but sometimes they’re hard to find, and you will need an expert- (we offer services to help on the front of our website).  I usually check the following:
      • .htaccess file,
      • index.php, 
      • wp-config.php,
      • wp-content folder. 
  2. Visit, and fill out your website, and have them do a free scan to see if you have been hacked.  The scan is free, so it can’t hurt.
  3.  Write a Robots Meta Tag Manually:  This is the more difficult approach, the easier being to use the Yoast Plugin.
      1. We are telling Google to not index our Meta Tags and Categories, but to scan for and follow our links  (these are normally searchable, which causes the whole security vulnerability) .
        < meta name=”ROBOTS” content=”noindex, follow” >
  4.  Use Yoast Plugin to Write Robots Meta Tags:  The easiest method is to use the plugin, Yoast.  Yoast has a couple settings that allows you to accomplish the same thing with a click of a button.

Yoast SEO allows a user to noindex both the meta tags and category pages, which saves you from a known WordPress security exploit.

5.  If you are still having problems, disable your comments on your WordPress site.  These things take a little bit of time, once you have been affected by it, it could take a couple weeks to a month to fully resolve.

If that didn’t work, stop comment spam by turning off search

If this is still a problem, then you need to take further steps.

You need to disable all search bars on your website, and disable the ability to search, including your Meta tags and categories, (which can be used as SEO Spam).  Also, turn comments off.

This more drastic alternative solution will see results within 2 weeks.

The reason this was such a big problem, was because a bot was packing your searches with bad queries, which is completely invisible to you.  This type of thing can be going on for quite a while, before anyone finds out.

It is important to share best practices, I believe its even more vital to the community, to share ‘how to stop comment spam on your WordPress website‘, to help bring more attention to this problem and finally address it.