Comment Spam


Hands up who’s sick of comment and trackback spam on your WordPress site?

If you’re running a blog or site powered by WordPress, you may be getting a number of comments on your posts along the lines of:

“Greetings! I just read through your blog and we liked it. We were curious if you’re going to develop more web content to go in conjunction with this blog?”


“Love your site! I’m going to bookmark it now.”

Most often there will be a link of some sort included in the poster’s details. Another feature is the poster may be using a strange name like “Bolle Sunglasses” or “Lose Weight Now”. These are dead give-aways that they are not legit comments!

Image: Dan Sumner www.dansumnerblog.comThese comments are known as CSS Hack Attacks – CSS meaning “Cross Site Scripting”. The commenters are using software to post on your site automatically, without even visiting it. Why? They’re hoping they may get a backlink from your site to theirs (or the site they are representing) thereby improving their search engine ranking and getting visitors to their site from yours should people click on their link. Usually the link is to some sort of sales page.

There are a couple of things you can do. First of all ensure that commenting on posts needs to be approved by you before the comments go up. Do this in the Discussion section of your Settings ensuring that ‘An Administrator must always approve the comment’ is ticked beside the ‘Before a comment appears’ setting. Then, say, once a week go to your control panel of your blog or site in WordPress and go through the comments. Legit ones you can approve. Any that look a bit sus you can either spam or trash, or if you don’t mind what they say and can’t bear not putting what appears to be a positive comment on your site, you can remove the link before posting it.

You can automate this process however with a couple of plug-ins:

1. Akismet – possibly the best way to protect your blog from comment and trackback spam. From your plug-ins control panel search for Akismet to find and install it. It’s free for non-commercial blogs but you will need an API Key – follow the links in the plug-in settings to get one.

2. Anti Spam Bee is another popular plug-in – I’ve not used it so cannot comment but search for it from your plug-ins control panel.

3. This little plug-in was written by Charly Leetham – one of the best WordPress people I know! It’s designed to stop people being able to post the comment unless they are actually on your site – so that’ll get rid of any of those people using automated software. Get it at:

© Lyn Prowse-Bishop – eSOS

(Image credit: Dan Sumner

Leave a Reply