There is no place for spam comments! As an OCD person I can't tolerate spam comments/emails. In addition, Mo is a speed fanatic, so I have been looking for a spam blocking method that balances the blocking rate and speed. Here are some tips on how to block spam comments on WordPress.
The Dangers of Comment Spam
WordPress spam comments/messages are too much, all marketing ads and external links implanted. Generally occurs in the article comments, the input of the URL url will be automatically inserted into the comment avatar, the name of the inside so as to generate external links. The content of the comment is usually 1-2 sentences of praise: "Thanks to the author for writing such a good article to help us", and so on.
Spam comments are automatically scanned and replied to by bots, and the vast majority of spam comments are blocked by plugins such as Google reCAPTCHA, but there are still some programs that can break CAPTCHAs and get spam every week.
Comments that have nothing to do with the content of the site will affect the normal visitor experience, while reducing the weight of the site affects the SEO effect. If the comments with phishing URL may also cause property damage, virus, etc.. If you set up a new comment or form to automatically send an email reminder, you will receive an email as soon as you have a spam comment, which is very annoying.
How to implement WordPress spam comment blocking?
WordPress spam comments often occur in article comments, form submissions, Woocommerce product reviews. The following according to different content to share the corresponding interception methods.
Let's start with the conclusion:Forms such as Elementor +Woocommerce Product Reviews + Article ReviewsutilizationCloudflare Turnstile Verification CodeThe plugin will do, and the interception effect can go up to 99.91 TP3T.Fluent form comes with Cloudflare Turnstile CAPTCHA feature, no need to install additional plugins. You can also use Cloudflare Turnstile CAPTCHA plugin instead of Fluent form comes with Turnstile function.
Cloudflare Turnstile CAPTCHA plugin is not compatible or mainland websites can not be linked, it is suggested thatutilizationMaspik Plugininterception, by constantly adding and adjusting the blacklist keyword interception effect can go up to 99.5% (use experience), theIf the effect is not enough, you can add it.WP ArmorThe
Install the plugins mentioned in ↑ above first according to your own website.If you want to set up your own commenting system, then follow the tutorial below to set up some basic settings to greatly enhance the blocking effect, for example, enable "Comments must be manually approved" for article comments, so that the spam comments will be shown on the front-end only after manually approved.
Tip: Configure all the interception functions must be strictly tested under each form submission function! If you can not submit the form, errors, please leave a message at the bottom of the article, there will be specialized customer service to answer.
WordPress Post Spam Comment Settings
Article spam comments is a disaster area, and the vast majority of CAPTCHA plug-ins are only effective on the form, the article comments can do nothing. Here Diamo recommend an efficient and simple interception method, we follow the method below on the line, you can intercept 99.99% article spam comments.
Go to Settings > Discussions to prevent spam comments from showing up automatically.
Check all the red boxes below
Woocommerce Spam Review Blocking Settings
A few years ago, a Singaporean foreign trade company found us Diamo to change the WordPress website, one of the requirements is to block the website spam comments. The client said that the website received dozens or hundreds of spam comments every day, and the mailbox was jammed.
The client says the site was hired by a good friend to be done by an Indian, using cracked themes / plugins that have not been updated in many years. There is also no firewall or spam blocker, and the product comment section is a spam zone.
Woocommerce product evaluation should also do spam comment blocking, the setup is relatively simple. If it is a 2B website is not recommended to open the product evaluation function, according to the following figure set off. Modification path: background Woocommerce section > Settings > Products, find the evaluation settings.
If it's a 2C e-commerce site you need to turn on the commenting feature to help increase conversions. Check the box as per the image belowOnly "verified users" can participate in the evaluation.Only customers who have purchased can evaluate and eliminate spam comments from the root.
Form (form) spam blocking settings
Form (Form) is the following picture of this kind of input box to allow customers to submit information / message, often used to make inquiries, message system, the site must be. Form is also a spam disaster area, in accordance with the above method set up after the basic receipt of article spam comments, but the form of spam or leakage of fish.
At present, we mainly use a variety of Captcha to intercept spam messages, the interception rate is good, but still receive bad messages every week. Moreover, these CAPTCHA codes need to be verified online, slowing down form submission and page loading speed, affecting the user experience, and are not recommended.
After multi-site experiments, Di feels that the installation of blacklist keyword interception plug-ins for interception of the best results, the fastest. Different forms have different interception plug-ins and methods, mainly introduced hereFluent Forms ProForms and Elementor Pro form spam blocking methods.
