WordPress Tutorial #5

There are two types of bad guys you need to protect your WordPress site from: spammers and hackers. Proper WordPress security includes both.

Spammers are at best a nuisance. At worst they can open the way for serious site problems.

Fortunately it’s not too difficult to thwart them.

Your First Line of Defense: Akismet

Akismet is your first line of defense against comment spam on your WordPress site.

Akismet comes preloaded with WordPress and it’s made by the WordPress folks themselves. It’s designed to catch spam comments and hold them for you.

To put it to work, you just need the Akismet plugin and an API Key. I’ll show you how to get that.

#1. In your WordPress Dashboard, click the Plugins tab on the left.


Akismet should be the first plugin listed, at the top.


#2. Activate Akismet

Click the activate link.


It takes you to a page titled Akismet Configuration.

#3. Get your Akismet API Key

Click the link that says Akismet.com.

You’ll see the Akismet home page.


Click the button that says Get an Akismet API Key

#4. Choose Your Service and Make Your Payment

Most of you will select either Personal or Pro.


Click the appropriate box and follow the instructions for payment. If you choose the Personal plan, think about making a small donation to offset the cost of the service. (Just move the green slider button to the amount you’re comfortable with.)

Once you’ve completed the payment steps, Akismet will provide your API key. It’ll be a series of letters and numbers. Make sure you copy it to a safe location.

#5. Type in your API Key

Now, go back to your WordPress Dashboard, and navigate to the Plugins page.

Click the Settings button under Akismet to get back to the Configure page.


Type in your API key and click the Update Options button. Within a second or two you should see a message telling you “Your Key has been verified.”

If you don’t see that message, try typing the key in again, or better yet, copy and paste it into the box.

I always check the box next to “Auto-delete spam submitted on posts more than a month old.” You can also decide if you want to show the number of comments for each comment author. If you’ve made any changes, click the Update Options button again.

#6. That’s it, you’ve installed Akismet!

Akismet immediately starts looking at the comments submitted to your site, and it sets aside the ones it identifies as spam. It will even notify you when there’s spam in the folder for your review!

Some WordPress site owners find this is all they need. Others find that, for one reason or another, they get more spam comments than they want to handle.

My suggestion is to wait a while. If you start getting a lot of spam and want something else to help reduce it, add a Captcha to your contact form. I’ll review that in another post.

Interested in WordPress Security? Check out these articles.