WordPress remove thousands of spam comments

If you have a wordpress blog and are receiving thousands of spam comments, and many are not recognized as spam by akismet, you should add an extra mechanism to protect your blog and save yourself a lot of time (wasted on reviewing obvious spam). Read on.

Configure your Discussion Settings

I assume you want to allow your readers to comment… if not, then you may find this page in the Dashboard very useful: Settings > Discussion


In particular:

  • Allow people to post comments on new articles: if you do not want to receive comments at all, check this option. You can override it per post (when you write/edit a post, click at the top right on “Screen Options” > “Discussion” and see a tab appearing under your post, showing these 2 options:
    • Allow comments
    • Allow trackbacks and pingbacks on this page
  • Users must be registered and logged in to comment: this probably works only for a private blog
  • Comment must be manually approved: this is a must for me. In case a spam comment is not detected, it won’t be shown to the public.
  • Comment author must have a previously approved comment: this is also a good option I activate. I want to have full control on my blog.

Actively fight spam

WordPress comes with a plugin called Akismet. In order to use it, you must sign up for an Akismet API key, Do it! Then go in the Plugins page, click on Settings (in the Akismet tab) insert the key and activate the plugin.

Akismet, in the last months, was for many users not effective anymore. It doesn’t detect many obvious spammy comments as spam. Every week I get at least 30-50 comments in chinese or arabic, full of spammy links. I don’t understand why akismet doesn’t detect them as spam… Well, you need to add some extra protection, like a captcha or another plugin.

How to install a WordPress plugin: Browse to your Plugins page, click on “Add new” and search for it, find it in the WordPress Plugin Directory and install it from there, with a few clicks. Else you can also install it manually by downloading it from the author’s page, unzipping it and copying the contents in your WordPress installation, under /wp-content/plugins/

2 WordPress Plugins that will make your life easier

Captcha control: for my blog I’m using a plugin called FunCaptcha, it works very well and it’s very easy user friendly (much better than some standard captchas, difficult to understand). The user must rotate a picture by clicking it a several times, or select something. Try the example in the author’s website. You must register to the author’s website and get a public and private API keys. This is very easy. This plugin is excellent: since I’m using it I receive practically 0 spam comments.

Cookie control: there is also a plugin called Cookies for comments. What the plugin does is very simple. It will add a cookie to the user’s browser and check if the cookie exists when the comment is entered. If it doesn’t, it may be a paranoid user who deactivated cookies, or a spammer. As the majority of users doesn’t deactivate cookies, and I have no time to deal with the paranoids, I simply accept the default option provided by the plugin to automatically mark as spam all comments that didn’t pass the cookie check. This plugin does exactly what I said: marks as spam the spammy comments. The problem is that you will still receive hundreds or even thousands of spams that you must manually delete by clicking the “Empty Trash” button.

Conclusion: use FunCaptcha.

Clean up thousands of comments marked as spam

I don’t know how, but my little blog was spammed with more than 100’000 thousands comments (wasting more than 600 MB of hosting space…). The Empty Spam button doesn’t work in this case, I guess because PHP is going out of memory. So if you find yourself in the same situation, you need to manually clean up your database comments (and meta) tables yourself. This is quite easy, just run these 2 queries (I had to save them in a txt file as my host doesn’t let me save this post for security reasons). Then optimize the 2 tables.

That’s it. I hope that akismet will improve the spam detection, but it seems to me that extra measures have to be taken. Spammers get smarter (or the tools they use get smarter…) and we have to update our countermeasures to protect our blogs and the internet…

4 thoughts on “WordPress remove thousands of spam comments

  1. Bee

    Hi, thanks so much for this post! After having left my blog on the back-burner for around 5 months, I now have 35,000 spam comments – argh! That FunCaptcha tool sounds perfect. I have a question though – what exactly do you mean by running the 2 queries in order to delete old spam comments? Like you, my spam is massively using up my hosting space. Thanks for your help!

    1. Paolo Brocco Post author

      Hi, sorry for the late reply, yep the 2 queries are meant to remove all the old spam comments from your database and save a lot of space. Cheers.

    2. Ken Fisher

      Any chance of some instructions on how to run these queries, I am not an expert.

      1. Paolo Brocco Post author

        Hi Ken, you must check in your hosting how to access your database. Usually hosts offer phpMyAdmin or a similar tool. In the tool, open the sql query editor and paste those 2 queries. Eventually if you have a good support you can even ask them to run these for you.


Leave a Reply to Ken Fisher Cancel reply

Your email address will not be published. Required fields are marked *