Fluent Forms Pro Spam Blocking Settings
If the page where the form is located does not contain Elementor code, it is recommended to use the Fluent Forms Pro plugin to create inquiry forms, message features, etc. Fluent Forms Pro isfastestThe Forms plugin makes it easy to create forms with dozens of form templates.
If you are currently using a plugin like WP forms to create forms, we recommend switching to Fluent Forms Pro, which is faster and has a higher spam blocking rate. ClickDownload the Fluent Forms Pro plugin and see how to create forms accordingly. 525The
Fluent Forms Pro Benefits:
Speed:Our Diiamo comparisons have includedWP FormsInside several well-known form plugins, Fluent Forms is the fastest, only in the front-end to load the 4 resources in the figure below, a total of 47.3KB, and only in the page with Fluent Forms to add the form code.
If the form is inserted through a shortcode, the resource in the red box below can be disabled site-wide, as it only works if the Fluent Forms form is inserted through the Elementor widget.
In comparison WP Forms forms load 100+ KB of resources on the front-end; Ninja Forms loads 200+ KB; Contact Form7 loads form code on all pages.
Forms storage:Fluent Forms comes with a form storage function, and there will be a prompt in the background for new messages to avoid missing inquiries. Contact Form7 doesn't have form storage function, you need to install extra DB plugin, and the interface is not very friendly.
Powerful:Fluent Forms has many types of form templates and functions , you can do collections , dialog , subscription , surveys , signature functions and so on. Convenient to expand the functionality of the site later . Setup is also simple and recommended.
Spam protection:Fluent Forms honeypot function is more powerful than the same type of plugin, and there is an exclusive field blacklist blocking function, you can individually set each input area to prohibit the input of which keywords, greatly improving the success rate of blocking spam.
Click to viewWPForms VS Fluent FormsClick to viewGravity Forms vs Fluent FormsThe
The unique blacklist keyword blocking feature and powerful honeypot function can effectively block spam/messages. With this form plugin there is no need to install the Maspik spam comment blocker plugin mentioned below, Fluent Forms is highly recommended!
Fluent Forms Pro Message Blacklist Keyword Settings
In the "Settings&Integrations" settings of the corresponding form, find "Form Settings" > "Advanced Form Validation".
The following is the method to set the blacklist keywords of the form, choose the input box type of the form on the left, choose contails in the middle, and enter the blacklist keywords to be blocked on the rightmost side. Please set the keywords according to your own website.
At the beginning of the interception rules should not be set too strict, for fear of injuring normal visitors. Subsequently, according to the content of the spam form and then increase the keyword interception appropriately.
The honeypot feature should also be turned on for MAXIMUM interception! The honeypot is a hidden input box that only bots can see. Once a bot enters content into this hidden box, it will be intercepted. Click on "Global Settings".
Find it in Settings.The
There are 3 kinds of CAPTCHA settings in "Global Settings", you can turn them on as needed. In principle, Xiaodi does not recommend using any Captcha authentication, because it will degrade the customer experience and have a certain impact on the page loading speed.
If the Simple Cloudflare Turnstile plugin is not additionally installed, it is recommended here to enable Fluent Form's Cloudflare'sTurnstileCAPTCHA feature. If the Simple Cloudflare Turnstile plugin is already installed, there is no need to enable the Turnstile CAPTCHA feature here.
Enable method: Click the following figure in numerical order to enter the Turnstile setup page, fill in 2 Keys (first go to Cloudflare to generate), click the blank position, it will be automatically verified and linked to the Turnstile. if the link is successful there will be a prompt, if the link is unsuccessful there will be no prompt, it should be a problem with the Keys to check it out themselves.
Be sure to test the form blocking feature with your browser privacy mode after setting it up. If you use forms like Wp forms, you can search and download other similar keyword blacklist blocking plugins instead of Maspik.
Elementor Pro Form Spam Blocking Settings
If the page where the form is located is built using Elementor (Ele for short), we recommend building the form using Elementor Pro by clicking theDownload Free Elementor ProElementor's forms feature is very nice, easy to use and more powerful.Suggest a new honeypot field in the form to initially block some of the spam.The
Moreover, Elemenotr form submission is fast and it is recommended to install it.Contact Form DB PluginIn the background to save the customer submitted ele form (inquiry) data, there is a new form submitted to the top of the background will be prompted.
How to insert inquiry button and form into product detail page template?
