How to Reduce WordPress Spam Comments by Integrating reCAPTCHA and Other Options

WordPress Spam Comments

Last updated - September 8, 2021

As you probably know, WordPress Comments form enhances user engagement on your site, but it is also a frequent target of spammers. We have already discussed some of the in-built features of WordPress that will help to reduce spam in a previous tutorial. In this article, we will discuss how you can reduce spam comments by integrating reCAPTCHA, along with a few other strategies.

An overview of Google reCAPTCHA

Google reCAPTCHA is a user-friendly way to integrate CAPTCHA as it prevents fake users from interacting with your website. Since WordPress comments form is a regular target of spammers, integrating reCAPTHA will make it seamless for legit users to leave comments on your posts.

There are different types of reCAPTCHA that you can choose from. In reCAPTCHA v2, the requests are verified with a challenge. One of the most popular ones is the “I am not a robot” checkbox, where the user needs to tick a checkbox stating that they are not a robot but human. reCAPTCHA v2 also has an option to use an invisible reCAPTCHA, which is invoked when a user clicks an existing button on your site. This type of reCAPTCHA does not require users to click anything, though in suspicious scenarios users will be prompted to solve a CAPTCHA.

With reCAPTCHA v3, you will be able to verify user interactions without any inputs from users. It assigns a score from 0.0 to 1.0 for all interactions, and based on this score the site owner will be able to assign further actions for low-scoring interactions. These actions, configured in the site’s backend, could be enforcing two-factor authentication, sending a comment to moderation, etc.

Choosing between reCAPTCHA v2 and v3 could be tricky for website owners. If you are keen on providing a completely uninterrupted interaction for your users, reCAPTCHA v3 should be the ideal choice. Using v2 will significantly reduce complexities in your website administration, though at the cost of a better user experience.

There is also reCAPTCHA Enterprise, which offers advanced features like company-specific risk models and enhanced risk scoring. reCAPTCHA Enterprise users get market-leading support as well. Also, according to Google, all reCAPTCHA versions are free up to 1 million assessments per month.

How to integrate reCAPTCHA on the Comments Form?

Google reCAPTCHA is a user-friendly way to integrate CAPTCHA to your website as it simply makes the user tick a checkbox that verifies that they are not a robot.

Google reCAPTCHA is a simple way to verify the user is actually a human and not a bot.

You can use the reCaptcha by BestWebSoft plugin to integrate it with WordPress.

This is one of the simplest options to integrate Google reCAPTCHA with your WordPress website.

First, install and activate the plugin. On the plugin settings page, you need to choose the reCaptcha Version, and enter the Site Key and the Secret Key. To obtain the keys, you need to register the domain on the Google reCAPTCHA site, and submit details such as site label, domain name, the email of the site owner, and your choice of the reCAPTCHA type.

You have to provide information such as site label, domain name, email of the site owner, and specify the reCAPTCHA type to generate keys.

Once the keys are generated, you can copy and paste the keys into the designated fields in the plugin settings page. Also remember to enable reCAPTCHA for comment form.

WordPress Spam Comments
Once you get the keys, you can enter them and enable reCAPTCHA on the comments form.

Save the changes, and your comments form will show the reCAPTCHA verification on the frontend when a user tries to leave a comment.

WordPress Spam Comments
Once the keys are added to the plugin settings, the reCAPTCHA will be visible on the comment form in the frontend of the site.

Setting up reCAPTCHA v3

You can use the same plugin to integrate reCAPTCHA v3 as well. While registering your site with Google reCAPTCHA, you need to choose the reCAPTCHA type as v3, and accordingly the keys will be generated.

In the plugin settings, you need to choose reCAPTCHA version 3 before adding the keys. Here you can also optionally hide the reCAPTCHA badge.

Using a third party commenting system

Integrating with a third party comment hosting service can be a significant upgrade for the default WordPress comment system. For example, with Disqus, you can boost user engagement on your website with features like media upload, voting, etc. It also offers features like better formatting options for the comment text, easy login options, recommendations widget, etc. 

Disqus is a popular comments hosting system that offers a range of features to make your comments system more interactive and secure.

For spam reduction, Disqus offers an anti-spam filter from the popular plugin Akismet. It also offers automated pre-moderation controls, where comments can be flagged based on the user’s reputation, or the presence of links. You will also get email notifications for new comments and replies.

With the Disqus Comment System plugin, you can easily integrate it with your WordPress system. For small blogs, the free basic version of Disqus will be sufficient, and you can upgrade to advanced plans for more features.

Disqus offers a free WordPress plugin to integrate Disqus with your WordPress site. You may have to sign up for a pricing plan to access some of the advanced features of this system.

Using an anti-spam plugin

Installing an anti-spam plugin would be one of the most obvious strategies to reduce spam comments.

Akismet

By automatically comparing each comment on your site with their global spam database, Akismet plugin offers protection from spam. It also provides a status history to help you understand the spam filtering process.

For Personal purposes, you can use the Akismet API for free, or at a price that you can afford, while there are different pricing options available for Commercial use.

Akismet is one of the most popular plugins in the WordPress repository, and it offers reliable protection from spam.

Antispam Bee

Another popular plugin you can use is Antispam Bee, which will help make your comment interface more trustworthy. You can configure it to accept comments only from trusted users, or allow comments only in specific languages. It also gives you the ability to allow or disallow comments based on the country of the user.

This plugin provides you a lot of features that will help improve the comments system, and also ensure better quality for your comments.

Removing website link from the comment form

A lot of spammers will be trying to get a backlink by commenting on your site. If you notice this as a trend on your site, you can disable the url field in the Comments form. With the Comment Link Remove plugin, you will be able to remove the website field from your WordPress Comment form. If needed, you can also remove hyperlinks and HTML link tags from the comment field. This plugin also helps you disable urls turning into hyperlinks, and also to easily delete comments.

Apart from removing the website field from comments, the plugin also offers to disable turning urls into hyperlinks in the comments field.

Set a minimum and maximum length for comments

To prevent spammers from leaving one-word comments, you can set a minimum and maximum length for comments. With the Yoast Comments Hacks plugin, you can manage this. With the word limits, you can also display custom warning messages when users attempt to leave comments outside the specified range.

WordPress Spam Comments
You can choose a minimum and maximum word limit for comments, and then display a custom error message when the limits are not met.

WAF

Adding a Web Application Firewall could also help to reduce spam traffic to your website. For example, with the Sucuri firewall, you will be able to prevent spam comments by bots from reaching your site.

Sucuri web application firewall can help in blocking a lot of comments from bots.

We hope this article has helped you understand a few strategies to reduce WordPress spam comments through your posts’ and pages’ comment forms. Leave us a comment if you have any queries, or have some insights to share.

Further reading