Spam spelled out in graffiti on a wallWriting blog posts for your business is a brilliant way of building a conversation around your brand, and getting more of your website indexed by Google.

Comments play an important role in keeping your web page content fresh, and help you to build meaningful relationships with your customers.

But not all comments are created equal; if you publish spam comments on your website you’ll be sending out a signal to other spammers that you are a soft target. Worse than this, you might even find your site being penalised by Google too.

So you’ve been through the exciting journey of setting up your WordPress website, and you’ve published your first blog post. Then as so often happens, an email comes through in the middle of the night telling you you’ve got your first comment — how exciting! Somebody cares enough about what you’ve written to set their opinions in stone on your website. Congratulations, you’ve made it to the big time!

Well, yes, your website is being noticed, but is it by the right people? Before you hit ‘Approve’ (and WordPress makes that very easy to do), take some time to look at the comment in question, and who left it. Things may not be as they seem. In this tutorial, I’ll be demonstrating some of the classic features of a spammy comment, but as a rule of thumb if you’re ever in doubt — bin it!

How do I spot a spam comment?

Spammers link to spammy websites

Comment spam, and spammy websites go hand-in-hand, but what makes a website spammy?

  • Dubious web address.  For example, anything that includes the brand name of a certain gentleman’s performance enhancer
  • Lack of original content on the page
  • Incoherent or repetitious text
  • Broken pages, and a general lack of care for the presentation of the site
  • Lack of engagement with others (spammers are not sociable creatures)
  • Lots of advertising, especially ads that’ve been disguised as internal links, but take you to another site

Think very carefully about the link included with the comment in question — do you really want to be endorsing the subject matter? Is it relevant to your site?

Even though WordPress publishes comment links as ‘nofollow‘ by default, Google may still follow those links and analyse the keywords associated with that link — they are on your page after all, and you’ve chosen to publish them. Why take the risk that Google will find something it doesn’t like?

Important note

Be careful when following any links in comments, or on the sites those comments link to. If you really must satisfy your curiosity, open a new browser window in private browsing or incognito mode. Malicious sites can do all kinds of nasty things to your computer, and steal your personal data. Always make sure you have an up-to-date browser and antivirus installed. If a link looks at all fishy, it probably is so just don’t waste your time with it!

Spammers use random email addresses

This can be a tricky one. But if you run a business blog, genuine business people tend to use email addresses that include their name, or the name of their business at the very least. The most reputable business people use their name and their brand in their email address (a ‘branded’ email address, e.g. ‘[email protected]‘).

However, many commenters will use their personal email address instead, and that could be anything potentially. But if you see a comment with an address such as [email protected] you can be pretty sure you’ve got a spammer on your hands — can you imagine ever handing an address like that out to anybody?

Contact us if you run a business, and you like to have your own branded email address set up. It’s another opportunity to promote your brand, and it really does make all the difference when you’re trying to establish trust with prospects.

Spammers are often incoherent

These ones are easy to spot:

An example of a spam comment -- incoherent

If the comment doesn’t make any sense, or rambles on and repeats itself, it’s nonsense. Spam it straightaway.

Spammy text contains dubious keywords

Do you want your site to advertise links to other websites with text such as ‘gain SoundCloud listens’ or ‘obtain free Instagram followers’? Spam commenters will often leave a dubious call to action like this as their username, comment text, or as part of a keyword-rich domain in the link they provide you. You probably don’t want keyword search terms like this on your site, especially not if they form the anchor text of a link.

Spammers like to send “a message to the webmaster”

As a professional who builds and optimises websites, if I want to talk to the owner of a site about their website I’ll look up their contact details. I never leave comments on their blog posts, that doesn’t make any sense — a blog post isn’t the place to hold any kind of sales conversation (especially not the conversations these guys want to have).

Example of a spam comment -- message to webmaster


If I’m looking to build a business relationship with somebody, I’ll connect with them via social media and get to know more about them first. Because I’m interested in what they’re doing, I’ll show an interest in what they do and I’ll try to strike up a meaningful conversation with them. That’s the only way to establish what their needs are, and whether I believe I can truly help them. Don’t trust anybody who attempts to bypass this process.

Spammers add nothing to the conversation

Seemingly innocuous comments often pay you a compliment, but secretly all they’re after is a link back to their site. This is another tricky one, because genuine commenters leave kind remarks too. So if you’re not sure, look at the other traits I’ve mentioned in this tutorial. Take a look at the example below, I’ve never met anybody with a name like that!

Example of a spam comment -- innocuous, with keywords

So that’s comments, but what about pingbacks?

Alongside your comment notifications you’ve probably noticed that you’re getting pingback notifications too. That’s a tutorial for another day, but in the meantime, take a look at this excellent article on pingbacks by Ana Hoffman.

How can I stop comment spam?

There are no automated solutions out there which are guaranteed to stop comment spam completely. That’s why I wanted to show you how to recognise it manually first.

However, in terms of getting the most bang for your buck you could do a lot worse than CloudFlare. It doesn’t focus specifically on blocking comment spam, but it is a system that learns to recognise the ever-changing identities of hackers, content scrapers and spam bots out there, and prevents them from even reaching your website in the first place. But don’t take my word for it, ask Jim Westergren why he uses CloudFlare.

All of the basic websites we host at EggCup Web Design are configured with CloudFlare out of the box, so if you’re already one of our clients you can rest easy. If not, why not take a look at what we could do to help you.

Some spam will always make it past the front line though, so you may want to try Akismet, a WordPress plugin that analyses every comment for spam. If you read Ana Hoffman’s article above, you’ll see her raise some valid points about why she doesn’t use Akismet. I won’t steal her thunder by reiterating her recommendations here, because her article is a worthwhile read.

If you’re still drowning in spam, there’s further guidance available in the WordPress Codex.

What else would you like to learn?

We hope you found this tutorial useful. What other elements of managing your WordPress website would you like extra help with? We’d love to hear your comments below.

Featured image by Fugue (Own work) [CC BY-SA 2.0], via Flickr