WordPress hacks and snippets to efficiently reduce spam

Spam is a nuisance and every blogger have to deal with it. As a WordPress user, I bet you already use Akismet, which is definitely a great way to reduce spam. But several other tricks can definitely help. Here are my favorite WordPress hacks and code snippets to reduce spam on your blog.

Automatically mark as spam comments with a super long url

Have you ever noticed that most spam comments have a very long url? So a good way to catch more spam comments which haven’t been caught by Akismet is to automatically mark as spam comments with an url longer than 50 characters.

To apply this tip, just paste the code below in your functions.php file. This code will mark as spam any comment with an url longer than 50 characters. This number can be changed on line 4.


  function rkv_url_spamcheck( $approved , $commentdata ) {
    return ( strlen( $commentdata['comment_author_url'] ) > 50 ) ? 'spam' : $approved;

  add_filter( 'pre_comment_approved', 'rkv_url_spamcheck', 99, 2 );


This snippet is really efficient and allowed me to reduce spam on my blogs.

Source: http://css-tricks.com/snippets/wordpress/spam-comments-with-very-long-urls/

Remove the url field from your comment form

A radical way to fight spam on your blog is to remove the url field from your comment form, so commenters will not be able to link to their website. It’s not really cool for them, but if you’re running a very large blog with lots of spam, this can be a solution.

Paste this code into your functions.php file. Once saved, the url field will be removed from your comment form.

function remove_comment_fields($fields) {
    return $fields;

Source: http://wp.tutsplus.com/tutorials/creative-coding/customizing-comments-in-wordpress…/

Remove url field from the comment form and automatically spam comments with urls

Now if you want a really really efficient and radical way to get rid of spam, let combine the two functions above.

First, let’s remove the url field from the comment form. And then, make sure that no spammer have a trick to still inserting an url by automatically mark as spam any comment with something in the url field.

function remove_comment_fields($fields) {
    return $fields;


  function rkv_url_spamcheck( $approved , $commentdata ) {
    return ( strlen( $commentdata['comment_author_url'] ) > 1 ) ? 'spam' : $approved;

  add_filter( 'pre_comment_approved', 'rkv_url_spamcheck', 99, 2 );


This code have to be pasted in your functions.php file to work.

Unlink urls in comment text

Are you tired that some people use your website to link to other sources, most of them being unrelated to the post content? Then here’s a trick I’m using on both CatsWhoCode.com and WPRecipes.com: Remove the automatic linking of url in the comment text.

As usual, this code goes straight to your functions.php file.

remove_filter('comment_text', 'make_clickable', 9);

Source: http://www.wprecipes.com/wordpress-hack-remove-autolinks-in-comments

Automatic “Nofollow” for external links in comment text

If you want to reduce the amount of spammy links in comment text, without removing the automatic linking of urls as shown above, here’s an alternative: Simply add a rel="nofollow" attribute to all external links.

Paste the code below into your functions.php file, and then save the file.

add_filter('comment_text', 'auto_nofollow');
function auto_nofollow($content) {
    //return stripslashes(wp_rel_nofollow($content));
    return preg_replace_callback('/<a>]+/', 'auto_nofollow_callback', $content);
function auto_nofollow_callback($matches) {
    $link = $matches[0];
    $site_link = get_bloginfo('url');
    if (strpos($link, 'rel') === false) {
        $link = preg_replace("%(href=S(?!$site_link))%i", 'rel="nofollow" $1', $link);
    } elseif (preg_match("%href=S(?!$site_link)%i", $link)) {
        $link = preg_replace('/rel=S(?!nofollow)S*/i', 'rel="nofollow"', $link);
    return $link;

Source: http://www.onextrapixel.com/2012/10/12/5-code-snippets-for-interacting…

Spam comments based on a word list

As spammers generally target specific keywords, it can be useful to create a blacklist and automatically mark as spam comments which contains one or more words from the blacklist.

