Dealing with WordPress Spam

a ninja dealing with WordPress Spam

The first thing to say about WordPress spam is that you’re not going to beat it.  You can only deal with it.

I’m not going to dwell on why spam exists.  When you see how rubbish the comment and from spam submissions are you can’t help wonder what possible benefits people get from it.  But they do and on a massive scale.

The more important question for anyone managing a WordPress site is what are the different types of spam and how can you deal with it.

What is Spam

Spam is any unwanted content generated either manually by visitors or automatically by bots.

Spam can be unwanted user registrations, contact forms, comments or any of the many other ways that visitors can interact with your site.  At its worst Spam can contain malware that could damage your website or your visitor’s browsers.  Aside from being highly annoying and, time-consuming unchecked Spam can cause reputational problems with search engines.

In its various forms, WordPress apparently powers about 25% of the internet. That’s the main reason why WordPress sites are targeted, not because of any inherent weakness in the platform. 

What can you do about WordPress Spam

You could start by searching the WordPress plugin repository for anti-spam plugins: There are hundreds.  There are also a number of curated lists. So there is little point in creating another one here.

Firstly, be realistic.  Spam is part of managing a site, and no system is 100% good at blocking all Spam without occasionally blocking legitimate visitors.  Also, if your site is carrying out a commercial activity then be prepared to pay.

WordPress is bundled with Akismet, which is free for personal use but should be paid for when installing on a commercial site.  Personally, I feel that Akismet is too expensive to manage on multiple sites.

The best free anti-spam plugin for WordPress used to be WP Spamshield.  However, this is no longer available directly from the WordPress repository and can now only be purchased as part of the Envato Marketplace.

To be effective, a good anti-spam solution should be able to block comments, form submissions (form all the major form providers) and user registrations. Additionally, the ability to block referral Spam is desirable.  Overuse of captchas or questions is less desirable.

CleanTalk Anti Spam and Firewall

With the WP Spamshield plugin removed from the WordPress repository, it was necessary for us to look into solutions that are cost-effect to manage multiple websites.  Imagine having to check for spam comments on 50+ websites manually.

cleantalk hompage screenshot

So what follows is a description of the Cleantalk Spam solution and why we now use it.

The Cleantalk system is not limited to WordPress. It is available across a full range of CMS’s and even manually built sites.  They offer an app for IOS and Andriod.

When a user tries to submit a form or registration their details are checked against a cloud-based real-time database of known and active spammers.  Using a mixture of IP and submitted user information Cleantalk claim that they can quickly spot new bots and block them across the entire network.

Of course not every spammer is caught, so you can manually report any errant submissions, benefiting the wider network, but also earning a license renewal extension.

The service is plugin based.  As an agency, we set up a dashboard giving an easy overview of all managed websites along with recently approved and blocked submissions.  The system supports the main form providers, for example, Gravity forms and Contact 7; with new ones being constantly added.

Comment Spam and Firewall

CleanTalk block spam bots before they hit your website, saving you bandwidth and resources.  And saving time sifting through Analytics filtering out referral spam.

The CleanTalk website lists all the main features but for a quick run down:

  • Compatibility with most Caching plugins
  • Works with native WordPress and JetPack comments
  • Blocks spam registrations
  • Works with Woocommerce as standard
  • Works with signup forms e.g. Mailchimp

Installing CleanTalk for WordPress

Installation is as easy as this:

  • Create an account on
  • Add your website to the account dashboard
  • Go to your site and install the CleanTalk plugin
  • From the plugin settings page allow the plugin to make an automatic claim for verification.

And that’s it.

CleanTalk Pricing

There is a free trial, but CleanTalk is not free.  The service is priced on a sliding scale based on the number of sites added.  The more websites you manage, the cheaper they are per site.

The basic price covers pretty much everything and compares well with other services, both in terms of how well it blocks spam and value for money.

There is an additional package, which provides a couple of very useful additional features:

  • The option to block specific words or word combinations.
  • The option to create a custom message for blocked messages: gives any accidentally blocked genuine visitors a way to get in touch.
  • Logs retained for 45 days instead of 7

These extra services are essential for busy commercial sites that suffer from a lot of Spam and want to avoid captures.

Is CleanTalk Worth the Money?

Since we started using CleanTalk on client sites we’ve seen a dramatic drop in Spam referral traffic, which is a significant time saver.

Paying for the additional service to block specific words is also worth the extra money.

This article is not intended as a full review of CleanTalk or a comprehensive comparison of the different solutions.  In my view, CleanTalk efficiently manages comment and contact-form Spam without the need to resort to Captures.  As such CleanTalk is worth considering for individual sites or maintaining multiple websites.