Tip: If the product detail page or something like that is created using a theme (instead of Elementor), many people don't know how to insert Enquiry button and enquiry form. In fact, you can use Hook method to insert them. For details, please go toSuper Practical WordPress Hook Usage, Inserting Inquiry Button, Form, ACF Fields, etc. into PageThe
Excellent plugin recommendations for blocking spam registrations, messages/comments
In addition to the methods mentioned above, plug-ins need to be installed to further enhance the spam blocking function, and it is recommended to install them as needed. Some duplicate functions are recommended to be enabled only in one place.
Cloudflare Turnstile
Bug 1: Elementor form may not work if placed inside Elementor Popup popup, this blocker plugin has been fed back to the author, hope to fix it as soon as possible.
Bug 2: When using this plugin to add validation to Fluent Forms, the validation code appears below the button instead of above, feedback to plugin author. Suggest to use the Turnstile function that comes with Fluent forms instead.
Cloudflare Turnstileis a powerful, lightweight interception tool from Cloudflare that is a perfect alternative to Google reCAPTCHA and more. Totally free, no frustrating puzzle validation, and even an invisible mode. Fast, GDPR-compliant, and cookie-free.
Domestic websites that don't use the Cloudflare CDN will also work! Simply add theTurnstile official websiteJust sign up for an account and spend 2 minutes configuring it.Some domestic servers may link CF speed is poor, CAPTCHA does not show can not be used, must be their own test, can not be used to change the use ofMaspik PluginThe
Install the free Simple Cloudflare Turnstile WordPress Plugin You can add Cloudflare Turnstile feature to your website. It supports the content in the image below and covers a wide range of content. form plugins such as Fluent Forms come with Cloudflare Turnstile, so there is no need to install this plugin additionally.
The following is the application verification code and plugin setup method ↓:
existCloudflare backendClick to go to the Turnstile board
Click "Add Site", select the domain name and mode according to the prompts in the figure below and click "Create". Note: If the domain name does not use Cloudflare CDN, can not be selected, only manually enter. After inputting, a gray box will pop up at the bottom (Add Custom Domain), click on it.
Copy the 2 keys and paste them into the Simple Cloudflare Turnstile settings screen.
Here's the plugin setup, link to Turnstile, interested in checking it out too!Plugin official setup tutorialThe
Fill in the 2 secret keys in order.
Select the scope of the validation application and click "Save Changes". In Elementor Forms, you can choose where the validation code will appear on the form.
After keeping the plug-in settings page will prompt the top of the verification, click on the verification, remember to check the box. After passing the verification, the following picture will be prompted, and the setup is completed.
Through the verification ↓, on behalf of the function is in effect, you can go to the front desk to try.
When viewing the page in browser privacy mode, validation appears at the bottom of the form and the submit button is unavailable (you need to enable the appropriate feature), the CAPTCHA function works correctly.
After clicking on the verification box, it prompts to pass the verification ↓, which is very convenient.
Article comments ↓
Backend Login Box↓
Note: If you use Perfmatters or other plug-ins to disable or delay JS loading, it may not lead to CAPTCHA can not work properly, you need to exclude the corresponding resources. Configuration must test the inquiry function, such as anomalies and can not be processed, delete the plug-in to use Maspik.
WP Armor - Honeypot Antispam
WP ArmorCombines the use of JS (which spambots can't use) and unique hidden fields to block spam, and works much better than the honeypot feature that comes with the form. Very lightweight, doesn't make any external calls and is GDPR compliant. If you have a form plugin or something that already has honeypot functionality, you don't need to install this plugin.
The free version is suitable for protecting the content below ↓ and they have a premium version if you need extra protection. The plugin is updated regularly and the developers are very active in the support forum.
Maspik Forms Blacklist Keyword Blocking Tool
MaspikIt is message content blacklist keyword/email interception plugin, after setting blacklist keyword/email, when the corresponding keyword/email appears in the message, it will be intercepted. Local validation, front-end does not add code, so it is fast and effective.
The free version applies to the content in the image below, Fluent Forms comes with this feature without additional installation.Maspik supports the following forms/content, the name followed by a * means that you need the Pro version to support it.
- Elementor forms
- Contact Form 7
- NinjaForms
- Formidable forms
- Forminator forms
- Fluentforms
- Bricksbuilder forms
- WPForms*
- GravityForms*
- WordPress comments
- WordPress registration form
- WooCommerce registration form*
- WooCommerce review*
Here's a tutorial we wrote ourselves, or you can go to theMaspik official websiteSee more tutorials.
1- Download and installMaspik PluginAfter that, click on the panel below to enter the plugin Options settings screen.
