One of the biggest problems in running a WordPress blog is the comments spam. Being the world’s most popular blogging platform, WordPress not only offers wonderful features but also invites lots and lots of spam comments to your blog. Though plugins like Akismet helps to identify spam comments, it is essential to take some advanced steps to reduce the comments spam on your WordPress site. All in one WP security and firewall is a free plugin helps to reduce spams to certain extent. In this article, we will discuss how to prevent comments spam in WordPress site using All-In-One Security (AIOS) – Security and Firewall plugin.
All-In-One Security (AIOS) – Security and Firewall Plugin
This is one of the free and popular security plugins available for WordPress sites. It measures the security of your WordPress site with points system by defining certain points to each security measure. Navigate to “Plugins > Add New” on your WordPress admin dashboard and search for “all in one wp security” in the search box. Find and install the All-In-One Security (AIOS) – Security and Firewall plugin on your site.
The plugin has more than 1 million active installations and offered by Team Updraft. Earlier it was from Tips and Tricks HQ team and subsequently sold to Team Updraft who also sells other popular plugins like UpdraftPlus and WP Optimize. Once activated, the plugin will create a shortcut menu “WP Security” with plenty of sub-menu items. Navigate to “WP Security > Dashboard” to see the overall summary of the security status.
Comments Spam Protection
Among many other options comment spam prevention is one of the free security features offered by the plugin. Navigate to “WP Security > SPAM Prevention” to see the comments spam prevention options. There are three tabs under this section:
- Comments Spam
- Comments Spam IP Monitoring
- BuddyPress
Comments Spam
You have two options under this section.
Add Captcha to Comments Form
The first option is to enable captcha on the comment form of your site. Enabling captcha on the comment form will add 20 points in the security scale and the plugin will automatically add the captcha without any additional plugin or .htaccess entries.
Once the captcha is enabled there will be a question added to your theme’s comment form and it will look like below:
Block Spambot Comments
The second option is to block comments generated by automatic spambots. When you look into your spam comments you can easily find out that more than 90% of the spam comments are not submitted by a human user. For example, comments submitted by spambots generally use capital letters unnecessarily and have special characters in between which human users will never do it. So blocking the spambots will considerably reduce the spam comments and save lot of time for you. Enabling this option will add 10 more points to the security scale of your site.
When a user manually submits a comment on your site, the referrer field “HTTP_REFERRER” should be your own domain. The plugin effectively blocks all submissions if the “HTTP_REFERRER” is not your own domain thus preventing the bots to submit comments directly calling “comments.php” file from your WordPress installation. The plugin does this by adding the following directive in .htaccess file.
#AIOWPS_BLOCK_SPAMBOTS_START
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$
RewriteCond %{HTTP_REFERER} !^http://localhost [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* http://127.0.0.1 [L]
</IfModule>
#AIOWPS_BLOCK_SPAMBOTS_END
Comments Spam IP Monitoring
Monitoring and blocking the IP address of the spam commenter helps is reducing the repeat spam comments. This tab has three sections:
- Auto block Spammer IPs
- List Spammer IP Addresses
- Spammer IP Address Results
Since the plugin does not use .htaccess for these options, there should be no conflict when using these options on your site.
Auto Block Spammer IPs
How about automatically blocking the user’s IP when there are 3 spam comments received? You can enable this by selecting the checkbox “Enable Auto Block of Spam Comment IPs” and mention the minimum number of spam comments. For example, if you mention 3 then the commenter’s IP will be automatically blocked when there are 3 or more spam comments submitted from that IP.
When you have blocked IP addresses it will be shown in the box like below and you can view the blocked IP addresses any point of time.
Note: Clicking on the “View Blocked IPs” button will take you to “Dashboard > Permanent Block List” and shows the list of permanently blocked IPs. In a practical scenario, if you have Akismet plugin installed and enter 5 as minimum number of spam comments then all IP addresses leaving 5 or more spam comments will be automatically blocked.
List Spammer IP Addresses and Spammer IP Address Results
If you do not want to auto block the IPs and want to manually deal with the spammers IP then enter the “Minimum number of spam comments per IP”. For example, if you enter 2 and click on the “Find IP Addresses” button then all IPs from which two or more spam comments received will be listed.
From the list of IP addresses, you can either block individual IP address or do bulk blocking.
BuddyPress
The last option for spam prevention is to add a captcha on BuddyPress registration form. If you don’t use BuddyPress then the plugin will show the message and this option is not useful for you. If you are using BuddyPress then enabling this option will add a mathematical captcha in the registration form and reduce the spam signups.
Other Options for Blocking Spam Comments
If you are already using any other security plugin, then AIOS will be redundant and you can consider other alternate options.
- Often you do not need comments for older blog posts. Hence, you can set a time frame to close the comments on old posts (for example – posts published more than a month ago). For that, go to “Settings > Discussion” section and enable “Automatically close comments on posts older than — days” option. By default, WordPress uses 14 days and make sure to enter the number of days as per you need.
- You can consider using alternate commenting systems like Jetpack or Disqus to replace the default comment form. Check complete list of plugins to manage comments in WordPress.
- If you notice comments from automated bots, then try Forget Spam Comment plugin along with Akismet to stop bot comments.
Conclusion
Though preventing spam comments is required, it needs lot of efforts for site owners to monitor and take necessary actions. Plugins like Akismet identify and classify the comment as a spam but does not do any further action. So, we recommend to give a try to All-In-One WP Security (AIOS) – Security and Firewall plugin to block the spam commenters and save your time.
Leave a Reply
Your email is safe with us.