How to spot spam WordPress comments: a beginners tutorial

Spam spelled out in graffiti on a wall

Writing blog posts for your business is a brilliant way of building a conversation around your brand.

Comments can play an important role in keeping your web page content fresh. They also help you to build meaningful relationships with your customers.

But not all comments are created equal; if you publish spam comments on your website you’ll be sending out a signal to other spammers that you are a soft target. Worse than this, you might even find your site being penalised by Google too.

So you’ve been through the exciting journey of setting up your WordPress website and you’ve published your first blog post. Then as so often happens, an email comes through in the middle of the night telling you you’ve got your first comment — how exciting! Somebody cares enough about what you’ve written to share their opinions on your website. Congratulations, you’ve made it to the big time!

Well, yes, your website is being noticed, but is it by the right people? Before you hit ‘Approve’, take some time to look at the comment in question and the person who wrote it. Things may not be as they seem.

In this tutorial, I’ll be demonstrating some of the classic features of a spammy comment. But failing that, if you’re ever in doubt — bin it!

How do I spot a spam comment?

Spammers link to spammy websites

Comment spam and spammy websites go hand-in-hand. But what makes a website spammy?

  • Dubious web address.  For example, anything that uses odd looking characters to try and spell out a trademarked brand.
  • Lack of original content on the page.
  • Incoherent or repetitious text.
  • Broken pages, and a general lack of care for the presentation of the site.
  • Lack of engagement with others (spammers shy away from genuine engagement).
  • Lots of advertising, especially ads that’ve been disguised as internal links, but that then take you to another site.

Think very carefully about any links that are included within comments. Do you really want to be endorsing the subject matter? Is it relevant to your site?

Even though WordPress publishes comment links as ‘nofollow‘ by default, Google may still follow those links and analyse the target page. Be very careful about the company you choose to keep.

Important note

Be careful when following any links in comments, or on the sites those comments link to. If you really must satisfy your curiosity, open a new browser window in private browsing or incognito mode.

Malicious sites can do all kinds of nasty things to your computer, and steal your personal data. Always make sure you have an up-to-date browser and antivirus installed. If a link looks at all fishy, it probably is so just don’t waste your time with it!

Spammers use random email addresses

This can be a tricky one. But if you run a business blog, genuine business people tend to use email addresses that include their name, or the name of their business at the very least. The most reputable business people use their name and their brand in their email address (a ‘branded’ email address, e.g. ‘[email protected]‘).

However, many commenters will use their personal email address instead, and that could be anything potentially. If you see a comment with an address such as [email protected] you can be pretty sure you’ve got a spammer on your hands — can you imagine ever handing an address like that out to anybody?

Contact us if you run a business, and you like to have your own branded email address set up. It’s another opportunity to promote your brand, and it really does make all the difference when you’re trying to establish trust with prospects.

Spammers are often incoherent

These ones are easy to spot:

An example of a spam comment -- incoherent
Many spammy comments are pure gibberish.

If the comment doesn’t make any sense, or rambles on and repeats itself, it’s nonsense. Spam it straightaway.

Spammy text contains dubious keywords

Do you want your site to advertise links to other websites with text such as ‘gain SoundCloud listens’ or ‘obtain free Instagram followers’? Spam commenters will often leave a dubious call to action like this as their username, comment text, or as part of a keyword-rich domain in the link they provide you. You probably don’t want keyword search terms like this on your site, especially not if they form the anchor text of a link.

Spammers like to send “a message to the webmaster”

As a professional who builds and optimises websites, if I want to talk to the owner of a site about their website I’ll look up their contact details. I never leave comments on their blog posts, that doesn’t make any sense. A blog post isn’t the place to hold any kind of sales conversation (especially not the conversations these guys want to have).

Example of a spam comment -- message to webmaster
A classic spam message that plays on peoples’ ‘fear of missing out’.

If I’m looking to build a business relationship with somebody, I’ll connect with them via social media and get to know more about them first. Because I’m interested in what they’re doing, I’ll show an interest in what they do and I’ll try to strike up a meaningful conversation with them. This is the only way to establish what their needs are, and whether I believe I can truly help them. Don’t trust anybody who attempts to bypass this process.

Spammers add nothing to the conversation

Seemingly innocuous comments often pay you a compliment, but secretly all they’re after is a link back to their site. This is another tricky one, because genuine commenters leave kind remarks too. So if you’re not sure, look at the other traits I’ve mentioned in this tutorial. Take a look at the example below, I’ve never met anybody with a name like that!

Example of a spam comment -- innocuous, with keywords
Kind words but from an oddly-named person!

So that’s comments, but what about pingbacks?

Alongside your comment notifications you’ve probably noticed that you’re getting pingback notifications too. That’s a tutorial for another day, but in the meantime, you can read more about pingbacks on the WordPress support website.

How do I stop comment spam?

There are no automated solutions out there which are guaranteed to stop comment spam completely. That’s why I wanted to show you how to recognise it manually first.

However, in terms of getting the most bang for your buck you could do a lot worse than CloudFlare. It doesn’t focus specifically on blocking comment spam, but it is a system that learns to recognise the ever-changing identities of hackers, content scrapers and spam bots out there.

CloudFlare will do you a massive favour by preventing many bad actors from even reaching your website in the first place. But don’t take my word for it, ask Jim Westergren why he uses CloudFlare.

All of the websites we host at EggCup Web Design are configured with CloudFlare from the word go. So the good news is if you’re already one of our clients you can rest easy. If not, why not take a look at what we could do to help you.

Some spam will always make it past the front line though. That’s why I always recommend a layered approach. It’s free to install Antispam Bee, a WordPress plugin that analyses every comment for spam.

If you’re still drowning in spam after implementing all these measures, there’s further guidance available in the WordPress Codex.

What else would you like to learn?

We hope you found this tutorial useful. What other elements of managing your WordPress website would you like extra help with? Send us a message with your feedback and ideas!

Featured image by Fugue (Own work) [CC BY-SA 2.0], via Flickr