Now Forget about Spam Comment in WordPress 😎

by

Download: Forget Spam Comment Plugin

Follow us on Telegram

This is a free anti-spam plugin exclusively for the default commenting system of WordPress.

How does it works

Alternatively, for advanced user below is the manual method

The default commenting system of WordPress has two major problems.

  1. Attracting spam comments.
  2. Not sending follow-up email to the comment author (Will discuss in a while).

Let’s talk about its solutions.

Preventing Spam Comments

Instead of directly allowing anyone to make POST request at /wp-comments-post.php we can add some logic to prevent spam comments by 100%.

Step 1. Restrict Comment POST request Path over Query Parameter

I am going to share three ways, use one method.

Apache

  • Yoast > Go to Tools > File Editor
  • RankMath > Go to General Settings > Edit .htaccess
  • FTP/SSH > Check /var/www/html
# If Query string doesn't matches return 404
<IfModule mod_rewrite.c>
	RewriteEngine On
        RewriteCond %{REQUEST_URI} .wp-comments-post\.php
        # You may change 45jpfAY9RcNeFP to something else
        RewriteCond %{QUERY_STRING} !^45jpfAY9RcNeFP
	RewriteRule (.*) - [R=404,L]
</IfModule>

If you’re on LiteSpeed, it also support .htaccess file. You must restart after implementation.

NGINX

location = /wp-comments-post.php {

 if ($query_string !~ "45jpfAY9RcNeFP") {
     return 404;
  }
}

Cloudflare

prevent spam comments
  • Login to Cloudflare Dashboard
  • Go to Firewall > Firewall Rules
  • Create a new firewall rule with below expression
FieldOperatorValue
URIcontainswp-comments-post.phpAnd
URL Query Stringdoes not equal45jpfAY9RcNeFP
  • Choose Action: Block

At the end, you will see expression

(http.request.uri contains "wp-comments-post.php" and http.request.uri.query ne "45jpfAY9RcNeFP")

Step 2. Correct the Comment POST URL on Scroll event

  • Add below function using Code Snippets plugin or theme functions.php
  • Make sure to use correct domain and form ID.
function correct_comment_url_on_scroll() {
// Check if Comment is enabled
if(comments_open()) echo '<script>
let commentForm = document.querySelector("#commentform, #ast-commentform, #ht-commentform");

// Load new comment path on the scroll event
document.onscroll = function () {
    commentForm.action = "https://www.example.com/wp-comments-post.php?45jpfAY9RcNeFP";
};
</script>';
}
add_action('wp_footer', 'correct_comment_url_on_scroll', 99);

Alternatively, if you’re a GeneratePress Premium theme User you can add above JS part directly using Elements module. 

<script>
let commentForm = document.querySelector("#commentform");

commentForm.action = "https://www.example.com/wp-comments-post.php";
// Load new comment path on the scroll event
document.onscroll = function () {
    commentForm.action = "https://www.example.com/wp-comments-post.php?45jpfAY9RcNeFP";
};
</script>
  • Add a new hook
  • New Hook Title: Change Comment URL on the Fly
  • Hook: WP Footer
  • Priority: 99
  • Location: Posts – All posts
  • Publish

How to check if it is working?

  • Generally WordPress return 405 response for GET request at /wp-comments-post.php
  • But after above setup, you should see Access Denied.
  • And, the URL should only load in the presence of special Query String 45jpfAY9RcNeFP that we added for preventing spam comments. You may change this query string to something else in all above configuration.
  • The source code will typically show wp-comments-post.php path but if you inspect element after scroll you will notice a query string added.

Result #1: No Spam

no spam

Result #2: Spammers getting blocked

log

Bonus tip to make default Comment System even better

  • By default WordPress commenting system doesn’t send follow-up e-mail to the Comment Author. To fix this issue, you can use Comment Reply Email Notification plugin by Arno Welzel.

If you like this information, please pass to your friends. 🙏

Gulshan Kumar

Author

Gulshan Kumar

Managing Server, Optimization and Security.
Availability: Mon-Fri (10:00 AM to 04:00 PM IST)

Email Portfolio Services

Leave a Comment

22 thoughts on “Now Forget about Spam Comment in WordPress 😎”

  1. good

    ♥ thx a trick.

    I choose waf+function.php it worked.

    now I deleted lazyComment & Akismet. XD

    Reply
  2. David

    When I install the plugin and activate it, I can’t comment myself. It says Spam Deleted. I wonder if there is a need to set up more features like above, or is it enough to just install the plugin?

    Reply
  3. Mark

    Thank you so much Sir Gulshan Kumar! I really appreciate your guide, and this has saved me tons of headache. Implemented via Cloudflare WAF plus Generatepress Elements Module.

    Reply
    • Gulshan Kumar

      Glad to hear. Thank you!

      Reply
  4. Ayam

    By the way, how do you know if legit users won’t get blocked? Before this, I’ve been using a CF firewall rules that will blocks or challenge anyone who visit wp-comments-post.php but actually by doing so, legit users also got blocked. How this one different? Is it because of the string “45jpfAY9RcNeFP” that will differentiate which request is from bot and which request is from legit users? If legit users, they should’ve the string, if it’s spam, they don’t have that string. Am I understand it correctly?

    Reply
    • Gulshan Kumar

      You need to implement exactly as per instructions to prevent users from blocking.

      Reply
  5. Ayam

    Does this plugin / method will stop website from having spam comments once and for all or do we still receive it but it’s automatically filtered from the real comments (like Akismet)?

    Reply
    • Gulshan Kumar

      There is no filter. It just stops spam.

      Reply
      • Ayam

        That is so cool! Will try it. Thank youuuuuuuuuuuuuu

        Reply
        • Gulshan Kumar

          You’re welcome!

          Reply
  6. Pruthvi

    The best plugin to filter the spam.

    Reply
  7. Richie

    Hi Gulshan.

    I just wanted to let you know that I’ve been using your plugin for a few weeks now and it is brilliant. Genuine comments still get through but all of the spam, and I mean ALL of it, is filtered out. Excellent job!

    Well done and thank you so much for sharing it for free so that hobby bloggers like me can make use of it.

    Reply
  8. WPCermat

    thank you very useful

    Reply
  9. Jedi82

    Hy! I just installed your plugin but Google Console show me tons of errors:

    https://prnt.sc/wnhkbd

    How can I solve this? Thanks!!

    Reply
    • Gulshan Kumar

      Hi,
      I am also using plugin at this blog. It works perfectly fine here.
      If you want to me look into this issue, please provide your actual site URL where I can see live.
      Thanks!

      Reply
  10. Roman

    Brilliant! Thank you so much!

    Reply
  11. Mohamed

    I have question
    Where can I get value code like 45jpfAY9RcNeFP

    Reply
    • Gulshan Kumar

      You can use MD5 generator or write any random text. I’d recommend using plugin for set and forget experience.

      Reply
  12. deepak

    Good plugins for stopping spam.

    Reply
  13. Raviraj

    I have use this plugin earlier. It is working perfectly.

    Reply
  14. Huzaifa Dhapai

    Wow! This is great. Thanks a lot. Gonna give a try to this trick.

    Reply
    • Gulshan Kumar

      Glad, this is not a spam comment. Just kidding!
      Thanks Huzaifa!😊

      Reply