How to Stop Comment and Contact Form Spam

Comment and contact form spam is a total waste of time and there are few things more annoying than sorting through junk mail to filter out varying degrees of junk email.

And if you don’t take the time to clean up all of the spam submissions (and figure out a way to ultimately stop them) you run the serious risk of damaging your brand’s reputation if these spammy messages ever appear on the frontend of your website.

As a website designer and developer you can rest assured because I can help.

There are ways to combat comment and contact form spam and make your life a little easier. I’m sure we all have things we’d rather be doing than sorting out through form spam.

What is Form Spam & Why Does it Exist?

Form spam happens when people submit unwanted information through online forms to phish or send abusive messages.

Form spam exists because spammers look for vulnerabilities in website forms so they can hijack them and use the website forms to relay email spam messages to others. These emails arrive in people’s inboxes looking like emails you might send. People unknowingly open these emails and click the links thinking they are going to your site only to find themselves on an entirely different website. Often the spammer is also trying to game the system by posting hyperlinks to other websites and products so they can gain link equity and a boost in SEO.

How Does Form Spam Work?

Form spam is performed in two ways:

  1. Manual Spamming – manual spamming happens when a company hires real people to manually fill out web forms with information linking back to companies that need link juice. This type of form spam is difficult to beat because human spammers can get through most anti-spam measures a website owner can put in place on his website.
  2. Spambots – spambots happen when programs are developed to seek out web forms and fill them out with the hope that the message will appear somewhere on the website. Think of a commenting or testimonial form that allows messages to publish automatically on your site (don’t do this) without approval can easily have this kind of spam. This type of spam is easier to combat because spambots aren’t human and have a tough time getting past most anti-spam measures.

Why Comment Spam is Bad

Some people will feel that it’s okay to approve comments they might feel aren’t actually legit. There is harm in doing this for the following reasons:

  • Google is cracking down on bad links. This doesn’t just include sites that buy links. It also includes sites that allow them. The last thing you want to do is degrade the quality of your site by allowing spam comments.
  • Comment spam shows lack of moderation. Comment spam gives users the impression that no one is at home maintaining the website. Suppose you are selling a product or service. Clearly you want prospects to believe you will care for them the way you care for your own website…
  • Your readers might not trust you. If a reader clicks on a link in the comments and is taken somewhere they don’t want to be they might not come back to your website.

Eight Ways to Stop Form & Blog Post Comment Spam

If you want to stop form spam, you have to do everything in your power to make it nearly impossible for the spambots to fill out your forms. At the same time, you have to balance usability and make your forms as easy as possible for real website visitors to fill out.

1. Use Contact Forms – Don’t use email addresses

If eliminating as much spam as possible is your goal, your first task should be getting rid of the email address on your website. Why? Spambots that troll websites looking for forms to fill out also look for email addresses they can harvest and use to spam others. There are ways to hide your email address from spambots, but the best solution is to use a paid WordPress contact form plugin like GravityForms or Ninja Forms.

2. Use Google reCaptcha

Google reCAPTCHA is the remake of Captcha. Remember this craziness? Although it was effective in reducing form spam it also significantly reduced real human traffic because it was so hard to use.

Google reCAPTCHA helps you detect abusive traffic on your website without any user friction. Now instead of having to type text or answer a question, site visitors only have to click a button identifying themselves as human so they can submit their form. The takeaway is that you should use Google reCAPTCHA.

3. Use the Honeypot Method

If you don’t like the idea of using reCAPTCHA, you can use the honeypot method instead. Honeypots are tiny bits of code that are used to catch spambots by presenting a hidden form field that only appears to spambots.

4. Ask a Question

Another technique is to incorporate a question into the form. You might use a text question or ask the user to answer a basic math question before they can submit the form. Here are some examples of questions you could use:

  • What is 5+3?
  • What is the first letter in the word “cat?”
  • What comes first, B or X?

The only thing that matters when you use this anti-spam strategy is that you make the question and answer easy enough for people to actually answer. And if you have a global audience, it’s important to remember to translate your forms into other languages.

5. Don’t Allow Links

One of the simplest solutions for stopping form spam is to stop allowing links on blog comments and forms. This won’t eliminate all form spam, but it will certainly reduce it. There are wordpress plugins that do this or you can add this line of code in your theme’s functions.php file:

remove_filter( 'comment_text', 'make_clickable', 9 );

WordPress doesn’t store plain text URLs as links in the database. Instead it changes them into clickable links on the fly. This code simply disables the filter that makes the URLs clickable. Don’t do this unless you know what you are doing or have someone on speed dial who knows how to help you if something goes wrong.

6. Install the Akismet WordPress Anti-Spam Plugin

Akismet checks your comments and contact form submissions against a global database of spam to protect sites from malicious content. This is not the end-all-be-all solution but it works well to complement some of the other solutions I have mentioned above.

Akismet’s top features are:

  • Automated checks of all comment and contact form submissions for spam
  • Automatically filters out submissions that look spammy
  • ‘Unspam’ feature for mistaken spam flagging – when something that isn’t spam is identified as spam

7. Turn Off Trackbacks

Trackback spam is often worse than comment spam. Trackbacks are manual notifications by one blogger that they have linked to your blog post within theirs. Pingbacks were created to automate this process.

8. Turn Off Comments After 30-60 Days

People who comment for link building purposes (SEO spammers) typically look for blog posts with high PageRank – Google’s 1-10 scoring of authority. Typically blog posts start out at a PageRank of 0 and only gain PageRank after a few months. This means that SEO spammers will be targeting your older blog posts.


There is no perfect solution for combatting comment and contact form spam. Whatever you do, don’t rely on a single strategy to stop all the spam on your website.