How To Spot a WordPress Spam Comment

Back to Blog

At Computer Courage, we create  WordPress websites for customers every day. We have already shown you our Top 10 Reasons to Use WordPress, and showed you how many popular sites use WordPress. Today, I want to address a common annoyance for new WordPress site owners, and talk about how to manage it.

WordPress allows for comments on pages or posts. You can disable all comments, moderate them, or restrict them to your registered users. Most site owners want to encourage some public participation on their webiste and thus enable comments (including us). The downside of this is that some hackers and SEO consultants may try to take advantage of your commenting system by spamming it.

When a user comments on a blog article, they are usually asked to input their email address, name, website, and a comment. Because they are allowed to mention their website, some businesses see this as an opportunity to get free links to their site. In theory, this could be OK if the comment and site were relevant to my article. For instance I might allow a comment on this article that links to a site giving out WordPress tips. However, it’s all too common for spammers to try to take advantage of this by putting up generic, pleasant responses to try to earn a link to a non-relevant, spammy, or even dangerous website.

Below is an example of what a WordPress site administrator sees when a comment is made (usually by email notification). The comment below is a real example of a comment of my blog which looks perfectly innocent, but is not.

Author : Exmar Xxxxxx (IP:
E-mail :
Comment: Surprisingly beneficial appreciate it, I believe your current readers might want a good deal more content like this carry on the great effort.

Note: I have modified the name, IP, email, and URL by adding in those xxxxx’s in order to protect you and avoid any trouble with the original spammer.

Now, what we have at first might appear to be a nice complimentary comment. It says “Surprisingly beneficial”, it comments my effort, and it mentions my reader community. Sounds like someone liked my article?


On closer look, this is a spam comment. The user never actually said anything about the article (which was about spyware), it just used generic niceties. That was my first tip-off. Also, it links to a weird looking site, which I investigated and which turned out to be a pretty spammy site. It’s safe to assume that this is spam. It was made by a script that looks for WordPress blogs and puts fake comments up in an attempt to sneak in links to a website.

The proper action here to is to mark the comment as spam. If you are a blog owner and you are getting a lot of these, you’ll want to enable the Akismet WordPress comment filter, but even then many comments get through. Akismet catches the obvious Viagra/Rolex stuff but not the sneaky comments like this. Each time you mark a comment as spam, your help improve the spam filter.

If you want help with this, just contact us for a free website consultation.

Computer Courage will be closed on May 29th for Memorial Day