I’m a long-time WordPress user and administrator, and a question I get all of the time is: How do I stop spam from taking over my WordPress blog? First, you must make sure all comments are moderated before they appear on your site. To set up comment moderation, follow these steps:

  1. Log in to WordPress as an administrative user.
  2. Go to Settings | Discussion.
  3. In the Before A Comment Appears section, enable the option An Administrator Must Always Approve The Comment. Or, you can enable the Comment Author Must Have A Previously Approved Comment option to allow users who have already been approved to automatically be approved.
  4. Click the Save Changes button.

Second, you should enable a plugin to aid in the prevention of spammers from even posting comments for moderation. I use the Captcha plugin, which requires the poster to answer simple match problems. This plugin allows you to enable Captcha for:

  • Login form
  • Register form
  • Lost password form
  • Comments form
  • Hide CAPTCHA for registered users

I highly recommend enabling all of the above. If you are extremely concerned about spam, don’t enable Hide CAPTCHA for registered users. If you don’t enable this option, even registered users have to go through the Captcha form to post.

If the Captcha plugin is not working well enough, the other option is to enable to Askimet plugin. This plugin requires an Askimet account, which comes with a fee as low as $5.00 per month for a single-site blog. The Askimet plugin is pre-installed in your WordPress blog, so you just need to sign up, get your API key, enable the plugin, and enter your API key.

This one-two WordPress punch should go a long way to preventing spam from ever reaching your readers’ eyes.

Ask Jack: If you have a DIY question, email it to me, and I’ll do my best to answer it. (Read guidelines about submitting DIY questions.)