Beat all kinds of captcha validation! Optimal WordPress comment spam blocking method - fast and high blocking rate!

WordPress spam comment blocking
Article List
Article List

There is no place for spam comments! Being OCD I have no tolerance for spam comments/emails. Plus I'm a speed freak, so I've been looking for a spam blocking method that balances block rate and speed. Here's what we've learned about WordPress comment spam blocking.


The dangers of spam comments

WordPress spam comments are too much, all marketing advertising and external links implanted. Generally occur in the article comments, the input url will be automatically inserted into the comment avatar, name inside so as to generate external links. External link implantation of the comment content is generally 1-2 praise words: "Thank you for the author to write such a good article to help us", and so on and so forth.

Spam comments are automatically scanned and replied by bots, and most of them can be blocked by plugins such as Google reCAPTCHA, but there are still some programs that can break CAPTCHA and receive spam every week.

Comments that have nothing to do with the content of the site will affect the normal visitor experience, while reducing the weight of the site affect SEO results. If the comments with phishing URLs may also cause property damage, viruses, etc. If you set up new comments and forms to automatically send email alerts, you will receive emails as soon as there are spam comments, which is very annoying.


WordPress spam comment blocking efficient method

WordPress spam comments often occur in article comments, forms, Woocommerce product reviews. The following shares the corresponding blocking methods according to different contents.

WordPress article spam comment blocking method

Article spam comments are the hardest hit, and the vast majority of CAPTCHA plug-ins only take effect on the form, the article comments can do nothing. Here we recommend an efficient and simple blocking method, you just follow the method below, you can block 99.99% article spam comments.

Go to "Settings" > "Discussion" to prevent spam comments from showing up automatically.


The red boxes below are ticked

Pasted 2

Pasted 3


Then installMaspik Interceptor Plugin, go to the plugin settings in the following figure"Banned comment keywords"box enter the following keywords set as a blacklist (their own appropriate changes), according to the format below to enter a line one. Follow-up if you still receive article spam comments, add the unique keywords inside the comments to this for interception.

Eric Jones
Emma Miller
seo software
fixed monthly
Instagram growth
monthly fee
with graphic design
AI system

Pasted 72

Also add the following CSS to the Extra CSS (Appearance > Customize > Extra CSS) at the bottom and tap Save, this will hide the URL input box inside the comment.

p.comment-form-url {display: none!important;}

What it looks like after adding the code↓

Pasted 5

p.comment-form-url is the Asrtra theme's post comment URL box class. if you use the Avada theme, change it to.

#url{display: none!important;}

If you use other themes, open your own browser developer tools by F12, check the URL box class, id, replace the above code #url on it.

Purpose of hiding the url box: after disabling comments http and www, once someone/bot enters a url in the url box, inside the content of the comment it will be blocked. Adding p.comment-form-url {display: none!important;} will hide the url box.

Normal visitors will not enter a URL if they do not see the URL box and will not be blocked by mistake. However, bots can still find the URL box in the page code and enter the URL, which will be intercepted.

This method is our own idea, the effect is very good. Note: Please do not use perfmatters or other plug-ins to remove the url box, because if you use plug-ins to remove the code inside the url box is not detected, the robot will not be able to enter the URL, resulting in interception failure.

Caution.If the site has registered members, and the member information is bound to the URL, set the ban on comments "http" will lead to members can not comment. This is because the member's comment will automatically insert the bound URL into the url box, resulting in interception. You need to remove the "http" blocking keyword, or disable the backstage members bound URL.

If you want to intercept even better, you can add the installation of theWP Armor Honeypot Antispam Plugin + UseCloudflare Turnstile.


Woocommerce spam evaluation blocking method

A few years ago, a Singaporean foreign trade company found us to change the WordPress website, and one of the requirements was to block the website spam comments. The client said the website would receive dozens of hundreds of spam comments every day, and the mailbox was jammed.

The client said the site was made by a good friend who hired an Indian guy to make it, using a cracked theme / plugin that has not been updated for many years. There is no firewall and no spam comment blocking, and the product comment section is a spam disaster area.

Woocommerce product reviews should also do spam comment blocking, the settings are relatively simple. If it is 2B website is not recommended to open the product evaluation function, set it off according to the following chart. Modify the path: Backstage Woocommerce section > Settings > Products, find the evaluation settings.

Pasted 16

If it is a 2C e-commerce website you need to turn on the comment function to help improve the conversion rate. Check the box as belowOnly "verified users" can participate in the evaluationOnly customers who have purchased can evaluate and eliminate spam comments from the root.

Pasted 17

If you want to intercept even better, you can add the installation of theWP Armor Honeypot Antispam Plugin + UseCloudflare Turnstile.


Form (form) spam blocking method

Form (Form) is the following chart to allow customers to submit information / message input box, commonly used to create inquiries, message system, the site must. Form is also a spam message disaster area, according to the above method set up after the basic receipt of spam comments, but the form spam message or there is a leak of fish.

Pasted 73

At present, people mainly use various Captcha to block spam messages, the blocking rate is good, but still receive bad messages every week. Moreover, these CAPTCHAs require online verification, which slows down the form submission and page loading speed and affects the user experience, so it is not recommended.

