If there’s one problem that drives me insane on modern websites it’s the huge prevalence of spam comments. We website owners have to deal with incoming messages that range from simple fake comments through to enlargement pill spamvertising or worse! So how do you stop spam in its tracks?
Before you take an extreme action like turn off comments and customer reviews completely, read on.
It’s still possible in this day and age to run a WooCommerce website without being overrun with spam, and I want to show you how.
Step 1. Tweak your basic settings to help stop spam
In your Settings->General settings area, you’ll see a few options regarding registration.
Ensure the “Anyone can register” option is switched off.
Now navigate to the Settings->Discussion settings area, you’ll see this page is all about the comment and moderation system in WordPress. This stuff affects your WooCommerce store too.
I recommend unchecking the “Allow link notifications from other blogs (pingbacks and trackbacks) on new articles” setting which should stop a lot of pingback spam.
If you’re having trouble with people spam commenting on older posts you can enable the “Automatically close comments on articles older than XX days” setting. Set it to something like 30 days to minimize missed comments.
Finally, make sure the “Comment author must have a previously approved comment” setting is enabled.
Step 2. Install Akismet plugin
This first plugin is an integration with a hosted spam filtering service made by the folks at Automattic (the commercial company behind WordPress.com).
It filters your incoming comment messages for spam content and can automatically file the worst stuff away into your spam folder so that it never even touches your comment moderation queue.
You can also register for free at Akismet.com to get your API key. Basic accounts are free.
Once installed and activated, ensure you adjust your Strictness setting to “Silently discard the worst and most pervasive spam so I never see it.”
Step 3. Install Anti-Spam plugin
The Anti-Spam plugin by webvitalii is a great little plugin that uses the “honeypot” technique to block non-legitimate submissions on your comment forms.
There are no settings to configure. It just works.
When a spammer is submitting comments to your website, they aren’t sitting there filling in the form themselves. They use what is called an HTTP POST to programmatically submit the comment form without ever visiting the page.
When the Anti-spam plugin is active it includes a little hidden field in the comment form and if that field isn’t present when the comment form data comes through to your website, the comment is denied straight away.
This way legitimate visitors will always be able to leave a comment, while spam bots are locked out for good.
Step 4. Install Honeypot spam protection on other forms to stop spam
Finally, the last piece of the puzzle is to add “honeypot” spam protection to your store’s other web forms. Most commonly these will be contact forms, lead capture forms, and registration forms.
Our WooCommerce Wholesale Lead Capture plugin includes this honeypot form protection out of the box, so if you’re using our plugin for your wholesale lead capture/registration process then you are already protected.
We also have the option to use Google’s Recaptcha service as well which lets you, users, simply tick a box but it pretty much eliminates spambots in the process.
WPForms is a common form creation plugin used in WordPress. This plugin already includes a honeypot feature and you can also enable Google Recaptcha as well.
Formidable Forms is another common form plugin used in WordPress. They have the same sophisticated anti-spam measures as our Lead Capture plugin and WPForms. It’s a good choice if you have other more advanced form needs as well on your site.
Any Other Suggestions for stopping spam?
Fighting spam has become something of a hobby for me. This setup is by far the best I’ve used to kill off 99% of my incoming spam messages.
But I’m always keen to hear what works for other people!
Do you have a tried and true method for fighting spam on your site? Maybe a secret plugin or some other method you’re using? Tell us about it in the comments.