It has been claimed that over 90% of blog comments are spam, so it is a major problem. But the best response is not to switch comments off, because that denies you the chance of all the extra content which others could be writing for you. Particularly for some mainstream blogs, interactivity is part of their appeal.
WordPress does have built-in spam protection, but not near enough to outsmart the pro spammers. Fortunately there are three popular comment-spam blocker plugins which will do the job. They can be used separately or in combination, and there are other measures you can take.
- Akismet is currently bundled with WordPress. It is an off-site service, storing profiles of spam attempts and checking whether comments posted to your blog match any of these profiles. It works extremely well, but any off-site service introduces the possibility of slowdowns and it is a commercial service. If you use the free version, you get a slower service than those who pay.
- Bad Behavior is a very useful plugin (actually it is also a standalone solution which can be used with any php script such as message boards or guest books). It protects not only against comment spam but also again email harvesters. Its main strength is in blocking automated spammers and it does not protect fully against people with the patience to sit and type comments one at a time. Use this even if you have comments disabled, to prevent direct access to the comments script.
- Spam Karma is another proven suite of scripts which works uobtrusively in the background to block virtually all spam. There are numerous settings which can be tweaked to enhance its performance. Using both Spam Karma and Bad Behavior will allow the vast majority of sites to leave comments open and unmoderated, but still spam free.
One of the hallmarks of bot spammers is that they target older posts because it takes them time to identify posts and harvest the forms needed to comment. Options in Spam Karma (above) cover this, but if you are using another plugin you might find Auto-Shutoff Comments useful. A setting of 15 days will exclude a lot of spam from your site(s).
Using just one or two of these measures, you can block almost all automated spam and a lot of human-entered spam too, while retaining the full advantages of the blog format and its appeal to your visitors. There will be very little spam left for you to deal with by hand. However, you can require comment posters to register and there are some other tweaks available.
For example, in your Theme Editor, open up comments.php and find this:
<?php comment_author_link() ?> and change it to: <?php comment_author() ?>
That will stop the comment author’s name being linked back to his site or email address. But before doing this, think about the potential negative reaction of genuine commenters. You can also prevent links in comments being made clickable with either a plugin or by modifying WordPress’ core files, this is even more likely to impact negatively on genuine visitors.