Monthly Archives: February 2015

Protecting your blog from spam comments

If you blog you want comments for conversation with your readers, feedback on your work or to receive suggestions for improvement. You can set comments to be made anonymously, but in general it is best to have people who want to contribute comments to identify themselves.

There will be comments from unknown sources which are out of context or raise concern about their genuineness. These “spam comments” might be approved by you as the ‘Blog moderator’ and therefore appear on your blog.

The spammer is promoting links via comments on various blog postings. They don’t care who the blogger is. The spammers are hoping that you may approve all the comments in one go.

the WordPress dashboard showing comments

You can see comments by clicking on the menu in the left-hand of your WordPress dashboard

In the dashboard (above) you will see the genuine comments mixed with the spam. You can also filter by the categories shown in the top navigation menu of the comments in the dashboard.

To avoid your blog being overrun in this way:

  1. Don’t approve a comment which is out of context with the post
  2. When approving a comment check if it has any Web link associated to it, but be very careful of clicking on any link you are suspicious of
  3. Check the sender’s name, anonymous, unusual email address, is the sender’s name hyperlinked. Check all of these for authenticity.
  4. Check if the comment is being made on a recent post, or an older one.
  5. Ask your blog readers to report comments for spam or if they are offensive

Here’s a real comment:

“I was recommended this blog by my teacher. Its amazing! Thanks!”

This information seems to be of little threat. However the settings of your blog may mean that if you allow a username to comment once, then their comments are not moderated, i.e. the blog moderator does not have a chance to check it for its authenticity.

As the moderator of a blog you can set WordPress to notify you by email when comments are received. Be prepared for many spam messages! In particular you should always use the dashboard to actually work with comments. Although you can click links to approve comments from your email, it is only in the dashboard that you’ll see all the information WordPress can show you about the comment/commenter.

We have more suggestions for securing your blog.

Leave a comment

Filed under Security