Last updated - September 8, 2021
As you probably know, WordPress Comments form enhances user engagement on your site, but it is also a frequent target of spammers. We have already discussed some of the in-built features of WordPress that will help to reduce spam in a previous tutorial. In this article, we will discuss how you can reduce spam comments by integrating reCAPTCHA, along with a few other strategies.
An overview of Google reCAPTCHA
Google reCAPTCHA is a user-friendly way to integrate CAPTCHA as it prevents fake users from interacting with your website. Since WordPress comments form is a regular target of spammers, integrating reCAPTHA will make it seamless for legit users to leave comments on your posts.
There are different types of reCAPTCHA that you can choose from. In reCAPTCHA v2, the requests are verified with a challenge. One of the most popular ones is the “I am not a robot” checkbox, where the user needs to tick a checkbox stating that they are not a robot but human. reCAPTCHA v2 also has an option to use an invisible reCAPTCHA, which is invoked when a user clicks an existing button on your site. This type of reCAPTCHA does not require users to click anything, though in suspicious scenarios users will be prompted to solve a CAPTCHA.
With reCAPTCHA v3, you will be able to verify user interactions without any inputs from users. It assigns a score from 0.0 to 1.0 for all interactions, and based on this score the site owner will be able to assign further actions for low-scoring interactions. These actions, configured in the site’s backend, could be enforcing two-factor authentication, sending a comment to moderation, etc.
Choosing between reCAPTCHA v2 and v3 could be tricky for website owners. If you are keen on providing a completely uninterrupted interaction for your users, reCAPTCHA v3 should be the ideal choice. Using v2 will significantly reduce complexities in your website administration, though at the cost of a better user experience.
There is also reCAPTCHA Enterprise, which offers advanced features like company-specific risk models and enhanced risk scoring. reCAPTCHA Enterprise users get market-leading support as well. Also, according to Google, all reCAPTCHA versions are free up to 1 million assessments per month.
How to integrate reCAPTCHA on the Comments Form?
Google reCAPTCHA is a user-friendly way to integrate CAPTCHA to your website as it simply makes the user tick a checkbox that verifies that they are not a robot.
You can use the reCaptcha by BestWebSoft plugin to integrate it with WordPress.
First, install and activate the plugin. On the plugin settings page, you need to choose the reCaptcha Version, and enter the Site Key and the Secret Key. To obtain the keys, you need to register the domain on the Google reCAPTCHA site, and submit details such as site label, domain name, the email of the site owner, and your choice of the reCAPTCHA type.
Once the keys are generated, you can copy and paste the keys into the designated fields in the plugin settings page. Also remember to enable reCAPTCHA for comment form.
Save the changes, and your comments form will show the reCAPTCHA verification on the frontend when a user tries to leave a comment.
Setting up reCAPTCHA v3
You can use the same plugin to integrate reCAPTCHA v3 as well. While registering your site with Google reCAPTCHA, you need to choose the reCAPTCHA type as v3, and accordingly the keys will be generated.
In the plugin settings, you need to choose reCAPTCHA version 3 before adding the keys. Here you can also optionally hide the reCAPTCHA badge.
Using a third party commenting system
Integrating with a third party comment hosting service can be a significant upgrade for the default WordPress comment system. For example, with Disqus, you can boost user engagement on your website with features like media upload, voting, etc. It also offers features like better formatting options for the comment text, easy login options, recommendations widget, etc.
For spam reduction, Disqus offers an anti-spam filter from the popular plugin Akismet. It also offers automated pre-moderation controls, where comments can be flagged based on the user’s reputation, or the presence of links. You will also get email notifications for new comments and replies.
With the Disqus Comment System plugin, you can easily integrate it with your WordPress system. For small blogs, the free basic version of Disqus will be sufficient, and you can upgrade to advanced plans for more features.
Using an anti-spam plugin
Installing an anti-spam plugin would be one of the most obvious strategies to reduce spam comments.
By automatically comparing each comment on your site with their global spam database, Akismet plugin offers protection from spam. It also provides a status history to help you understand the spam filtering process.
For Personal purposes, you can use the Akismet API for free, or at a price that you can afford, while there are different pricing options available for Commercial use.
Another popular plugin you can use is Antispam Bee, which will help make your comment interface more trustworthy. You can configure it to accept comments only from trusted users, or allow comments only in specific languages. It also gives you the ability to allow or disallow comments based on the country of the user.
Removing website link from the comment form
A lot of spammers will be trying to get a backlink by commenting on your site. If you notice this as a trend on your site, you can disable the url field in the Comments form. With the Comment Link Remove plugin, you will be able to remove the website field from your WordPress Comment form. If needed, you can also remove hyperlinks and HTML link tags from the comment field. This plugin also helps you disable urls turning into hyperlinks, and also to easily delete comments.
Set a minimum and maximum length for comments
To prevent spammers from leaving one-word comments, you can set a minimum and maximum length for comments. With the Yoast Comments Hacks plugin, you can manage this. With the word limits, you can also display custom warning messages when users attempt to leave comments outside the specified range.
Adding a Web Application Firewall could also help to reduce spam traffic to your website. For example, with the Sucuri firewall, you will be able to prevent spam comments by bots from reaching your site.
We hope this article has helped you understand a few strategies to reduce WordPress spam comments through your posts’ and pages’ comment forms. Leave us a comment if you have any queries, or have some insights to share.