Protect your WordPress site/blog from comment spam trick

I got caught with this trick once so I decided to share this with other web masters who don’t know this already.

In WordPress the default settings for comments (Settings->Discussion) are set as the following:

So the requirements for a comment to appear are:

  • Comment author must fill out name and e-mail.
  • Comment author must have a previously approved comment .

This is all good until someone decides to be all nice about your site and make a true nice comment so you approve it and then becomes a spammer. Since you already approved one of his comments before so now he can post a spam comment with links everywhere without your permission.

This is how this trick works:

  1. Someone comes to your site and makes an honest nice comment about a post.
  2. You do the only reasonable thing to do which is to approve that comment.
  3. Now that the person has an approved comment, he meets both the criteria for a comment to appear without the webmaster having to approve it!
  4. He comes in and posts spam comments with links left right and center on your site!

To protect yourself from this, tick the “An administrator must always approve the comment” from the settings (Settings->Discussion).

Comments (10 responses)

  1. LiLi says:

    Hi there,

    This is such an informative post – thank you for posting.
    I recently started my blog just under two months ago and I have recently noticed that I have been receiving untold spam comments on various posts. I think its so unfair how people are allowed to sneakily go onto your site and post rubbish without your permission. Luckily, I set my settings so that comments have to be approved first, so I have deleted most of them.

    Thanks for the tip, I will definately alter my settings and see if it works.
    Many Thanks 🙂

  2. Patrick says:

    this is a very nice one! didn’t knew this trick…

  3. Alan says:

    “Isn’t the link in the WordPress comment has rel=”nofollow” attached to it by default though?”

    Yes they are nofollow, that doesn’t stop the millions of spam commenters out there posting rubbish on our blogs. On WordPress I find the simple plug-in “Spam Free WordPress” very effective.

  4. Shorlan says:

    Go trick. When I first started up my blog those were the first settings I looked in to. Right now a good 19/20 comments are still generic spams, but it’s those rare nice comments that inspire you to keep going.

    One additional easy tip is to Google a portion of any comment you get. Chances are, if it is generic spam, then it will be repeated hundreds of times in multiple places, verbatim or nearly word-for-word with slight modifications (Yeah, spam bots even change up their wording slightly every couple hundred posts!)

  5. clean green environment says:

    Great information about spam comment filtration. Your work is greatly appreciated. I have already made my comment settings to rel=”nofollow” to avoid any spam outbound links from my webpage.

  6. splbkean says:

    Great list with some I missed, so thanks! (Hey that rhymed 🙂 )

  7. Walte Call says:

    Thanks a lot for very useful post. But I had trouble navigating through your web site because I kept getting 502 bad gateway error. Just thought to let you know.

  8. Lindsay says:

    I love your posts! Please write more often if you can

  9. tielty says:

    Isn’t the link in the WordPress comment has rel=”nofollow” attached to it by default though?

  10. Martin says:

    Nice one! I need to change my comments settings.

Speak Your Mind