The top of the page will remind you where this plugin's blocking will take effect
All 3 functions above are turned on↑.
General Settings.
Follow the picture to enable the function. In "IP Blocking", enter the IPs you want to block, one line at a time. The "Default validation error message" is the message that will be shown when the form is blocked, change it as needed. Lastlypoint (in space or time)"SAVE"button to save.
Honeypot Trap:Add the honeypot field.
Elementor Bot detector:We prevent bots from automatically sending spam to Elementor forms, and most of them successfully capture about 30% of spam!
Here is a tutorial on adding keywords and an explanation of the corresponding roles.
Note: Keywords will be blocked as long as they appear, even if the word contains the keyword. For example, if you enter the keyword "seo", the word "seoul" will also be intercepted, so please choose your keywords carefully.
Tip: Use this plug-in will also receive some spam, you need to constantly put the spam message in the special words (such as company names, names, marketing words, special vocabulary, etc.) or user name, IP address, etc. added to the appropriate settings box for interception. With the continuous adjustment of the late basically no spam messages.
Text Fields setting:
The "Text Fields" in the following figure corresponds to the Name field of the form, enter the blacklisted keywords to be blocked, one line at a time, and tap"SAVE"Button Save. If you enter the appropriate keyword in the Name field of the form after you have entered it, it will be blocked.
Email Fields settings:
The "Email Fields" in the following figure corresponds to the Email field of the form, enter the blacklisted keywords you want to block, one line at a time, and tap"SAVE"button to save. After entering, if the form'sEmailfields are blocked by entering the appropriate keywords.
Textarea Fields Setting.
The "Textarea Fields" in the following figure corresponds to the Message/Texarea field of the form, enter the blacklisted keywords you want to block, one line at a time, and then tap"SAVE"Button Save. If you enter the corresponding keyword in the Message/Texarea field of the form after you have entered it, it will be blocked.
"Limit Links" is to limit the insertion of URLs, enter the number 0, on behalf of prohibiting the insertion of URLs, enter 1 on behalf of allowing the insertion of up to one URL, and so on.
Here's a selection of keywords that we feel should be blocked, just as an indication
httpwwwEric JonesEmma Millerranksoftwarefixed monthly.ly.aiInstagram growthmonthly feewith graphic designAI systemmathewblochtinyurlmonthly feefixed monthlyFeedback Formin spamData Entrytinyurl5 starwhat you needFiverrtargeted CustomerswebmasterSimilar hereplace your business.biz1st pagefinancing solutionsinterest rateyour customersweb development
Full Selection Codemake a copy of
Keywords do not set too strict, for fear of mistakenly intercepting normal messages. Be sure to comment and test it after setting! If you still receive spam, fill in the special keywords in the message into the "Text area field" to intercept.
Whitelist Phone Fields formts setup.
Only the following phone formats are allowed to be entered, leave it blank to disable this option, for details click on "HERE" in the image below. This is a whitelist mode, if the phone format entered is not the set format, it will be rejected.
More Options setting:
Below 2 functions open, the first one is verified on the site'sstay somewhere temporarilyhours, and the second is the user's JavaScript function to determine if it is a robot.
Below is IP Intercept, enter the IP address that Yan intercepts, one line at a time.
In the following figure, you can choose which forms are supported to block spam messages, and the default is fine.ultimatepoint (in space or time)"SAVE"button to save.
The following figure sets up a prompt when submitting spam messages to be blocked, and the maximum number of spam messages recorded in the background.
The end of this setup, you can go to the front end to leave a comment to test the effect of WordPress spam comment blocking.You can test it on the right side of the settings page (↓ in the panel below), enter the blocking keyword in the corresponding field, and tap "CHECK".
If intercepted, there will be an alert ↓
No interception. Successful submission.
View WordPress spam comment blocking history:
After enabling the Spam Log feature above, the corresponding board will appear in the background ↓. Click to view the successfully blocked spam messages.Enable Maspik after the proposed pre-point view of the intercepted form ↓, see if there is no wrong interception, appropriate adjustment of the interception of keywords.
The list will show the reason for the block, the IP address of the submitter, and other information.
Click to expand the message details ↓, you can determine whether it is mistakenly intercepted. If you are sure that the message is spam, you can add the appropriate keywords to the plug-in settings, for example, you can add the following mailbox to Email Fields settings.
acceptableincreaseIn the email below, add "your domain" to Text Fields, normal customers will not use the word "your domain" in their messages. You can also add the ip address to the General settings.