Preventing anonymous comments in WordPress


WordPress »
04 January, 2011 – 64 Comments

anonymous comments

I value comments a lot, in fact, I look at the number and quality of comments on a post almost as much as I look at the number of shares, tweets and pageviews to determine how well a post was received. Recently I’ve done some posts that got a lot of annoying responses. Most of those were anonymous comments, which lead me to change my comment policies a bit to prevent those from happening in the future.

This tactic might work for more people, so I thought I’d share it:

Confirming the comment e-mail address

Using a plugin called comment e-mail verification I now force people to use a real e-mail address when commenting. The process is simple: if you comment for the first time, your comment will be kept in moderation automatically. You’ll get a confirmation e-mail with a link in it. Clicking that link will take your comment out of moderation and place it immediately.

The plugin allows you to change the email message sent to the end user as well as some other things, but mostly just works. I use this plugin in conjunction with my own comment redirect plugin, which takes people who comment here for the first time to a special thank you page. This page looks like this:

Commenting thank you page

So the process goes like this, when someone comments here for the first time:

  • Visitor leaves a comment.
  • Visitor is redirected to the comment thank you page, which states, among other things, that they have to confirm their email address.
  • Visitor clicks the confirmation link in his / her email, which takes the comment out of moderation.
  • The visitor is redirected immediately to the comment.

Funnily enough, I now see visitors leave the same comment twice. Once with a fake e-mail address, and then later on with a real e-mail address.

Next to the measures above, I’ve also added some statements to my Comment Rules, above the comment submit button. I now strictly adhere to these rules:

  • Keywords instead of a real name? Comment gets deleted.
  • A fake name instead of your real name? Comment gets deleted.
  • A comment “signature” (with or without links)? Signature gets deleted first time, second time, comment gets deleted.

I’m curious though, most of you reading this are bloggers, what do you do to prevent not just comment spam but annoying comments and commenters?

Top image from Shutterstock.

64 Responses

  1. Rhys
    By Rhys on 4 January, 2011

    Hi :)

    Couldn’t agree more with your comments.

    Unfortunately, my blog was once hit as I appeared quite promenantly in one of those “Dofollow” lists out there. So I got a bunch of spammy comments, some either questioning the ethics of being so anal “But people are contributing to my blog!” they’d say.

    One thing I use for commenting – which is a slight plug – is my plugin InComment. This tracks the commenter’s entrance path into the site using a simple cookie, and then when a comment is left, on the base of the email that gets sent, the path is placed at the bottom of the email. So you can see if the commenter arrived by legit means or by searching for “Leave A Comment” +”Wordpress” +”[keyword]” Google search.

    • Joost de Valk
      By Joost de Valk on 4 January, 2011

      Great idea Rhys, now you could have absolutely left a link to that plugin, in fact, I’ll add it for you ;)

      • Rhys
        By Rhys on 4 January, 2011

        Cheers. Didn’t want to overstep the mark on my first comment :)

    • Stany
      By Stany on 4 January, 2011

      I have a few blogs that attract plenty of ‘link hunters’. Akismet is pretty good at eliminating spam but the manual entries have to be moderated.

      A combination of your methods looks like a powerful setup. In the end you only want to keep people who appreciate your blog and add value while being part of your community.

    • Ryan
      By Ryan on 5 January, 2011

      Very cool idea!

      I get the occasional comment where I’m a bit sketchy as to whether it’s a legit comment made by someone who is utterly stupid or it’s a spammer. Your plugin could make sorting the hard-to-tell spam from the stupid comments.

  2. Mayur (AgentWP)
    By Mayur (AgentWP) on 4 January, 2011

    I have disabled the links in the comments content as well as for the author name. Thus spammers don’t bother to comment any more.

    • Joost de Valk
      By Joost de Valk on 4 January, 2011

      Yeah but that also means you’re not allowing other people to see the “context” of someone’s comment.

  3. bert boerland
    By bert boerland on 4 January, 2011

    and something like for example

    • Joost de Valk
      By Joost de Valk on 4 January, 2011

      Hmm looks useful too, have you tried it on a recent install Bert?

  4. Barry Adams
    By Barry Adams on 4 January, 2011

    I like your approach Joost, it’s very comprehensive and encourages real comments from real people. Adds a level of interaction with the commenter as well which I really like.

