Basic Tutorial #7:
How to Protect Against WordPress Comment Spam
WordPress Tutorial #7
It’s so exciting to get your first comments on your new blog!
Until you realize they’re pushing some shady link, or selling something that has nothing to do with what your blog is about.
Then they become a big nuisance, also known as the dreaded comment spam.
What can you do?
When it comes to WordPress spam protection, the Akismet plugin is your first line of defense. Follow these easy step-by-step instructions.
There are two types of bad guys you need to protect your WordPress site from: spammers and hackers. Proper WordPress security includes both.
Spammers are at best a nuisance. At worst they can open the way for serious site problems.
Fortunately it’s not too difficult to thwart them.
Note: This article was updated on July 9, 2022.
Your First Line of Defense: Akismet
Akismet is made by a WordPress cofounder.. It’s designed to catch spam comments and hold them for you.
To put it to work, you just need the Akismet plugin and an API Key. I’ll show you how to get that.
#1. Install the plugin
In your WordPress Dashboard, click the Plugins tab on the left. After you do that, you’ll see a list of all the plugins that are already installed. If you don’t see Akismet there, you’ll need to add it. If it’s already installed, skip to step #
Click Add New.
Akismet Anti-Spam should be the first plugin listed, at the top, under Featured. (Or you can download it here.
#2. Install and Activate Akismet
Click Install Now, and then Activate. You’ll see a page that looks like this. (If you’re installing from a download, follow the normal steps to upload and install it.)
Click the big blue Set up your Akismet account button.
Follow the prompts until you see this screen.
There’s a Personal option, which provides only basic spam protection. It’s for non-commercial use only. If you select this option, it asks for $36/year, but you can manually change it to anything from $0 to $120 annually.
The Plus plan is more robust, with advanced statistics, priority support, and permission to use it on commercial sites. It’s $5/month per site. Then there’s an Enterprise plan, which costs $50/month for unlimited sites.
The Plus plan is probably the one you want. Fill out the payment information, and click Continue. Note if you choose to pay annually, you get a whopping $1 discount!
They’ll email you a confirmation code. Check your email, grab the code, and paste it into the appropriate box.
Enter the confirmation code, then click Continue.
It will take a few seconds, and then you’ll see this.
#3. Install your Akismet API Key
You can get your API key either from the email they send, or by logging into your WordPress.com account dashboard.
From your email
You’ll receive an email that looks like this:
If you still have the Akismet screen open showing the blue Set up your Akismet account button, you can click the link below it that says Manually enter an API key.
Otherwise, navigate to Plugins / Installed Plugins and Akismet should be at the top of the list. Click Settings.
Alternatively, if you see this big button, go ahead and click it.
Enter the API key you were sent, and click Connect with API Key.
Retrieve the API key from your Akismet dashboard
Akismet is a product of WordPress.com, which is a hosting and software company. By downloading and installing Akismet, you’ve created an account with them. You can find your API key at any time by logging into your account at Akismet.com using the email address you used when downloading Akismet.
#4. Set up Akismet Anti-Spam
Once you connect your API key, you’ll see some additional choices.
Choose whether to show each commenter’s number of approved comments, whether you’ll manually review all spam, and whether you’ll display a privacy notice, then click Save Changes.
Once Akismet has been running for a while, you’ll see some statistics like this (depending on which plan you chose).
#5. That’s it, you’ve installed Akismet!
Akismet immediately starts looking at the comments submitted to your site, and it sets aside the ones it identifies as spam. It will even notify you when there’s spam in the folder for your review!
Some WordPress site owners find this is all they need. Others find that, for one reason or another, they get more spam comments than they want to handle.
My suggestion is to wait a while. If you start getting a lot of spam and want something else to help reduce it, add a Captcha to your contact form. I’ll review that in another post.
Ready for the next tutorial? Click here.
Interested in WordPress Security? Check out these articles.