If there’s one problem that drives me insane on modern websites, it’s the massive prevalence of spam comments. We website owners have to deal with incoming messages ranging from simple fake comments to enlargement pill spam or worse! So how do you stop spam in its tracks?
Before you take extreme action, like turning off comments and customer reviews completely, read on.
It’s still possible today to run a WooCommerce website without being overrun with spam, and I want to show you how.
Step 1. Tweak Your Basic Settings To Help Stop Spam
In your Settings->General settings area, you’ll see a few options regarding registration.
Ensure the “Anyone can register” option is switched off.
Now navigate to the Settings->Discussion settings area; this page is about WordPress’s comment and moderation system. This stuff affects your WooCommerce store too.
I recommend unchecking the “Allow link notifications from other blogs (pingbacks and trackbacks) on new articles” setting, which should stop many pingback spams.
If you’re having trouble with people spam commenting on older posts, you can enable the “Automatically close comments on articles older than XX days” setting. Set it to something like 30 days to minimize missed comments.
Finally, ensure the “Comment author must have a previously approved comment” setting is enabled.
Step 2. Install Akismet Plugin
This first plugin integrates with a hosted spam filtering service made by the folks at Automattic (the commercial company behind WordPress.com).
It filters your incoming comment messages for spam content. It can automatically file the worst stuff away into your spam folder so that it never even touches your comment moderation queue.
You can also register for free at Akismet.com to get your API key. Basic accounts are free.
Once installed and activated, ensure you adjust your Strictness setting to “Silently discard the worst and most pervasive spam, so I never see it.”
Step 3. Install Anti-Spam Plugin
The Anti-Spam plugin by webvitalii is a great little plugin that uses the “honeypot” technique to block non-legitimate submissions on your comment forms.
There are no settings to configure. It just works.
When a spammer submits comments to your website, they aren’t filling in the form themselves. They use an HTTP POST to programmatically submit the comment form without visiting the page.
When the Anti-spam plugin is active, it includes a little hidden field in the comment form, and if that field isn’t present when the comment form data comes through to your website, the comment is denied immediately.
This way, legitimate visitors can always leave a comment while spam bots are locked out for good!
Step 4. Install Honeypot Spam Protection On Other Forms
Finally, the last piece of the puzzle is to add “honeypot” spam protection to your store’s other web forms. Most commonly, these will be contact forms, lead capture forms, and registration forms.
Our WooCommerce Wholesale Lead Capture plugin includes this honeypot form protection out of the box, so if you’re using our plugin for your wholesale lead capture/registration process, you are already protected.
We also have the option to use Google’s Recaptcha service, which lets users tick a box, but it pretty much eliminates spambots in the process.
WPForms is a standard form creation plugin used in WordPress. This plugin already includes a honeypot feature, and you can also enable Google Recaptcha.
Formidable Forms is another common form plugin used in WordPress. They have the same sophisticated anti-spam measures as our Lead Capture plugin and WPForms. It’s a good choice if you also have other more advanced form needs on your site.
Conclusion
Fighting spam has become something of a hobby for me. This setup is the best I’ve used to kill off 99% of my incoming spam messages.
But I’m always keen to hear what works for other people!
Do you have a tried and true method for fighting spam on your site? Maybe a secret plugin or some other method you’re using? Tell us about it in the comments.
If you Ensure the “Anyone can register” option is switched off. how do people register for your store?
Hey John,
The “Anyone can register” option only affects the admin side form registration, not WooCommerce registration forms. These are handled by the WooCommerce plugin.
Hope this helps!
-Josh
There are themes which handle this differently. Some themes have tied this functionality together. So then “Anyone can register” will actually turn off the registration capacity of Woocommerce as well, or at least the visible aspect of it, like an account icon on the website.
Though not necessarily the one for form spam, the Clean Talk plugin does a pretty good job of dealing with day to day stuff. I’ve used it successfully on a lot of sites
Great tip Richard!~