Getting a lot of spam comments on your WordPress site?
This beginner guide will show you a simple way to stop most WordPress spam comments without using any plugins.

How to Stop WordPress Spam Comments without Plugins

The solution involves adding just a few lines of code to your WordPress functions.php file.

You must create a child theme before making any changes to functions.php file. Otherwise, the applied changes will be lost after each update.
Create child theme in WordPress step by step [without plugin]

As an alternative method, you can use the Code Snippets plugin to insert your codes into WordPress.

/*
 * Stop WordPress Spam Comments by WPCookie
 * https://redpishi.com/wordpress-tutorials/stop-wordpress-spam-comments/
 */	
add_action('pre_comment_on_post', function(){
	if (!is_user_logged_in() ) {
$wpcookie = $_POST['wpcookie'];	
if (empty($wpcookie))
wp_die( __("<b>ERROR:</b> Please don't spam! , go back and reload the page and give it another shot.<p><a href='javascript:history.back()'>« Back</a></p>"));
else if ( $wpcookie != "ok" )
wp_die( __("You wrote your comment too fast, go back and reload the page and give it another shot. <p><a href='javascript:history.back()'>« Back</a></p>"));
	  }
	} 

);

add_filter('comment_form_defaults',function ($submit_field) {		   
		$submit_field["fields"]["author"] = $submit_field["fields"]["author"].
		'<input id="wpcookie" name="wpcookie" type="hidden" value="1"><script>
		setTimeout( () => { document.querySelector("input#wpcookie").value = "ok" } , 5000 )
		</script>';
		
return $submit_field;	
});

To add this code to your own WordPress site:

  1. Log into your WordPress admin dashboard
  2. Go to Appearance > Editor
  3. Open the theme’s functions.php file
  4. Paste the code provided above at the very bottom and save changes

This code does two things:

  1. Requires non-logged in users to wait 20 seconds before submitting a comment. Most spam bots will not wait this long before submitting.
  2. Adds a hidden field to the comment form that must be set to a specific value after the time delay. This is an extra check to ensure the user waited the full time.

How It Works

When a non-logged in visitor loads your comment form, a 20 second timer starts via the JavaScript. Once 20 seconds has elapsed, the hidden wpcookie field is set to “ok”. This signals to WordPress that the required 20 second delay is up.

If a spam bot tries to post a comment before the 20 seconds, the wpcookie field will be missing or incorrect. The pre_comment_on_post hook will catch this and stop the comment from being saved.

The result is reduced spam comments from automated bots while still allowing real visitors to comment easily!

And that’s it! The code will now run on the front-end to stop WordPress comment spam. Monitor your site over the next few days to see if spam comments decrease.

Advantages of using this method

The best part of this solution is that it doesn’t require installing another plugin. Plugins are prone to conflicts and bugs, so keeping your installed plugins to a minimum is smart.

For even better protection, there are several other easy tweaks you can make in addition to this one. But this 20 second delay tactic covers a bulk of automated spam comments for most sites.

Give it a try and take back control of your WordPress comments section!

If this article is difficult for you to read in text, you can watch the video version below.

Share this post
Maya
Maya

Hi, my name is Maya and I’m a WordPress plugin developer. I created this website to share some of the helpful codes that I’ve used in my own projects.
If you’re looking for a custom plugin for your website, you can contact me by clicking on Hire a developer in the menu. I’d love to hear from you.

Articles: 50

Leave a Reply

Your email address will not be published. Required fields are marked *