I’m writing here because I can’t seem to find anyone else who is talking about it, but in the last week or so, I’ve noticed a massive increase in comment spam within WordPress, primarily from Russian sources.
All week, clients have been reaching out to me thinking that their websites were hacked because, out of nowhere, they are seeing tons of comments with links in Russian. They are all spam, and seem to be related to the SEO efforts of various companies trying to promote their clients’ websites.
It can be somewhat frightening to get the comment notifications out of the blue like this. At first glance, it is easy to think that maybe you’ve been hacked.
Fortunately, that’s probably not the case. More than likely, it’s just automated spam that happens to have found your website and is just bombarding it with fake comments.
I’m not sure exactly why it has increased dramatically in the last week. It’s possible it will be temporary, or maybe this is just the new normal. Who knows.
What can I do to stop the increased comment spam?
There are a few things you can do to prevent this.
The easiest is to just disable comments on older blog posts. If you haven’t posted in a while, this might be all blog posts.
Typically, spammers target older blog posts, just because it’s what they have indexed. So preventing comments on these posts is usually successful in blocking most or all spam, although I’ve seen some exceptions lately.
To do this, simply go to Settings -> Discussion
Then, check “Automatically close comments on posts older than” and set it to the desired value. 14 days is the default and should work well.
This should prevent nearly all of the recent Russian spam comments.
There are plenty of other settings on that page that may help you as well, so feel free to mess around with it.
Alternatively, you could disable comments entirely. I recommend using the WPCode plugin and enabling the built-in “disable comments” code snippet as the easiest and most effective way to accomplish this.
You could also enable some kind of anti-spam plugin that could help fight it. There used to be an amazing little plugin that worked wonders, I believe simply called “Anti-spam”. Sadly, it got bought by a larger company and integrated into their security plugin which is quite heavy-weight and I would not recommend.
On my own site, I use Antispam Bee which seems to work pretty well.
Otherwise, Akismet is probably the most effective but is only free for personal use and is far from lightweight.
If you have any additional information about the recent influx of spam comments, please let me know in the comments here. I’d love to know why they have increased so much and what else can be done. It still boggles my mind that nobody seems to be talking about this, as a quick check-in with others in my industry has revealed that seemingly everyone is experiencing the same thing.