traffic signs, attention, sign-464655.jpg

Basic Tutorial #7:

How to Protect Against WordPress Comment Spam


WordPress Tutorial #7

It’s so exciting to get your first comments on your new blog!

Until you realize they’re pushing some shady link, or selling something that has nothing to do with what your blog is about.

Then they become a big nuisance, also known as the dreaded comment spam.

What can you do?

When it comes to WordPress spam protection, the Akismet plugin is your first line of defense. Follow these easy step-by-step instructions.

There are two types of bad guys you need to protect your WordPress site from: spammers and hackers. Proper WordPress security includes both.

Spammers are at best a nuisance. At worst they can open the way for serious site problems.

Fortunately it’s not too difficult to thwart them.

Note: This article was updated on July 9, 2022.

Your First Line of Defense: Akismet

Akismet is made by a WordPress cofounder.. It’s designed to catch spam comments and hold them for you.

To put it to work, you just need the Akismet plugin and an API Key. I’ll show you how to get that.

#1. Install the plugin

In your WordPress Dashboard, click the Plugins tab on the left. After you do that, you’ll see a list of all the plugins that are already installed. If you don’t see Akismet there, you’ll need to add it. If it’s already installed, skip to step #

Click Add New.

plugins menu in your WordPress dashboard

Akismet Anti-Spam should be the first plugin listed, at the top, under Featured. (Or you can download it here.

Akismet Anti-Spam should be the first plugin listed under Featured Plugins

#2. Install and Activate Akismet

Click Install Now, and then Activate. You’ll see a page that looks like this. (If you’re installing from a download, follow the normal steps to upload and install it.)

First screen to set up Akismet - promises to eliminate spam from your site

Click the big blue Set up your Akismet account button.

Follow the prompts until you see this screen.

Select your plan

There’s a Personal option, which provides only basic spam protection. It’s for non-commercial use only. If you select this option, it asks for $36/year, but you can manually change it to anything from $0 to $120 annually.

The Plus plan is more robust, with advanced statistics, priority support, and permission to use it on commercial sites. It’s $5/month per site. Then there’s an Enterprise plan, which costs $50/month for unlimited sites.

The Plus plan is probably the one you want. Fill out the payment information, and click Continue. Note if you choose to pay annually, you get a whopping $1 discount!

fill in payment information

They’ll email you a confirmation code. Check your email, grab the code, and paste it into the appropriate box.

enter the confirmation code that Akismet sent to your email

Enter the confirmation code, then click Continue.

It will take a few seconds, and then you’ll see this.

Akismet Anti-Spam signup complete screen

#3. Install your Akismet API Key

You can get your API key either from the email they send, or by logging into your WordPress.com account dashboard.

From your email

You’ll receive an email that looks like this:

Your Akismet email containing the API key

If you still have the Akismet screen open showing the blue Set up your Akismet account button, you can click the link below it that says Manually enter an API key.

This is where you enter your API key

Otherwise, navigate to Plugins / Installed Plugins and Akismet should be at the top of the list. Click Settings.

Akismet should be the first plugin listed

Alternatively, if you see this big button, go ahead and click it.

Or you can click the big blue Set up your Akismet account button

Enter the API key you were sent, and click Connect with API Key.

Retrieve the API key from your Akismet dashboard

Akismet is a product of WordPress.com, which is a hosting and software company. By downloading and installing Akismet, you’ve created an account with them. You can find your API key at any time by logging into your account at Akismet.com using the email address you used when downloading Akismet.

#4. Set up Akismet Anti-Spam

Once you connect your API key, you’ll see some additional choices.

Akismet spam protection settings

Choose whether to show each commenter’s number of approved comments, whether you’ll manually review all spam, and whether you’ll display a privacy notice, then click Save Changes.

Once Akismet has been running for a while, you’ll see some statistics like this (depending on which plan you chose).

Akismet Anti-Spam statistics

#5. That’s it, you’ve installed Akismet!

Akismet immediately starts looking at the comments submitted to your site, and it sets aside the ones it identifies as spam. It will even notify you when there’s spam in the folder for your review!

Some WordPress site owners find this is all they need. Others find that, for one reason or another, they get more spam comments than they want to handle.

My suggestion is to wait a while. If you start getting a lot of spam and want something else to help reduce it, add a Captcha to your contact form. I’ll review that in another post.

Ready for the next tutorial? Click here.

Interested in WordPress Security? Check out these articles.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.