Killing WordPress Spam

“Dillon. Poor, dismembered Dillon. Torn apart. I’m not a violent person, but God I wish I had that on tape!”

Recently, I got more than 1000 spam comments a day. It bugged me like sleeping on an ant hill. It got so bad I could empty the spam folder and — when the delete was finished — I had gotten at least one new spam comment. Sure, Akismet prevents the spam comments from ever end up in the comment view, but still, the knowledge that they are there … let’s just say that the quote at the beginning of this posting perfectly captures what I think of people who soil the Internet with their spam.

So I looked around for ways to prevent spam. Unfortunately, there was no “I trust you Akismet, just immediately delete anything you think is spam” option. I tried to edit the Akismet plugin to reduce the time until the spam is deleted, but to no avail. My knowledge of PHP is too limited and I do not want to invest the time to analyze that plugin.

However, I did stumble upon this blog posting: “Preventing WordPress comments spam“. The author argues for disabling (but not hiding) the website URL comments field, which will prevent any real human being visiting the site from entering anything in that text field. Given that spam bots do not actually use the field but transfer the information directly, they will enter information in that text field — and only they will be able to do so. Consequently, a simple check whether there is any text in the URL field will identify SPAM — which is then discarded immediately.

So far, the proposed method works beautifully. My spam queue is empty and stays empty.


Haven’t had that for ages. I am a bit hesitant of recommending this strategy, as people profiting from spam will likely adapt when this method becomes more frequent, but still, I strongly recommend having a look at that posting: “Preventing WordPress comments spam“.

In case it ever gets deleted (blogs die, you know), the author argues:

So the idea is to turn the spammer logic against them.

First we disable – but not hide – the Website comment field by adding the disabled attribute into the field value. This could be done by changing the wp-includes/comment-template.php the following way:

‘url’ => ‘<p class=”comment-form-url”><label for=”url”>’ . __( ‘Website’ ) . ‘</label>’ .

‘<input id=”url” name=”url” type=”text” disabled value=”‘ . esc_attr( $commenter[‘comment_author_url’] ) . ‘” size=”30″ /></p>’,

The disabled field is added between “text” and value fields.

Second, we refuse any comments which still contain the Website field. Since the regular users cannot enter the website anyway (the field’s disabled) but the spam bots ignore this restriction, the only entities who would be able to pass a non-empty Website field would be the spam bots. So we check if a new comment comes with the non-empty website field and block it. This could be achieved by hooking into the WordPress system to intercept a new comment being posted.

To do so, add the following code into wp-content/<your theme name>/functions.php:

function must_have_no_url_field($fields)


if ( !empty( $_POST[‘url’] ) )


wp_die( “Spammers not welcome here” );



add_action( ‘pre_comment_on_post’, ‘must_have_no_url_field’ );

This function is being called each time a new comment is posted, and prevents the comments with non-empty Website field from appearing. At the same time it keeps the value of this field intact when submitting the comments to Akismet, therefore keeping the spam detection rate high while preventing the comments which slipped through from being posted.

Preventing WordPress comments spam” by George (UlduzSoft)

Really smart idea! Kudos! 🙂

2 Trackbacks / Pingbacks

  1. Venting Reviewer Comments | ORGANIZING CREATIVITY
  2. Disabled the Captcha check for Comments | ORGANIZING CREATIVITY

Comments are closed.