Many people think that WordPress does not have inbuilt security or have less inbuilt security features. Their assumption about WordPress
inbuilt security is quite wrong. It has strong inbuilt anti spam
functionality including options to block the comment spam. In fact, you
do not need any plug in even default Akismet to stop the comment spam.
The plugins are only meant to provide you additional facilities to fight
against spam such as WP reCAPTCHA to show captcha. In this write up, we'll introduce you with the inbuilt options of WordPress to block the comment spam on your Website without making use of any third party features.
Discussion Settings
Login at your WordPress Website with your credentials and got to Settings - Discussion.
Discussion Settings WordPress Dashboard
his is the place where you can setup your WordPress-powered Website to be free from comment spam.
Default Article Settings
The Pingbacks and trackbacks are the main things that invite comment spam on a Website. You can uncheck the box titled 'Allow notification from other blogs (pingbacks and trackbacks)' option to disable all trackbacks and pingbacks to your articles.
Uncheck the option to disable pingbacks and trackbacks in WordPress Discussion Settings
Other Comment Settings
In next option, you can select that a commenter should provide his/her name and email address to comment on any article. If you think that the commenter should register with your Website first then check the option 'Users must be registered and logged in to comment'. This option is useful when you are integrating login features at your Website. Another best option is to disable comment spam is to close the comments after some days. You can select 'Automatically close comments on articles older than XX days'.
Other Comments Settings in Discussion Panel WordPress
The spammers target the Websites having irrelevant and/or more comments than others. If you are expecting to get large number of comments then you can divide the comments appearance. You can set the last option in above Settings to break the comments into pages with XX top level comments per page. You can also set to display either first or last comment page.
Email the Webmaster on comments
The next two settings are quite important to fight against comment spam. In first setting, you can select the option to email you when someone comments on any article and/or when a comment is held for moderation.
Email Settings in WordPress Discussion Panel
Before a comment appears
The second settings allow you reserving your rights to approve the comments and show them with your approval only.
Before a Comment Appears Settings in WordPress Discussion Panel
You can also select to automatically approve the comments of previously approved commenter. This setting helps the existing commenters to continue their discussions without waiting for any kind of approval.
Comment Moderation
Most of the spammy comments are created only to add links. You can set the WordPress not to accept the comments with more than one or two comments. We're talking about Comment Moderation Setting.
Comment Moderation Settings in WordPress Discussion Panel
Comment moderation settings give you option to hold the comments for moderation if they contain specific words. You can also specify the IP Addresses, of which comments you want to hold for approval. The comments either containing specified words or from entered IPs will be sent to Moderation Queue and appears only after your approval.
Comment Blacklist
The Moderation Queue shows the IP Addresses from which the comments have been entered. You can block these IP Addresses and stop them to comment any more on your Website. The Comment Blacklist gives you this option. Just enter the IP Address and sit back relax. Whenever someone from specified address comments, then his/her comments will automatically be marked as spam. You can also enter the words in this list to filter out the spammy comments.
Comment Blacklist in WordPress Discussion Panel
Block spam IP Addresses
Suppose you are getting bulk spam comments from specific IP Address(s). Then you can disable the IP Addresses. You can edit .htaccess file to block the IP Addresses from accessing your Website. The .htaccess file resides in the root directory (public_html) of your Website File System. We suggest you to hire an experienced person to deal with the .htaccess file as any damage to this file can lead your Website of no use. Steps to block IP Addresses through .htacces are illustrated below.
Access the File System of your Website through a FTP or SFTP Client
Download the .htaccess file from the root directory
Take a backup of .htaccess before doing any editing
Open the file in notepad and enter following lines
Order allow,deny
Deny from 123.123.123.123
Allow from all
You can change the 123.123.123.123 with the IP Address, which you want to block. You can mention one IP Address to block per line.
Save the file and upload it to root directory of your Website.
Open your Website in the browser and check whether it is working or not. If you get any error then restore the backup .htaccess file to the Website's root directory.
NOTE: if you're a non technical person then do not touch .htaccess file. You can refer WordPress Article for detailed information on denying access to IP Addresses.Advanced Step
Again, this advanced step is not for non technical users. If you are not getting success with above steps and the best plugins to stop the comment spam, then the last way is to delete wp-comments-post.php and wp trackback.php files. The deletion of these two files will permanently disable the comments and trackbacks respectively.
Stay up to date
You should update the WordPress and your theme regularly as soon as you get notification. The updates will make your Website more secured and provide you better option to fight against spam.
Conclusion
Stopping the comment spam is a big necessity for everyone and we can effectively do that using inbuilt options along with few additional steps discussed above. You can also make use of plug ins like WP-reCAPTCHA, Facebook Comment, Twitter Comment etc. for additional protection.