    I don’t get a lot of comments on my blog (I’m not nearly as popular as you :)) but on the Belfast Telegraph site we went from an anonymous comment system to comments powered by Disqus, which include a comment rating system. This seems to have the desired effect of making comments user-moderated to an extent, and the efforts of setting up a Disqus account tend to work well to prevent comment spamming.

    • Joost de Valk
      By Joost de Valk on 4 January, 2011

      Yeah that has its benefits, but Disqus is terribly slow at times and leads to sites being down sometimes, which isn’t worth it in my opinion…

      Also, ratings wouldn’t work as well here I think, as I’d like to rate stuff and not have other people rate comments for me :)

  5. quicoto
    By quicoto on 4 January, 2011

    Great! I’m thinking about installing your Comment Redirect plugin.

    On my blogs I don’t actually have many problems with spam. But I basically follow the rules you just posted (keywords, signatures..)


  6. Rarst
    By Rarst on 4 January, 2011

    Why care about real email? For some people it doesn’t make sense to leave their email address anywhere they go and it isn’t faulty logic really.

    I moderate first comments and if you have previously approved comment(s) then you skip moderation. Had to bark once or twice at some aggressive commenters, other than that works just fine.

    Same on real names. What is real name? You can change it to whatever you want even in real world. Online merely makes it more convenient to handle your identity how you find comfortable.

    PS many thanks for not going external comment systems way. They are terrible to the point I first stopped commenting with them and recently even blacklisted some of their scripts so they don’t even load.

    • Joost de Valk
      By Joost de Valk on 4 January, 2011

      Hey Rarst, I don’t agree on the email address stance. If you want to leave a comment on my property, I want to have a valid way of contacting you. If one does not want to leave that, well, then he/she just shouldn’t comment :)

    • ap in tallinn
      By ap in tallinn on 4 January, 2011

      I’d also like to see the reasoning, how does the real e-mail help to get better quality?
      btw, I use a special e-mail address (trash@…) for websites I don’t trust, all mails to this address are trashed in Gmail. But I can find them in trash folder and click a link if required…

  7. Peter Wilson
    By Peter Wilson on 4 January, 2011

    For a site with an established audience, such as this, I think verifying the email address is a valid process. The audience will happily confirm their details. For a site in the process of building an audience & the discussion that follows, the extra step could lead to legitimate commenters deciding it’s all too hard and giving up.

    I’m not sure of the benefit of forcing commenters to use an actual name rather than a handle. If the commenter is better known by their handle then it is a better identifier than their real name.

    • Joost de Valk
      By Joost de Valk on 4 January, 2011

      Good point on the “handle”. I might have to revise that a bit.

      • Peter Wilson
        By Peter Wilson on 5 January, 2011

        I’d consider making it something like:

        Your real name or a widely used handle is required. Comments using keywords as an attempt to game SEO will lead to the comment being deleted.

  8. Diane
    By Diane on 4 January, 2011

    How do you work out what a fake name is? Does it have to match the email address? I use my full name Diane for the name but only di@ in my email. Do you need the surname too?
    I moderate on a forum and we get tons of spam from people building links and they use silly names with a number in – but they’re getting harder to spot as the posts will often be a bit fluffy and wasteful, much like some of the regular posters who I know aren’t spammers!

    • Joost de Valk
      By Joost de Valk on 4 January, 2011

      Yeah that’s a bit harder to do then you’d think, so I just delete when some name is obviously not right. Combined with comment above I might have to revise that part of my thinking a bit ;)

  9. Dave from The Longest Way Home
    By Dave from The Longest Way Home on 4 January, 2011

    I’ve just had two weeks of spam hell (worst was 1900 in a day). I once used tantan noodles to offer captcha only to those who fail it’s spam test. But, I think W3 total cache nulls it out. I will check out Mollom though.

    As I am often away from my site and not online 24/7 I hold first time comments for moderation. After that people are free to come and go.

    I will delete anything with a promotional link (which is nofollow’d anyway) I also remove the underline in comments, which seems to make people stop as well.

    Regarding names. It doesn’t bother me so long as it’s not a keyword name or name of a company selling something etc.

    I like the idea of a commenter clicking on a link in an email. But wonder slightly if they would do so immediately. Do you still approve the comment even if they do not click the email to confirm?

