Getting a lot of spam comments on your WordPress site?
This beginner guide will show you a simple way to stop most WordPress spam comments without using any plugins.

How to Stop WordPress Spam Comments without Plugins

The solution involves adding just a few lines of code to your WordPress functions.php file.

You must create a child theme before making any changes to functions.php file. Otherwise, the applied changes will be lost after each update.
Create child theme in WordPress step by step [without plugin]

As an alternative method, you can use the Code Snippets plugin to insert your codes into WordPress.

/*
 * Stop WordPress Spam Comments by WPCookie
 * https://redpishi.com/wordpress-tutorials/stop-wordpress-spam-comments/
 */	
add_action('pre_comment_on_post', function(){
	if (!is_user_logged_in() ) {
$wpcookie = $_POST['wpcookie'];	
if (empty($wpcookie))
wp_die( __("<b>ERROR:</b> Please don't spam! , go back and reload the page and give it another shot.<p><a href='javascript:history.back()'>« Back</a></p>"));
else if ( $wpcookie != "ok" )
wp_die( __("You wrote your comment too fast, go back and reload the page and give it another shot. <p><a href='javascript:history.back()'>« Back</a></p>"));
	  }
	} 

);

add_filter('comment_form_defaults',function ($submit_field) {		   
		$submit_field["fields"]["author"] = $submit_field["fields"]["author"].
		'<input id="wpcookie" name="wpcookie" type="hidden" value="1"><script>
		setTimeout( () => { document.querySelector("input#wpcookie").value = "ok" } , 5000 )
		</script>';
		
return $submit_field;	
});

To add this code to your own WordPress site:

  1. Log into your WordPress admin dashboard
  2. Go to Appearance > Editor
  3. Open the theme’s functions.php file
  4. Paste the code provided above at the very bottom and save changes

This code does two things:

  1. Requires non-logged in users to wait 20 seconds before submitting a comment. Most spam bots will not wait this long before submitting.
  2. Adds a hidden field to the comment form that must be set to a specific value after the time delay. This is an extra check to ensure the user waited the full time.

How It Works

When a non-logged in visitor loads your comment form, a 20 second timer starts via the JavaScript. Once 20 seconds has elapsed, the hidden wpcookie field is set to “ok”. This signals to WordPress that the required 20 second delay is up.

If a spam bot tries to post a comment before the 20 seconds, the wpcookie field will be missing or incorrect. The pre_comment_on_post hook will catch this and stop the comment from being saved.

The result is reduced spam comments from automated bots while still allowing real visitors to comment easily!

And that’s it! The code will now run on the front-end to stop WordPress comment spam. Monitor your site over the next few days to see if spam comments decrease.

Advantages of using this method

The best part of this solution is that it doesn’t require installing another plugin. Plugins are prone to conflicts and bugs, so keeping your installed plugins to a minimum is smart.

For even better protection, there are several other easy tweaks you can make in addition to this one. But this 20 second delay tactic covers a bulk of automated spam comments for most sites.

Give it a try and take back control of your WordPress comments section!

If this article is difficult for you to read in text, you can watch the video version below.

Are there any negative impacts on SEO if I disable comments on my WordPress website?

Disabling comments on your WordPress website should not have a direct negative impact on SEO. Search engines like Google primarily focus on the quality and relevance of your content. However, comments can sometimes contribute to user engagement and provide additional context or information, which can be beneficial for SEO. If you decide to disable comments, make sure to provide other ways for users to engage with your content, such as social media sharing buttons or a contact form.

Can I use a third-party comment system like Disqus or Facebook Comments to prevent spam?

Yes, you can use third-party comment systems like Disqus or Facebook Comments as an alternative to the native WordPress comments system. These platforms often have built-in spam protection mechanisms, which can help reduce the amount of spam on your website. However, keep in mind that using a third-party system might have implications for data privacy and user experience, so consider the pros and cons before integrating one into your website.

How can I prevent spam in other areas of my website, such as contact forms or user registration?

To prevent spam in other areas of your WordPress website, you can follow these tips:
-Use a reputable contact form plugin like Contact Form 7 or WPForms, which have built-in spam protection features, such as honeypot fields and CAPTCHA.
-Implement Google reCAPTCHA v2 or v3 on your contact forms, registration pages, and any other forms that may be targeted by spambots.
-Use plugins like WPBruiser or Stop Spammers to protect your website from spam registrations and brute force attacks.
-Regularly update your WordPress core, themes, and plugins to ensure that any security vulnerabilities are patched promptly.
-Limit the number of login attempts and enforce strong passwords for all users to minimize the risk of unauthorized access.

By taking these precautions, you can effectively reduce the amount of spam in other areas of your WordPress website.

Share this post
Maya
Maya

Hi, my name is Maya and I’m a WordPress plugin developer. I created this website to share some of the helpful codes that I’ve used in my own projects.
If you’re looking for a custom plugin for your website, you can contact me by clicking on Hire a developer in the menu. I’d love to hear from you.

Articles: 53

Leave a Reply

Your email address will not be published. Required fields are marked *