After multi-site experiments, we feel that the installation of blacklist keyword blocking plug-ins to intercept the best results, the fastest. Different forms have different blocking plug-ins and methods, here we mainly introduceFluent Forms ProForm and Elementor Pro form spam blocking methods.

Other forms (e.g. Wp forms, Ninja forms, etc.) refer to Elementor Pro form blocking method, similar installationMaspikThe blacklist keyword blocking plugin can be used, please move to Baidu and Google for details.



Fluent Forms Pro spam blocking method

If the page where the form is located does not contain Elementor code, it is recommended to use the Fluent Forms Pro plugin to create inquiry forms, message functions, etc. Fluent Forms Pro isFastest speedform plug-in that makes it easy to create forms with dozens of form templates.

If you are currently using a plugin like WP forms to create forms, we recommend switching to Fluent Forms Pro, which is faster and has a higher spam blocking rate. ClickDownload Fluent Forms Pro plugin and see how to create forms accordingly.

Fluent Forms Pro Benefits.
Speed.We have comparedWP FormsAmong the several well-known form plugins within, Fluent Forms is the fastest, loading only the four resources in the figure below for a total of 47.3KB on the front-end, and adding form code only on pages with Fluent Forms.

If the form is inserted via shortcode, the resource in the red box below can be disabled site-wide, as it only works if the Fluent Forms form is inserted via the Elementor widget.

Pasted 70

In comparison WP Forms forms load over 100KB of resources on the front end; Ninja Forms loads over 200KB; Contact Form7 loads form code on all pages.

Form storage.Fluent Forms comes with a form storage function, and there will be a prompt in the background for new messages to avoid missing inquiries. Contact Form7 doesn't have form storage function, you need to install additional DB plugin, and the interface is not very friendly.

Powerful features.Fluent Forms has many types of form templates and features to do collections, conversations, subscriptions, surveys, signature functions and more. It is easy to extend the functionality of your website later. It is easy to set up and recommended to use.

Spam protection.Fluent Forms' honeypot function is more powerful than that of similar plugins. And there is a unique field blacklist blocking function, which can individually set which keywords are prohibited in each input area, greatly improving the success rate of blocking spam messages.

Click to viewWPForms VS Fluent FormsClick to viewGravity Forms vs Fluent Forms.

The unique blacklist keyword blocking feature and powerful honeypot feature can effectively block spam/message. With this form plugin there is no need to install the Maspik spam comment blocking plugin mentioned below, Fluent Forms is highly recommended!


Fluent Forms Pro Message Blacklist Keyword Settings

If your form doesn't need a URL input box, it is recommended to add a URL input box as below and then hide it with CSS. In this way, human visitors will not see the URL input box, but the robot will still detect and input the content, so as to determine the interception. If you need a URL box, skip this step.

First add a new input box to the existing form with the type Website URL Pasted 59 In the "Advanced Options" setting > "Container Class". Enter "weburl" in the "Advanced Options" setting > "Container Class" in the input box.

Pasted 58

Paste the CSS below directly into "Settings&Integrations">"Custom CSS/JS" as shown in the image below, and click Save. This CSS code will hide the Website URL input box.

.ff-el-group.ff-el-form-hide_label.weburl {
    display: none!important;

Pasted 62

In the "Settings&Integrations" settings of the corresponding form, find "Form Settings" > "Advanced Form Validation".

Pasted 54

Set it up as shown below. This setting means that whenever you fill in the URL input box, it will be blocked. Since the URL input box is hidden from us, only the bot can find it and enter the content.

Pasted 49


Below is the method to set the blacklist keywords of the form, select the corresponding form type on the left, select contails in the middle, and enter the blacklist keywords to be blocked on the right. Please set the keywords according to your own website.

At the beginning of the interception rules should not be set too strict, for fear of injuring normal visitors. Subsequently, according to the content of the spam form and then increase the keyword interception appropriately.

Pasted 71


The honeypot feature should also be turned on, with a max blocking effect! The honeypot is a hidden input box that only bots can see. Once a bot enters something into this hidden box, it will be blocked. Click into "Global Settings".

Pasted 64

In "Settings", find.

There are 3 types of Captcha settings in the "Global Settings", which can be turned on as needed. In principle, we do not recommend using any Captcha validation, as it will reduce the customer experience and have an impact on the page loading speed.

Pasted 106


To continue to enhance the interception, it is recommended to use Cloudflare'sTurnstileThe following is a list of the most popular features of reCaptcha: faster speed, better interception, no need to visit external servers to verify, better than reCaptcha. note: reCaptcha can not be used in the country, Turnstile I have not yet tested, welcome feedback.

Enable method: Click the following figure in numerical order to enter the Turnstile setup page, fill in 2 Keys (first go to Cloudflare to generate), click the blank position, it will be automatically verified and linked to the Turnstile. if the link is successful there will be a prompt, if the link is unsuccessful there will be no prompt, it should be a problem with the Keys to check it out themselves.


