Literally every person on the planet hates spam comments on their blog and in their product reviews, and that is a gosh darn true fact. I think, probably. Spam comments are inevitable on any website; scammers are trying to trick you, bots are trying to suss you out, old-school-terrible-bad-practice SEO engines are trying to seed links to their own websites, and thousands of peeps in Russian ‘Troll’ Factories are making us all miserable.
Managing spam comments is tedious and frustrating, so it’s good to try every built-in WordPress option before asking people to spot traffic lights and store fronts in a new Captcha. Thankfully, WordPress allows us to block all comments containing specific language, so here’s the words we ban from our WordPress website to stop spam comments.
Why it’s important to manage spam comments on your WordPress website
Once spammers and spambots realise your website accepts spam comments, you’ll only get more and more spam. Like a rolling stone that gathers no moss, but does gather a fluff-tonne on advertisements for adult websites and pharmaceuticals, once you gain that momentum – the problem only gets worse.
It’s super important to mark all spam comments as ‘spam’ (not to delete or bin them) as soon as you spot them. Personally, I dip into websites we manage about once a week for some spring cleaning. I’ve seen websites with 16,000+ spam comments, and there’s no season long enough to deal with all that pish.
Spam comments are rarely dangerous to your website
Comment spam is far more annoying than it is dangerous. The spam is designed to get attention and backlinks (links to other websites from yours), two things that although very personally frustrating, will not cause your site to break or be ‘hacked’.
A symptom of an extreme spam infection, like the 16,000-comment website I mentioned, is a slugglishly slow website. We’ve managed small business websites before that were significantly impaired because too much computing power was needed to manage the spam visits and the comments they were leaving.
If you’re getting a lot of spam comments on your blog posts, or heaps of gibberish product reviews – don’t panic. Just mark them as spam, and then check your discussion settings to check your moderation settings.
How to block specific words from WordPress comments
- Log in to the back end of your WordPress website
- Head to the Dashboard
- Go to Settings
- Go to Discussion
- Find the text area field: Comment Blacklist
- Add your naughty language with one word per line
All the words we block from WordPress comments
I’ve put together these lists of blocked language and terms based on comments left on our website, and those of our clients. Adding these lists causes a massive drop in spam – but it is never gone forever.
A novel example I thought was pretty cool is the recent addition of “chloroquine” and “hydroxychloroquine” spam comments. These drugs are being explored as tools in the fight against the current coronavirus/COVID-19 pandemic, and so spammers are keen to turn our websites into online ads for the newly popular medicines.
It’s also important to bear in mind that the language I block from our comments, might be normal for your website. I can’t think of any reason why my audience would discuss Prozac in the comment section, but if you blog about clinical depression – it could come up, so you might not want to block that term.
Pharmaceuticals, medicine & health
By far the most common and varied source of spam across all of our websites. These spam comments are looking to generate sales of prescription drugs, or to scam usually desperate people who are looking to save money on the medicine they need to stay healthy.
Imma take a second here to say I really, truly love the NHS.
Anyway, this list changes the most often, and I will attempt to keep coming back and topping up terms if/when more arise.
Adult & relationships
Please be warned that this list for a small business website is very NSFW!
Finance and get rich quick
world wide web
Common short Russian words
My blog is in UK English, minus the numerous spelling and grammatical errors, and absurd colloquialisms to give the impression that I’m still young and very cool. There is absolutely no reason why a genuine reader of my blog would leave a comment in Russian – and yet I went through a phase of serious Russian comment spam last year.
I copied and pasted a few of the comments into a document, and worked out the most common short words that would hopefully shield me from more spam.
Babies, concerts, and praise
There are three more common categories of spam comments and product reviews that I find on our websites, that I haven’t quite worked out how to block (yet). Baby & infant care, concert tickets, and weird generic praise comments.
None of these topics include specific enough language or terms that I feel comfortable blocking, so I just need to mark those bad boys as spam.
“But bbz, why do spammers and bots leave those weird generic praise comments?”
Well bbz, the answer to that question is actually proper interesting (to me, anyway). There are a couple of different reasons why, the first is that although the comment is nice, harmless and link free – the posters name, avatar, email or website are often nefarious spam. After all, most of us care more about hearing praise, than the source of that praise. No? Just me?
The other is like 10x cooler. Most of these praise comments will contain specific typos, or characters from other languages hidden in English words as a sort of signature. Spam bots can then tell which of the websites they’ve attempted to spam is publishing comments, and so they can target them with more spam.
Isn’t that smart/evil?!
It’s also an excellent demonstration of why you should mark all your spam, as spam (and why you shouldn’t auto-publish comments).
Protecting your WordPress website from spam isn’t a one-and-done job
I’d love to say that as soon as you pop these lists in place, you will never get spam again. You defo will. And you might get a lot. It’s important to keep adding terms to your banned list each time you get a flurry of comments.
So do what I do. Look for common terms in your spam that your audience wouldn’t share, and block ’em, bbz.