How to protect WordPress comment forms
7 April 2022
The way WordPress deals with user comments by default is far from ideal. Anyone can submit comments, and comment forms don’t have any spam protection. Unless you disable comments or add spam protection you are likely to quickly get thousands of spam comments. By default, these comments are not published on your website – they are instead stored in the “pending” queue under Comments in the WordPress dashboard. However, they still need to be dealt with one way or another. Also, letting spam bots submit comment after comment after comment is a waste of resources. Spam bots can affect your website’s performance.
Image: the default WordPress comment form is every spam bot’s dream come true.
Changing the default comment settings
You can change the comment settings via Settings » Discussion. To disable comments you can simply untick Allow people to submit comments on new posts. At the same time you probably also want to untick Attempt to notify any blogs linked to from the post and Allow link notification from other blogs. The latter two settings are for so-called pingbacks. Like comment forms, they are mostly used by spammers.
Image: the default discussions settings.
Changing comment settings using a plugin
It is worth noting that the new settings only apply to new posts. Any existing posts on your website will still use the old comment settings. Unfortunately, WordPress doesn’t have an option to change the settings for all existing posts. If your website only has a few existing posts then you can change the settings for each individual posts, one by one. Alternatively, you can use a plugin such as Disable Comments.
Image: plugins such Disable Comments let you change the comment setting on old posts.
Adding spam protection
If you website has comment forms and/or a contact form then it is important to add spam protection to the forms. Without spam protection your website is likely to be inundated by spam bots. This causes a lot of useless traffic to your website, which can also impact the performance of your website. And, dealing with spam is annoying. You might suddenly have to deal with over a hundred thousands spam comments awaiting moderation.
WordPress itself doesn’t have any spam protection. It does advertise Akismet, which is a commercial anti-spam solution. The Akismet plugin is installed by default, but to use it you need to sign up for an Akismet account and, in most cases, pay at least £8 per month. You could get four Mega Deal hosting packages for that price!
Stopping spam comments using All in One Security
Luckily, there are plenty of anti-spam plugins that are trustworthy and free. I personally tend to use the All in One Security plugin, as it has a couple of other useful options, such as the option to change the default login URL.
The plugin has two options for blocking spam comments: it can add a so-called captcha to comment forms and it can add a rule to your website’s .htaccess file that blocks evil spambots.
Image: the All in One Security plugin’s spam prevention settings
The captcha can be a simple maths question, such as “how much is 3 * 6?”. Most spambots are unable to answer questions like that, and those that can are likely to be blocked by the .htaccess rule. The rule blocks any POST requests on wp-comments-post.php where the referer is not your website. This stop scripts that submit comments without even visiting your website. If you are curious, this is the rule the plugin creates:
# BEGIN All In One WP Security
#AIOWPS_BLOCK_SPAMBOTS_START
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$
RewriteCond %{HTTP_REFERER} !^http(s)?://example\.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* http://127.0.0.1 [L]
#AIOWPS_BLOCK_SPAMBOTS_END
# END All In One WP Security
One thing to be aware of is that not all anti-spam plugins work with website builders such as Elementor. If you use tools such as Elementor then there are alternative solutions. A quick online search should yield plenty of results.
Other tips
This article is part of a series about things you can do to optimise your WordPress website and make it more secure. You might also be interested in these articles:
Featured Blogs
Identifying Common Server Issues and How to Avoid Them
To maintain a smooth operation of any online business or digital service you need a server that is efficient and that you can rely on. Here at catalyst2 we understand the challenges that businesses face daily; purely to keep their business alive so the challenges that are faced in addition to this when server issues …
Why Server Backups are a Safety Net in the Digital World
Data is the foundation for businesses as it provides insights into customer behaviour and trends, as well as business performance and efficiency. So, businesses have the tools they need to make informed decisions and plan strategically. For businesses that are just starting out or that are smaller, data is a catalyst to help identify growth …
What are Flexible Servers and When are They Beneficial?
The word ‘server’ is frequently used in everyday discussions in IT departments within organisations, but unless you work in the tech industry, you might not be familiar with what it really means. A server is the backbone of all digital operations. It is there to manage tasks like data storage, processing requests, delivering content across …
Why Server Uptime Matters for Your Business Website
While many businesses still have physical workspaces or brick-and-mortar stores, the importance of a digital presence shouldn’t be overlooked. In addition to using things like social media channels to boost your brand awareness and interact with your customers, having a website offers several benefits. In today’s digital world, the performance of your website is crucial …
How to Protect Your Website Against Digital Disasters
More so than ever before, having a high-performing website is essential to the ongoing success of a business. Regardless of which industry you operate in, a website is a powerful tool that can improve brand recognition, drive growth and support customer engagement. Not to mention, it allows for online sales and can remove geographical barriers …
Does a Server Impact Website Traffic?
Regardless of which industry sector you operate in or what type of products and services you offer, having a website is non-negotiable in today’s digital world. More so than ever before, people turn to the internet to find businesses that can assist them with their specific needs and if you don’t have a website, you …
A Beginner’s Guide to Managing Your Website Server
When it comes to website management, there is a key component that business owners often overlook; server management. Your website server plays a crucial role in your online presence, it facilitates the delivery of your web pages to users and without a server, your website simply wouldn’t be visible online. So, it’s crucial to ensure …
Exploring the Costs Associated With a Website
In the digital age, getting a website is more than just a way to build an online presence, it’s a vital business investment. Not only do large retail businesses need a website, but smaller local businesses can also benefit from taking their business online. Recognising this importance, many businesses are now dedicating significant resources towards …
The Importance of Dedicated Servers for E-Commerce Websites
In the fast-paced world of e-commerce, having a reliable website is an essential factor in success. Whether you also have a brick-and-mortar store or solely a digital shop, ensuring your website is performing at its best can have a direct impact on your bottom line. Factors such as website uptime, ease of navigation and speed …
Things to Consider During a Website Review
Designing a website requires careful consideration and several reviews during the development stages to ensure everything is perfect. Once live, it can be easy to assume that no further updates are needed and your website will continue to perform well, however, this isn’t always the case. Regularly reviewing your website is essential to ensure its …
What our clients say
We really rate catalyst2. We get a great response from the team… really happy with the service.
