How To Block Spam On Your WordPress Site Before It Becomes A Major Issue


This past year I’ve seen a drastic increase in the amount of spam that was hitting my WordPress sites. The spam plugin that I had installed, Akismet, while it did an OK job of finding and catching spam, wasn’t enough. Not only did I find that it was creating quite a few false positives (including sending many of my own comments on other sites to spam), but because of the way it operates it was still allowing spammers to bog my sites down and cause them to come crashing down from time to time.

Because of the site slowdowns I started looking around for some solutions to my problem – including finding a way to stop the spam request before they even started.

Today’s post will look at a variety of solutions that I’ve examined – and a few that I’ve used – in order to get rid of spam comments on my WordPress sites.

blocking wordpress comment spam

WordPress Plugins To Combat Spam

The first and easiest way that you can combat spam comments and trackbacks on your blog is to install spam nuking plugins.  Here’s a list of a few that I’ve found and had recommended to me.

  • Akismet:  While I’ve had issues with Akismet having false positives on a quite a few comments (in other words, good comments being classified as spam), for the most part it does a pretty decent job of catching the spam and sending it to the spam box.
  • Growmap Anti Spambot Plugin: I use Growmap in conjunction with Akismet to drastically cut down on the amount of spam I receive.  The way this plugin works is that it puts in a checkbox below the comment box, asking the user to check it in order to comment.  Most spam-bots will not complete that behavior, and therefore can’t comment.  After installing this it cut down on my spam substantially.
  • Spam Free WordPress:  I have a blogging colleague who uses this plugin and swears by it.  It claims to block 100% of automated spam. I’m not sure about that, but some people like it.
  • Conditional Captcha:  The plugin creates a captcha that the user needs to enter in order to comment.  Blocks most spam, although it may still allow some comments into the database before being deleted – which means there still may be some load on your server.  I have avoided captcha to some extent because I don’t like entering them on other sites myself.
  • NoSpamX:  Another friend uses this plugin and says it has basically dropped the number of spam to zero on his blog.  Blocks automated spam-bots and allows blacklists.
  • Quiz: This plugin quizzes commenters before they can complete the comment.  I don’t use this one either because i prefer to keep it as simple as possible for commenters.

I currently only use two of the plugins from the list above – Akismet and Growmap.   The rest are still decent plugins I’ve had recommended to me by satisfied bloggers.

Alternative Commenting Systems

Quite a few frustrated bloggers are moving away from the standard WordPress comments system and switching to an alternative commenting platform.  Here are a few choices that I’ve seen used:

These other commenting systems do have their own pros and cons that should be researched if you plan on using them, but for the most part they are pretty effective at combating spam.

 Denying Access To Spammers By Blocking Them With Your .htaccess File

While most the plugins that I use from the above list did help in blocking a lot of the spam that was coming through, I was still experiencing issues with spam-bots hitting my server constantly, and causing slowdowns on my site. In other words their spam comments weren’t getting through, but they were still hitting my server and causing severe loads on my server.  A spam comment and a real comment will have the same load on your server essentially.   At times the spam hitting my server was so bad that it would cause my site to go down altogether.

After doing some research I found the solution to my problem on the site on a post called “Combating Comment Spam/Denying Access“.  The article goes over a variety of ways that you can programatically block spammers from your site.

Block Spammers IP Addresses

First, they go over how to deny access to spammers by blocking their IP addresses from accessing your site.  It can be effective except for the fact that spammers are often on changing IP addresses.  Doesn’t hurt to try and block the worst offenders though, or certain countries if they are especially known for spammers.

Add this to your .htaccess to block spammers from certain IP addresses, or IP ranges.

Order allow,deny
Deny from
Deny from 156.156.156.*
Deny from 189.189.*.*
Allow from all

For more help on setting this up, see this post.

Deny Referrer Or Trackback Spam

Another thing that spammers will exploit is your trackbacks on your site.  Most bloggers will recognize trackbacks at the bottom of a post where links to that particular post will show up.  They show readers who has linked to your post, along with a link to the referrer’s site.

Spammers will send out bots to send fake trackbacks with links back to their spammy sites. You can set your .htaccess file to block known trackback spam bots.   To just get rid of those problems altogether I removed trackbacks from my main sites completely.

Deny Access to No Referrer Requests

This is the one that fixed my spam problem on my site in dramatic fashion.  Before I instituted this fix in my .htaccess file my site was going down a couple of times every day because of the major loads spam-bots were putting on my server.  Since the fix was made it rarely ever has problems anymore because of spam-bots.