    • Ron Mahon
      By Ron Mahon on 4 January, 2011

      I used Mollom on my Drupal sites for years and it was very good. Gave you a nice graft of it’s activities etc.

      Haven’t tried in WP but I build a new site and I am using Intense Debate Plug in which eliminates a few plugins.

      I fact that with Yost SEO Plugin has reduced the plugin by probably 40 to 50%

      Too Soon to know about Intense but I love wp-seo


      • Dave from The Longest Way Home
        By Dave from The Longest Way Home on 5 January, 2011

        Sadly same issue on WP site re Mollom. When W3T is running it makes the mollom pop up fail :( Some day hopefully

  10. Chris Cree
    By Chris Cree on 4 January, 2011

    I ended up on some of those early dofollow lists too. Because folks tend to just copy/paste & republish those lists I keep cropping up on new ones even though I went back to nofollow in my comments years ago because of all the spam.

    I added a comment policy and linked to it prominently right before the comment submission form. Unfortunately it didn’t cut down on the spam much. But at least I didn’t feel guilty about marking comments as spam after that.

    A few months back I installed the Growmap Anti Spambot Plugin that adds a javascript check box that has to be marked for a comment to be accepted. Bots don’t see the check box so they can’t comment. And folks have to at least claim they aren’t spammers by checking the box.

    It’s not an ideal solution by any means. But it has cut spam down from hundreds a day to a handful.

  11. Ozh
    By Ozh on 4 January, 2011

    Way to go. My own comment policy on my blog has always been the very same you’re now enforcing (real name, no SEO keyword, no forum sig), except that I don’t delete, I mark as Spam, hoping that Akismet will globally stfu the clueless commenter :P

  12. Alexis
    By Alexis on 4 January, 2011

    Your ideas are great. I really think that’s innovation.

  13. Rene
    By Rene on 4 January, 2011

    Useful idea.. but with a high traffic blog like yours “fake” comments with bogus email accounts must add up in the WP admin cluttering up your database every day, or is it cleaned up automatically after X days ?

    Offtopic, what kind of plugin/code do you use for related posts ? tia !

    • Joost de Valk
      By Joost de Valk on 4 January, 2011

      I clean out comments at least once a day, otherwise they would add up indeed.

      The related posts stuff is done in my theme, not through a plugin.

  14. JP
    By JP on 4 January, 2011

    Looks like a great plugin, but what happens when a person uses a valid email address but otherwise violates your TOS? The plugin will allow them to validate their comment and get it approved automatically before you get a chance to review it.

    For those of us who don’t get many comments, moderating every comment (from new commenters) is the way to go.

    • Joost de Valk
      By Joost de Valk on 4 January, 2011

      No the other validations will also still take place, but there’s not many other restrictions. Akismet, for instance, will still do its work though.

  15. Adam W. Warner
    By Adam W. Warner on 4 January, 2011

    Just activated Comment Redirect and love the simplicity. Great “customer service” option for my readers.

    I do have a small suggestion on the placement of this plugin’s settings though. It’s under the Plugins menu, why? Wouldn’t it make sense to put a comments plugin’s settings under the “Comments” menu?

    Maybe it’s not possible?

    Just wondering what the reasoning is behind it’s placement.

    • Paul Campbell
      By Paul Campbell on 8 January, 2011

      Hi Adam – do you use a current version of WP?

      I activated it using Joost’s link and it just won’t work for me. It was only when I checked the plugin page in that I spotted it only works for older WP versions…

      Compatible up to: 2.5
      Last Updated: 2008-7-6

      Maybe there is a download link for an updated version that works in WP3+ ?

      Can you point me in the right direction?



    • Paul Campbell
      By Paul Campbell on 8 January, 2011

      Can anyone confirm if the “Content Redirect” plugin works with the current version of WP? The plugin page in says:

      Compatible up to: 2.5
      Last Updated: 2008-7-6

      Many thanks,


  16. John Garrett
    By John Garrett on 4 January, 2011

    What happens with me is that my autofill sometimes fills in the wrong email address (happened to me on your site yesterday :))

    Then I don’t want to use that one so I might try to resend the comment with the correct email. This will no doubt get me blacklisted at some point (need to pay more attention!)

