WordPress.org

Ready to get started?Download WordPress

Codex

Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Comment Spam

If you've been on the internet for any amount of time you're probably familiar with "spam" in your email inbox. For the uninitiated, spam is an unsolicited commercial message, or something you didn't ask for trying to sell you something.

So what does this have to do with blogs? Well just like you can get spam messages in your inbox, people will leave spam comments on your blog. However unlike email spam where the target is you, comment spam generally targets search engines.

Contents

Comment Spam and Search Engines

Why on earth would a spammer use your blog to target a search engine? Let's start from the beginning. Several years ago, Google pioneered a search technique called PageRank. Basically, in addition to looking at the content of the page being indexed, Google also takes into account who links to the page and what those links say. This technology meant Google was very good at returning relevant results, making it the most popular search engine today. Because their ranking system relies so heavily on PageRank, people sometimes game the system using a technique called "Google Bombing."

A google bomb is when a large number of different websites link to a page with the same link text to influence the ranking of that page for a search term.

This brings us back to the spammers. A spammer might have a site that sells "mydrug" and wants to be at the top of search results for "mydrug" on Google. They leave comments on hundreds or thousands of weblogs linking to their site with the link text "mydrug." They don't really care if you see their google bomb text—in fact they'd rather you didn't in case you decide to delete it! They just want the search engine to see it when they index your page.

Fighting Comment Spam

Comment Moderation is very effective in addressing unwanted comments. The best defense against comment spam is just watching your comments. Under Manage → Comments it shows a listing of the latest comments on any post and you can quickly scan the comment activity on your site. The faster you respond to comment spam on your site, the less likely the spammers will return.

On the Combating Comment Spam page you will find a list of more proactive measures against comment spam, including links to helpful plugins.

Stealth Spam

Spammers find new and creative ways to be sneaky all the time. You may notice that posters leave comments on your site which look perfectly normal except for the commenter's name or URL, which likely references a product or a site selling something.

It's good practice to visit the URLs of people who leave comments on your blog to determine whether the poster is sincere or spammy. If you see one that looks suspicious, you can choose to delete the comment entirely or leave the comment and just delete the URL.

Another way of stealth is to use a div-tag around a bundle of hundreds of links. This becomes more and more common because many software displays directly the given HTML tags and not the HTML code. To avoid this the software must "strip-out", other word: filter the HTML tags while inserting the comment into the database.

The Good News

The good news is that WordPress' built-in tools and history of combatting comment spam mean that most WordPress blogs get very little spam, and when they do it's easy to address. Here's a quote from noted web author Molly E. Holzschlag about comment spam and her switch to WordPress:

My ISP refused to continue dealing with me because the server molly.com resided on was brought to its knees twice due to spam floods. I was spending up to two hours PER DAY to undo the spam much less post. Since switching to WP, I've had exactly five emails sent to me automagically for moderation. 3 of them were spam, 2 were just enthusiastic posts with multiple links from a reader.

See also : Troubleshooting comment spam