What this fix does is to find illegitimate comments by determining if a comment has gone through a certain .php page.   When your readers comment for example,  the wp-comments-post.php file is accessed, processes the text, and creates the comment. The user’s browser will send a “referral” line about this.

When a spam-bot comes in, it hits the file directly and usually does not leave a referrer.  This means that we can detect those no-referrer posts and block them using the .htaccess file.  If you’re not familiar with .htaccess files or Apache directives, you may want to get some help on  this.  Add this to your .htaccess file.

RewriteEngine On
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.** [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

NOTE: In the fourth line of the code above, make sure to change to your own domain name, without the www, or any prefix on the front.

What this code in your .htaccess file does is deflect the spam-bot back on itself so it never hits your server.

The code detects when a post is being made, checks if the comment is being made on “wp-comments-post.php” with a referrer of your domain.  If there is no referrer it sends the spam-bot back to the originating server’s (the spam-bot’s) IP address.

For more detailed instructions on how to set this up in your own .htaccess file, head on over to the post at


Spam is a troubling issue for bloggers. It can devalue your site, slow down your server and even bring it crashing down because of the resources it demands.  The good news is, there are solutions.

For me the solution was a combination of  a couple of WordPress plugins, as well some code in my .htaccess file.  The code in my .htaccess file was especially helpful because it stopped the spammers in their tracks, before they could even get to my server to start their nasty business.

My suggestion is to try something similar.  Install one or two plugins, and put the .htaccess rules in place. My experience has shown that this should be enough to allow you to live a spam free existence. Good luck!

Have your own trick, tips or plugins to help combat spam comments and trackbacks on your blog?  Tell us about them in the comments!

Tip For New Bloggers: Be Patient!

I‘ve been blogging now for 7 years, and in that time I’ve watched tens if not hundreds of new blogs spring up from out of the bloggy ether.  New sites launch bursting with enthusiasm and dollar signs in their eyes, and most hope to make their blog into a nice fat second income.

They blog for a few months, and try to monetize their sites with a few Adsense and text link ads. But after 4 or 5 months and minimal return for their efforts they quickly flame out and disappear into the ether from whence they came.

So what happened, and why aren’t most successful?  Much of the time, they just weren’t patient enough!

Key For A Blogger: Have Patience

I’ve found that one of the key attributes for many successful bloggers that I’ve met is patience.  They stuck with their blogs even when they weren’t making a ton of money at the start. They created a nice looking site and published high quality content several days a week on a regular basis – week in and week out.  They stuck with it through the thin early months, and even when they weren’t making even minimum wage for their time spent at the start – they stuck with it.   They had patience and dedication to create a go-to resource that would help others.

When talking to a lot of my blogging colleagues it seems that there is a very real 6 month flame out period that a lot of newer bloggers encounter.  They stick with it up until that point but then just get sick of it, or don’t feel like they’re making progress, so they quit.  If they had just stuck with it a bit longer, however, many could have turned their blogs into a real asset!

Many successful bloggers, myself included, didn’t start making any real money until somewhere in the range of 6 months to a year – sometimes longer.   I remember talking to another blogger when I first started out, and he told me how he had made $1600 the previous month from his blog. I couldn’t believe it, I could make my mortgage payment with extra money like that!

While I wasn’t making money like that at the time, I stuck with it for 6 months, then 12, and now 4.5 years.   Most months I’m now making 3-4 times the number I was in awe of back then. Why? Because I stuck with it, had patience and did my best to educate myself on how to make money online.

How To Avoid Flaming Out When Your Patience Is Thin

So what are some things you can do to avoid flaming out before your site starts to gain traction?  Here are some ideas for things that worked for me.

  • Treat your blog like a business, not a hobby: I’m convinced that one reason I’ve done well with my site is that I’ve treated it like a money making venture from the start.  I posted on my site 4-5 days/week every week.  I treated it like a second job, and wrote even when I didn’t want to.  I tracked my expenses and income and was motivated when after a few months the income started to creep up.
  • Keep things fresh:  Brainstorm ideas to write about, keep a notebook handy and jot down ideas as they come. Be creative and come up with blog series around a certain topic.  Use an editorial calendar to schedule post ideas.
  • Write in spurts: I will sometimes set aside time on a Saturday or some other night when I’m free and just write several posts all at once for the coming week. That way I’m not as burned out by constantly writing every day.
  • Accept guest posts or hire freelance writers: If you are burned out on writing consider accepting guest posts from other bloggers, or hiring a freelance writer to write for your site.
  • If you need to, take a break:  If you are really getting burned out, don’t be afraid to stop posting for a day or two, or even a week.  Get refreshed and start up again when you’re ready!
  • Don’t give up!: Even if you feel like giving in, don’t do it. Stick with it, be patient!