Pasted 95   

Pasted 90

Be sure to test the form blocking feature with your browser privacy mode after setting it up. If you use forms like Wp forms, you can search and download other similar keyword blacklist blocking plugins instead of Maspik.


Elementor Pro spam blocking method

If the page where the form is located is built using Elementor (Ele for short), we recommend using Elementor Pro to build the form by clickingDownload free Elementor ProElementor's forms feature is very good, easy to use, more powerful, no need to install Contact Form 7 (CF7), Wp forms and other plug-ins to increase the burden on the server.

And Elemenotr form submission is fast, recommended to installContact Form DB PluginSave the ele form (inquiry) data submitted by customers in the background, there will be a prompt at the top of the background when a new form is submitted.

To enhance Elementor Pro's spam blocking capabilities, you need to installMaspik PluginPlugin. The local validation burden is small and fast, and the free version supports Elementor, WordPress article comments, and is perfectly adequate.

If you still want to intercept better, you can install theCloudflare Turnstile plugin.

First turn on the honeypot function in Ele form, then install the Maspik plugin and set it up as per the tutorial below.

How to insert inquiry buttons and forms into the product detail page template?

If a product detail page or something is made using a theme (instead of Elementor), many people don't know how to insert the Inquiry inquiry button and inquiry form. In fact, you can use the Hook method to insert them. For details, please go toThe super practical WordPress Hook usage sharing, page insert inquiry button, form, ACF field, etc..


Excellent plugin recommendations for blocking spam registrations, messages/comments

In addition to the above mentioned methods, you can also install other plug-ins to further enhance the spam blocking function, it is recommended to install them as needed, and some duplicate functions are recommended to be enabled only in one place.


WP Armor - Honeypot Antispam

WP ArmorCombines the use of JS (which spambots can't use) and unique hidden fields to block spam, and works much better than the honeypot feature that comes with the form. Very lightweight, doesn't make any external calls and is GDPR compliant.

The free version is suitable for protecting the content below ↓ and they have a premium version if you need extra protection. The plugin is updated regularly and the developers are very active in the support forum.

Pasted 100


Maspik Forms Blacklist Keyword Blocking Tool

MaspikMaspik is a message content blacklist keyword/email blocking plugin, after setting the blacklist keyword/email, when the message appears in the corresponding keyword/email will be blocked. Local validation, no code added to the front-end, so it is fast.

The free version applies to the content below, it is highly recommended to install it if using Elementor forms, Fluent Forms comes with this feature without additional installation.

Pasted 101

Here's a tutorial on how to set up and use Maspik:

1- Download and installMaspik PluginAfter entering the plug-in Options settings interface ↓.

Pasted 6

The other features are enabled on demand.

Pasted 8


2- Go to plugin blocking settings

Pasted 7

A reminder will appear at the top where the block will take effect in this plugin

Pasted 11

Leave the default settings as they are, except for those mentioned below.

In the "Email field", enter the email address of the spam message you received.

Pasted 85

In the ""Text area field"↓ enter the intercepted keywords, one per line. As long as the form Text area field (comment/message content) enter any one of the intercepted keywords will be intercepted.

If you still receive spam after using this plugin, add special words in the email (e.g. company name, service keyword SEO ranking, etc.) to this to block it.

Eric Jones
Emma Miller
seo ranking
seo ranking software

Don't set the keywords too strictly for fear of mistakenly intercepting normal comments. Be sure to test the comments after setting! If you still receive spam, fill in the special keywords in the message into the "Text area field" to intercept.

Scroll down the page to the setting location below and enter 1. As long as there are more than (including) 1 URL inside the comment, it will be blocked.

Pasted 13

The following 2 items set the disabled comment language, but there are too few languages to choose from. We've given the plugin author a comment and hope she can add more languages.

Pasted 38

Put the IP address of the spam commenter into the box below to block it.

Pasted 36

According to the following settings, the Validation error message is filled in with the content of the intercepted message.

Pasted 15

Finally click "Save Changes" Pasted 14 . This is the end of the settings, go to the front of the message comments to test the blocking effect 😀 .


Enable Maspik after the proposed pre-point view of the intercepted form ↓, see if there is no wrong interception, appropriate adjustment of the interception of keywords.


Pasted 104

Pasted 105


Cloudflare Turnstile

Cloudflare Turnstileis a powerful, lightweight interception tool from Cloudflare that is a perfect alternative to Google reCAPTCHA and more. Totally free, no frustrating puzzle validation, and even an invisible mode. Fast, GDPR-compliant, and cookie-free.

turnstile gif

Install the free Simple Cloudflare Turnstile WordPress Plugin You can add Cloudflare Turnstile to your website. It supports the content shown below and covers a wide range of content.Fluent Forms comes with Cloudflare Turnstile, so there is no need to install this plugin additionally.

Pasted 102

Pasted 103


Article out of date? Have a better opinion? Have a question? Please leave your comments below and we will follow up.

Recommended Articles.
Comments :


The email address will not be disclosed, and the URL needs to be removed from https://前缀 for insertion.

  • WeChat Service
Quick login without registration

Enter your username and password to log in

Have no account? Forgot password?