In the previous article we talked about WordPress security in terms of site infrastructure and administration. Comment field, though is born to be good to create interactions, however, is a potential security threat too.
A WordPress site heavily spammed with junk comments does not harm directly as what hacking does, but it will affect its professionalism and reputation seriously. A step further, if the comment spam contain links of bad or phishing websites it may get you in legal troubles too.
Keep the following house keeping tasks should help you get rid of comment spam:
Install a spam filter
Install, activate and configure a spam filtering plugin such as Akismet or Defensio Anti-Spam. It builds the first barrier to spammers even without on-going admin intervention at all.
Configure a desired discussion setting
From the Dashboard, go to Settings > Discussion.
Other comment settings: Make sure “Comment author must fill out name and email” is checked. You definitely need to know who left the comment.
Before a comment appears: You should check “An administrator must always approve the comment.”. As an additional gate keeper, you can consider to uncheck “Comment author must have a previously approved comment” too.
Comment Moderation: The text box for “Hold a comment in the queue if it contains [ ] or more links” should have a “1″ in it. It blocks all attempts to seed any links in your website.
Below that box, you can also add some spam catcher words, names, urls, e-mail, and IPs. WordPress official website maintains a suggested list of such words. You can check it out at:
Comment Blacklist: You can fill out the text box with the content, name, url, e-mail or IP you want to blacklist from your website.
The above provides the most stringent spam filtering mechanics for a WordPress site. I’ sure it will turn away some positive comment authors too. What you should do is to keep observing and tuning the above settings to find the most optimal one for you.