Slow And Steady Wins The Race

While it would be nice for everyone to be able to start a blog and right away make thousands of dollars a month, the reality is that it usually isn’t that easy.  I can take months or years of hard work before it begins to pay off.  Just stick with it when the going gets tough, and a few months or a year down the line you’ll be glad you did!

Backup Buddy Review: Backing Up Your WordPress Site Is Easy And Automatic With Backup Buddy


A while back I wrote a post on this site talking about how important it was to backup your WordPress site on a regular basis.  Why should you be backing up your site on a regular basis?  There are a variety of reasons. Your site could get hacked, you could have an update of a plugin or WordPress go wrong,  or you could have a host “accidentally” cancel your account.  All of these things can be catastrophic if you don’t have a backup of your database and site files.

The problem is setting up regular backups to run isn’t always an easy process, especially if you’re not very tech-oriented.  A lot of the plugins that are supposed to make backing up easy either don’t work very well, don’t work at all, or take a masters degree in computer science to figure out how to setup correctly.

backup buddy review

I had been using a backup plugin for the last 3-4 years that worked OK, but it had problems from time to time. There were times that it would just stop firing and backups would stop happening.  I had the backups being emailed to my Gmail account as well, and sometimes they would just stop sending when the file size was too large.   That backup solution also only backed up the database, the site files I had to manually back up on a regular basis, and since it was a manual process it tended not to happen as often as it should.

A Better Backup Solution

Backup WordPress EasilyA few weeks ago I was talking to a blogging colleague, Tom over at, and I asked him what he was using to backup his sites.   Since he runs multiple sites his backup solution has to work well, or else he’d be in trouble.  He told me he was using Backup Buddy from as his main backup plugin.  It’ s a premium plugin, but there’s a reason it costs money. It works, and it works well.

On Tom’s advice I went ahead and bought a developer’s version of the plugin since I needed multiple licenses for all of my sites, and installed the plugin that same day on 11 sites.  I’m glad I bought the plugin because it has made the backup process so much easier and pain free than it was before.  Let’s look at some of the things it lets you do.

Database Backup

The main reason I’m using Backup Buddy is because it makes it simple and easy to do regular backups of your site. How easy?  After setting up your backup locations in initial setup, all you need to do to backup is hit a button to backup the database, or another one to do a full backup of the entire site.

Full Site Backup

Doing a full site backup was tough for me to do previously because some of my sites have large databases, and tons of content to backup.  They were just too large and other plugins were choking when scheduled backups happen.  Backup Buddy had no problems with it and actually completed a backup pretty quickly.  It can store a backup locally in the WordPress, or remotely archive your files.

Scheduled Backups

One key thing to have with a backup plugin is scheduled backups.  With Backup Buddy you can schedule backups for your whole site, or for database only.  I schedule regular nightly database backups, and then a weekly full site backup.  You can set the backups to happen at whatever interval you want it to be at, daily, monthly, twice a month, hourly, whatever.

You can also set how many backups you want the plugin to save so that you don’t run out of space.

Off-Site Backups To DropBox, Amazon S3, Email

Another great feature of the plugin is that it will allow you to backup remotely with your Amazon S3 account, Dropbox, an FTP site of your choice or by sending a backup to an email address.

I’ve used it with my Amazon S3 account that I was already using for my CDN, and it has so far worked seamlessly.  You just enter your login credentials, where to back it up at the service and set it as a backup location. Then when you’re setting up a scheduled or manual backup, you can choose that remote location as the backup location.

I’ve also got email backups setup to send to my Gmail account where I archive backups for a certain time.

You can check your dashboard to make sure the updates went through.

Migrate  Or Restore Your Site

Another great feature of the plugin is that it will allow you to migrate your site to another server, or if you’ve had problems with your site, restore it to the same server.  Restoring from a backup is a super simple process.  All you have to do is grab their import php file, put it in the same directory as your full site backup, and then browse the url of the import file, and it will walk you through restoring the site.  Simple!

I know of others who have used this plugin when buying sites from other people. They install the plugin on the remote server, do a backup, and then restore/migrate the site to their own server.

Malware Scan

Finally the plugin does a malware scan of your site for you using Sucuri Security.  You just go to the malware scan link, and it  will scan your site for malware, tell you if your site is blacklisted. Very helpful, especially if you think your site may have been compromised.  And if it is compromised?  Just go to one of your previous sitebackups to clean things up!  Piece of cake!