To add keywords, simply edit the array on line 9. Then, paste this code snippet into your functions.php file.

function in_comment_post_like($string, $array) { 
	foreach($array as $ref) { if(strstr($string, $ref)) { return true; } } 
	return false;
function drop_bad_comments() {
	if (!empty($_POST['comment'])) {
		$post_comment_content = $_POST['comment'];
		$lower_case_comment = strtolower($_POST['comment']);
		$bad_comment_content = array(
			'hair loss',
			'russian girls',
			'russian brides',
			'no prescription',
			'without a prescription',
			'sex pics',
			'family incest',
			'online casinos',
			'online dating',
			'best forex',
		if (in_comment_post_like($lower_case_comment, $bad_comment_content)) {
			$comment_box_text = wordwrap(trim($post_comment_content), 80, "\n  ", true);
			$txtdrop = fopen('/var/log/httpd/wp_post-logger/nullamatix.com-text-area_dropped.txt', 'a');
			fwrite($txtdrop, "  --------------\n  [COMMENT] = " . $post_comment_content . "\n  --------------\n");
			fwrite($txtdrop, "  [SOURCE_IP] = " . $_SERVER['REMOTE_ADDR'] . " @ " . date("F j, Y, g:i a") . "\n");
			fwrite($txtdrop, "  [USERAGENT] = " . $_SERVER['HTTP_USER_AGENT'] . "\n");
			fwrite($txtdrop, "  [REFERER  ] = " . $_SERVER['HTTP_REFERER'] . "\n");
			fwrite($txtdrop, "  [FILE_NAME] = " . $_SERVER['SCRIPT_NAME'] . " - [REQ_URI] = " . $_SERVER['REQUEST_URI'] . "\n");
			fwrite($txtdrop, '--------------**********------------------'."\n");
			header("HTTP/1.1 406 Not Acceptable");
			header("Status: 406 Not Acceptable");
			header("Connection: Close");
			wp_die( __('bang bang.') );
add_action('init', 'drop_bad_comments');

Source: http://www.wprecipes.com/automatically-refuse-spam-comments-on-your-wordpress-blog

Deny commenting to non-referrer requests

Here is a very useful tip to prevent spambots from dropping spam bombs by denying access to all requests that do not originate from your domain.

Copy the code below, update the domain name on line 5 and then paste it in your .htaccess file. This file is located at the root of your WordPress install. Don’t forget to always make a backup before editing this file!

# block comment spam by denying access to no-referrer requests
RewriteEngine On
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*catswhocode.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ ^http://the-site-where-you-want-to-send-spammers.com/$ [R=301,L]

Source: http://perishablepress.com/block-spam-by-denying-access-to-no-referrer-requests/

  • This is why we chose a third-party for comments – less hassle, etc.

    • True, I use Disqus and it cuts down on a lot of spam comments.

  • Zhu

    I can’t believe how much spam I get on my blog… usally about 100-200 spam comments per day. Considering I am not running a large website, it seems like a lot! Fortunately, Akismet does a good job, but I am going to try some of your tricks as well, like the keywords list. I also banned Russian domain names. .ru. Sucks for legitimate Russian commenters I guess, but I had way too much Russian spam!

  • I like your idea about super long urls, but on the whole I think making it difficult to comment is not a way out. After receiving lots of spam on my blog, I finally chose comluv plugin as the best solution, plus set a premoderation – if something still skips automatic its easy to stop it from appearing + it’s easy for visitors to comment

  • Jaymoon

    Automatically marking comments with a URL (when there is no URL field) as spam is great… But how might I go about automatically deleting them? Since no legitimate comment will contain a URL, why not save a step and just directly trash them?

  • Jean, thanks a lot for these tips!!!! I am currently using Disqus system and I am not getting any spam comments, what do you think about this comment system??

  • Meyer

    NO, you need disqus or facebook comments

  • I use Akismet and it seems to work fine for my purposes…

  • Mittul Chauhan

    some of the good tips which i was not using .. so thank you.