One thing all bloggers have to combat is the deluge of spam comments on their posts. This is not unique to WordPress, we had the same issues on Blogger. Daily we would have to wade through the spam box to make sure no valid comments were being falsely flagged. It only got worse when we converted over from Blogger to WordPress.

Out of the box, the WordPress comment system is a haven for spammers. They use automated programs to post comments to your blog remotely without even visiting your page! Ever wonder why Blogger’s traffic reports were much higher than Google Analytics? Blogger doesn’t have a good way to filter out the bad traffic from the good, Analytics does. According to recent data, nearly 2/3rds of all internet traffic is from bots. Individual blogs receive a higher percentage than many other sites because we’re their target market. They actively look for commenting systems so they can post their links and advertisements.

Fortunately with WordPress we have a number of good plugins to help combat spam and provide us tools for easy moderation. Believe me when I say I tested them all over the past month. We were receiving over 1,000 spam comments each and every day once we went live. At times they were coming in as fast as we could delete them. We quickly needed to do something.


Our first attempt at curtailing the onslaught was to install Askimet. Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen. While this works as advertised, all it does is flag the comment as spam; you still need to manually empty your spam folder. I don’t recall seeing any false-positives in the spam folder, but I still reviewed them all just in case. Looks like we would need something else to go with it.

We tried out a number of advertised solutions such as a “check this box to confirm you’re not a spammer” and CAPTCHA boxes. Neither seemed to slow down the bots as they could just modify their script to auto-check the box or bypass the security CAPTCHA.

We also found a promising plugin that inserted a hidden field into the form. The trick was supposed to be that if the bot entered something into it the software would know it was spam (the box was supposed to be empty). This helped some, but only reduced the traffic by about 10% since many bots knew just to ignore it.

We eventually realized that the way to address this issue is to implement something that REQUIRED a visit to the page in order to submit a comment. Why this isn’t part of WordPress to start with I’ll never know, but this is where a great solution was found.


This little-known plugin stopped 100% of our spam dead in its tracks. The trick is a hidden field that must be filled in via JavaScript. JavaScript is only run when the page is visited by a JavaScript-enabled browser (a real user). Much like the way Google Analytics only counts real traffic (its code is JavaScript also), this plugin generates a changing word to silently insert into the hidden field. There is also a second hidden field that must remain blank. Any comment that doesn’t meet these criteria is deleted. You do have the option of receiving the comment via email if you’re worried about it but I haven’t deemed that necessary.

Of course if you have a visitor that has JavaScript disabled in their browser they won’t be able to comment. Many other things on your site probably won’t work either without JavaScript enabled. I have determined that small minority to be ‘collateral damage’. If a spammer takes the time to manually enter a comment at your site it will pass by this plugin. That’s fine with us because they are also counted as traffic (thank you spammer!). That’s where Askimet comes back into play; it will then parse the comment based upon its rules and put the spam into the spam folder for your manual review. After 30 days of running this combination we have received exactly ONE comment in the spam folder and one nonsense comment that passed both but still went into moderation since they hadn’t commented before.

In summary, these two lightweight plugins have done exactly what they advertise. Save yourself some time and install them both – you’ll never deal with spam again.

18 thoughts on “Blogger to WordPress: Preventing Spam

  1. I used to get a ton of spam, but I’ve found a system that works for me now. I use Askimet, TOPSY trackback blocker (I used to get a lot of pings from spammers), and G.A.S.P. Now the only spams I get are from people who actually are REAL people trying to spam me. LOL!

  2. I am still on Blogger and while I used to get a ton of spam (which was caught and placed in a spam folder for me to go over)–I now get virtually none–Blogger changed something somewhere and please don’t ask me what it is cause I sure do not know. For those people who switched to Word Press those 2 plug ins sound like a must have. Hum–I wonder if Java is the culprit when we can’t get out comments to stick!

Leave a Reply

Your email address will not be published. Required fields are marked *