I think Backup Buddy is one of my new favorite plugins for WordPress users, I’m not sure what I did without it!  It gives you a simple and easy to use backup and site restoration solution that most likely save you if you ever have your site hacked, files corrupted or otherwise lose your site files.  It’s well worth the small cost.  I’d highly recommend it to anyone who wants to ensure the safety of their site files and database data.

Backup WordPress Easily

How To Add A Google +1 Button To Your Site


There has been some rumbling for a while that Google would soon be releasing their own social voting tool called the Google +1 button.  If you’ve been around blogs for any length of time you’ve seen these social voting and sharing buttons or links – asking you to vote for or share a post or page to make it more popular on Digg, Reddit, Stumbleupon, Twitter or Facebook.

Google wanted to get in on the action because they feel that they can use the voting data to make search results more relevant and useful for users, as well as allowing the voting data to affect the results you get based on what your friends have voted up.  In other words, if you’re a blogger – you may want to add a +1 button because it can affect your site positively in the rankings if you do have one. Just how much is up for debate.

On one of their FAQs about the +1 button Google states that the tool will be one of many signals that they use to determine a page’s relevance, and ranking:

This is just one of many signals Google may use to determine a page’s relevance and ranking, and we’re constantly tweaking and improving our algorithm to improve overall search quality. For +1’s, as with any new ranking signal, we’ll be starting carefully and learning how those signals affect search quality.

So while we don’t k now how much of a boost it will give you, any boost means you should probably give it a look see.

How To Add The Google +1 Button

Adding a Google +1 button to your site really shouldn’t be very difficult. It basically comes down to adding two small pieces of code to your site.

First, you need to add the following code in the head of your page or just before your closing body tag:

Then, wherever you want the actual +1 button to show up on the page, you enter the following code:
That’s pretty much it. You can of course change where you have the button showing up, or how it is styled (float left vs. right/etc), but those basics should allow you to get it up and running.  You can see it implemented on this page down below the post.

There are also several styles of buttons that you can use, anything from a small button, to a tall button with click count. For full details on the +1 button, and detail on how to customize, head on over to the developers page here.

How To Enable Google Site Speed Report In The New Google Analytics


One thing that I constantly struggle with as a webmaster is adding new content, functionality and advertisers to my sites without compromising the user experience, or slowing down the load time.

I’ll be the first to admit that some of my sites are currently a bit too slow on the load time, and it’s something that needs to be addressed, especially given the fact that Google now seems to be using your page’s speed as one factor  in determining search rankings.  It’s not just search rankings, however, a slow loading site will frustrate your users and give your site a higher bounce rate, lower conversions and less income.

Ok, so we know that site speed is an important factor that needs to be looked at.   There are a variety of browser plugins and sites that will help you to determine how fast your pages are loading, but now Google has released a new tool that can be used to help diagnosing problem pages, the effects slow page loads can have on traffic and conversions, and more.  Where will you find the tool?  In Google Analytics.

Google Analytics Site Speed Reports

The new version of Google Analytics now has a section of reporting for “site speed”.   You can find it under the “Content” menu item, labeled “Site Speed” (see below).  Some of the things you can track in this reporting according to Google:

  • Content—which landing pages are slowest?
  • Traffic sources—which campaigns correspond to faster page loads overall?
  • Visitor—how does latency compare by visitor type or geographic region?
  • Technology—does browser, operating system or screen resolution impact latency metrics?

Setting Up Site Speed In Analytics

One thing that should be noted.  Site speed reporting doesn’t work automatically out of the box.  You will need to make a small change to your Analytics Javascript that you’ve got running on your site’s pages.  Essentially you’ll be adding one line to your Analytics code.  Example that Google gives:

<script type="text/javascript">
 var _gaq = _gaq || [];
 _gaq.push(['_setAccount', 'UA-XXXXX-X']);

 (function() {
   var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
   ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '';
   var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);

Once you add that extra line, Analytics should start tracking page load times, and it will be available to you in custom reports builder as well so that you can run it  against a variety of different segments. Let the fun begin!

If you’re using the traditional Analytics code (as opposed to the newer Asynchronous code above), your changes will look slightly different. You can find the complete setup guide here: Setting Up Site Speed

Site Speed Is More Important Than Ever

Site speed is becoming more and more important as Google changes their algorithms, and stresses it’s importance.  They’ve added page load times to their webmaster tools, as well as adding new tools to Analytics, creating browser plugins/etc.  Everything they’re doing right now is encouraging webmasters to improve load times… or else.

If you want your site to stay near the top of the search rankings, you’d be well advised to start seeing what you can do to improve your page load times as well.