Security WordPress

How to Protect your WordPress blog from SPAM comments?

Akismet protects your blog’s commenting section from hyperlink spam and spammy anchor text URLs posted by users as well as spam bots. The plugin also protects your installation from TrackBack and Pingback spam (which is also known as sping).

Note: TrackBack and Pingback are actually back linking methods used by various webmasters to get notifications when someone links/tries to link to their blog’s article or a document present on their server. Using these methods, a webmaster can keep track of who is linking to or referring to his website’s articles. Keep in mind that TrackBack and Pingback are supported by few CMS only.

If your blog do not have a spam filtering plugin and spam bots are constantly posting comments in your articles without any type of moderation, then after sometime your blog will start looking spammy in itself to your site visitors as well as to search engine bots.

Also, if you are using a theme whose comments section is DOFOLLOW, then search engines might place a penalty on your entire site as you are passing link juice to all the spam websites.

Before going into further configuration details about Akismet, you should always remember following things:

  • Always moderate all your comments. This can be easily done by going to Settings >> Discussion in your dashboard and then check the box in front of Comment must be manually approved. In case you trust some commentators of your blog completely that they won’t spam, then you can check the box in front of Comment author must have a previously approved comment under Before a comment appears in Discussion settings.
  • Uncheck Attempt to notify any blogs linked to from the article and Allow link notifications from other blogs (pingbacks and trackbacks) present under Default article settings in Discussion settings. This option will completely disable TrackBack and Pingback feature of WordPress.
  • Make ALL the links in your comments section NOFOLLOW (rel=”nofollow”), so that link juice/PageRank can’t be passed to any website/webpage that is mentioned in your comments area. You may want to contact your theme developer and ask him how to do so? Also don’t use plugins like CommentLuv and KeywordLuv with your blog, as they might hurt your rankings in search engines sooner or later.

Tip: Try not to comment on blogs whose comments section is DOFOLLOW by default or which is using plugins like CommentLuv or KeywordLuv. Search engines may place a penalty on that blog as well as on your site, as both of you are trying to manipulate search engine rankings.

By default Akismet comes pre-installed with every installation of WordPress. All you need to do is to activate the plugin. For this, go to plugins page in your dashboard and click on Activate hyperlink present under its name:

activate akismet

This will instantly activate the plugin, but it will ask you to activate your Akismet account before the plugin can start communicating with its server:

activate your akismet account

When you click on Activate your Akismet account blue button, you will be taken to a new page in your dashboard where you are required to either get or enter your API key:

get api key

If you do not have an API key, then click on Get your API key button and you will be taken to: in a new tab/window:

get an akismet API key

On this page click on Get an Akismet API key and you will be asked to sign up for a account by entering your email address, username and password:


If you already have an account on, then click on I already have a account and you will be taken to a login page where you are required to enter your email address/username and password and click on sign in button.

Once the sign up/sign in process is successful, will ask you to authorize Akismet with your account:


Click on Authorize button and the service will ask you to select your preferred plan/subscription. While writing this post following are the plans that Akismet is currently offering to all its users:


  • Personal: This plan is meant for non-commercial websites and blogs. You can opt for this plan for unlimited non-commercial websites and 80,000 spam checks across all those sites. If you have any problem then you will get standard customer support from’s dedicated Akismet team. Keep in mind that as a free user you shouldn’t expect very fast response from them.
  • Business: This plan is meant for commercial businesses and professional websites. For $5 a month you will be able to use the service on one commercial website and for 80,000 SPAM checks. As a paying customer you will get priority customer support from Akismet team.
  • Enterprise: This plan is meant for very large publishing networks, agencies, hosts and universities. For $50 a month you will get to use the service on unlimited commercial websites and will be able to perform 80,000 SPAM checks per network. As an enterprise user, you will also get priority customer support.

Select your preferred plan by clicking on the Signup button and the next page may ask you to enter your Contact Information along with your Credit/Debit card number, CVV code (card security code) and expiry date, if you have opted for a paid plan.

Once the sign up/payment process is successful, you will get your Akismet API key which you are required to copy to your clipboard and paste it manually in the Enter an API key field on the configuration page of the plugin and click on Use this Key button:

api key

manually enter

If the entered key is correct then you will be able to see following message at the top of your dashboard:


Your Akismet account has been successfully setup and activated. Happy blogging!

On this page you will be able to see/set following things:

  • Your current API key. Keep in mind that you can always opt for a new API key and enter it in this field.
  • Select whether you want to show the number of approved comments beside each comment author. A commentator is recognized by the plugin by means of his name or email address.
  • Under strictness select silently discard the worst and most pervasive spam so I never see it or Always put SPAM in the SPAM folder for review. Keep in mind that if you opt to keep comments in your spam folder, then all of them will be deleted automatically and permanently after 15 days.

Once the plugin starts filtering spam comments, trackbacks and pingbacks in your blog, you will be able to see the stats on its settings page:


You will also be able to see the stats of the plugin on the main page of your Dashboard:

dashboard stats

If for some reason you want to disconnect your Akismet account with your blog, then all you need to do is to click on Disconnect this account hyperlink present at the bottom of the settings page.

Important Notes:

  • The settings page of the plugin can be found by going to WordPress’s settings >> Akismet. But if you are using JetPack plugin (also developed by Automattic) with your self-hosted installation, then the settings page will move to JetPack >> Akismet in your dashboard.
  • Spammers are getting smarter every day and if a spam comment is able to pass through Akismet’s spam check system, then all you need to do is to click on SPAM Hyperlink present just below the comment. After this the information (IP address, email address, commentator name/anchor text etc.) about the spam comment is sent to Akismet’s server, so that it can further improve its spam detection system.
  • If the plugin has marked a legitimate comment as spam in your blog, then all you need to do is to click on Not Spam hyperlink present just below the comment and the information is again sent to Akismet’s server. Keep in mind that there is no guarantee that the plugin won’t block the legitimate comment author once again in future. Sometimes even legitimate commentators use rogue IP addresses which are automatically allocated to them by their ISP.
  • If Akismet’s servers are unable to communicate with your hosting server and you see an unable to communicate message at the top of your dashboard, then all you need to do is to contact your host and ask them to whitelist the IP addresses of Akismet in your server’s firewall. If you own a VPS or dedicated server, then you can whitelist the IP addresses yourself. You can find the IP addresses which are used for Akismet API calls right here:

One reply on “How to Protect your WordPress blog from SPAM comments?”

akismet is really worthy plugin to stop spam comments. as we see on blog that many automated robots leave comments and they are not useful for readers so deleting them in bulk is really tricky task. thanks to akismet so they stop before show us and always put comments in spam folder

Comments are closed.