… so can the bad guys! And, some of the bad guys will try to load your site with Comment Spam.
You have comments on your new website!!! Oh, but those comments are spam. But, what about this one? It seems very complimentary, but …
Spammers will find you in the same way that the viewers you want will find you … they will do a search of the web. First, they are looking for WordPress installs in general. Then they are looking for websites where the site owner/developer has not taken steps to secure the WordPress comment function. This is not something you can stop. It’s just a matter of making your site unattractive to the comment spammers.
One sure sign that a comment is spam is that it contains a link. These comments don’t come from readers, they come from spam comment software. When I set up my new WordPress site, I had 13 new comments in a couple of weeks. These were tests from the spammers to see if my site would show their comments. I have comments on moderate, so they didn’t show, and this round of attempts have stopped.
do you want comments on your site?
WordPress started as blogging software. Blogs were one of the first type of social media in that it turned your website into a two way conversation. So, the WordPress core functionality includes comments. As WordPress evolved into more of a content management system (CMS) than a pure blogging system, site owners wanted to choose not to have comments. The WordPress authors responded with a page of settings for Comments in Settings -> Discussion.
While you can turn off the Comment form on your posts and pages, spammers can still get into the core functionality. If you leave comments on, you can set the Comments to be moderated. That is, they won’t show on the page, unless you check them.
Fighting Comment Spam
If your site is a WordPress site, a plugin called Akismet comes with your initial install. The job of Akismet is to help keep comment spam cleared out so you don’t have to spend time doing that task. I have seen sites where the comment spam was allowed to continue so long there were thousands of spam comments. That is not healthy for your website.
Akismet is a plugin that attaches your website to their web service. That means that it instead of running inside your website, it’s running on their servers. When a comment is filled out on your site, the Akismet plugin sends it through the Akismet servers to be compared to their database of known spam patterns. You can also mark a comment as spam. Then their system will note the patterns in that email and add them to their database.
Akismet is not a free plugin. They have quite an expense maintaining and updating their database. If your site only receives a few comments each month, you may want to wait until it becomes a chore to keep the comment spam cleaned out.
If you click to activate Akismet, it looks like it’s working, but if you read the text, you will find out that it’s not working unless you get an API key that hooks the Akismet plugin into their online system. Getting an API key means that you will have an account in the Akismet system because you will have to renew it every year. Then you will not have to set up a new key every year.
Akismet was written by an independent plugin author, but the same organization that bought WordPress from its authors, also bought Akismet. That is why Akismet comes already installed with WordPress.
- Click the link to Activate Akismet.
- If your site has always been a WordPress site, it is possible that your organization previously had an Akismet key, which means that there is an Akismet account in place.
But, you may not have access information for that account. - Because Akismet is tied to WordPress.com, you log into your Akismet account by logging into your WordPress.com account, which is separate from a WordPress.org account. If you don’t have a WordPress.com account, you can create one.
- There is a price for Akismet of $60.00/yr. To decide whether the $60/yr is worthwhile for you, compare $60 to the amount of time it will take to delete comment spam.
- Once your payment is processed, the Akismet site will communicate with your site and activate the plugin. (This is a change from the old method where you had to copy and paste an activation key.)
Alternatives to Akismet
There are alternatives to Akismet for blocking comment spam. One of the problems with evaluating these alternatives is that they are listed as “spam prevention” without being specific as to what type of spam is being blocked. Once a client asked me why he was still getting spam in his email after he had signed up for Akismet. Akismet only takes care of comment spam, not form spam, not email spam!