    I don’t have so much trouble with spam or even annoying comments (yet), but I can see based on the comments here that the bigger you get the more valuable time is taken up dealing with this. It looks like an opportunity for a savvy developer to step in and combine the features of the various plugins that are mentioned here.

    Man I wish I was a savvy developer…

  17. TrafficColeman
    By TrafficColeman on 4 January, 2011

    Joost..I’m an one shot guy when it comes to people leaving stupid comments just to get some exposure..My things that I just banned their IP address and not even given them an second chance…loyal readers will leave good comments and spammmers will continue to be spammy people…but just on my site.

    • Peter Wilson
      By Peter Wilson on 5 January, 2011

      I’d be careful with blocking IP addresses permanently. Most people will use a dynamic IP address so the blocking will only be effective in the short term.

      If a legitimate commenter and a SEO gaming commenter both use the same ISP, then you could end up blocking a legit commenter in the long term.

  18. Kristof
    By Kristof on 4 January, 2011

    I like this idea but curious if you’ve seen a decrease in the number of legitimate comments since you’ve implemented the plugin & comment policy?

  19. archshrk
    By archshrk on 4 January, 2011

    I use Simple Trackback Validation which really helped a lot but that was before making comments nofollow so it may not be necessary anymore. I don’t get enough comments to warrant such a strict comment policy and like others have said it may discourage comments for smaller sites.

    I don’t mind the anonymous commenting much since I know most of them are from 9th graders who are playing games instead of paying attention in class. What bothers me is when they use a bogus email AND subscribe to comments.

  20. Swamykant
    By Swamykant on 4 January, 2011

    This is an excellent idea. As my blog’s traffic is growing day by day, I find hundreds of spam comments. In those comments there are some genuine comments too.

    Thanks for sharing me the links of the two interesting plugins.

  21. Michael
    By Michael on 4 January, 2011

    What I’ve been using on client sites has been replacing the standard WordPress comment system with facebook comments. So far working well. Only gripe is it takes it about 1-2 seconds for the comment system to load, but doesn’t seem to slow the rest of the page down.

    Anyone else have thoughts/experiences about using Facebook to power your comments?

  22. Mike
    By Mike on 4 January, 2011

    I added bit defender, that helped. I still get some. But, I’m afraid some of the others that get through might be a legit comment, and I could be deleting one of the few real comments I get. Are they getting that good at generating spam? Any advice you might have on how to really tell the difference would be appreciated. I get maybe 20 a day that get through the bit defender. I’ve checked some, and e-mails are fake, website in the link doesn’t exist. I go in every day or so and clean out the spammy ones, but I would rather leave a “relevant” spam, than delete a legit comment. Any hate speech, or annoying, antagonizing comment just gets deleted without question.

  23. Gert Ooms
    By Gert Ooms on 4 January, 2011

    Another great post, with some useable information,
    currently I had set my blog to ‘always moderate comments’ but this
    wil help a lot and users can in fact self moderate their comments.
    I’d never thaught of using a comment redirect plugin, but you
    convinced me again …

  24. Emile Giethoorn
    By Emile Giethoorn on 4 January, 2011

    Why not use the WP-SpamFree Plugin? It seems to work fine for my site.

  25. Niek
    By Niek on 4 January, 2011

    Amazing one Joost, I was thinking about this for some time and this one just fixed it :)

  26. Joost de Valk
    By Joost de Valk on 4 January, 2011

    Need to test something…

    • Adam W. Warner
      By Adam W. Warner on 4 January, 2011

      I just received a notification of your comment twice…if that helps in your testing;)

    • Kristof
      By Kristof on 4 January, 2011

      Hi Joost – I subscribed to comments but the only email notification I’ve received is your “test” (two times). Is that what you’re testing?

      • Joost de Valk
        By Joost de Valk on 4 January, 2011

        Hi, no sorry, just added a feature to immediately subscribe to my newsletter by checking that box when commenting ;) those tests are stopping now :D

        • Kristof
          By Kristof on 4 January, 2011

          I saw that – it’s a nice option. Is it a plugin and can it be integrated into aWeber or is it through feedburner?

          • Joost de Valk
            By Joost de Valk on 4 January, 2011

            It’s custom code I wrote just now that uses the Mailchimp API. You should’ve received a welcome email ;)

  27. Kristof
    By Kristof on 4 January, 2011

    Just got it. Do I hear a plugin coming?

    • Joost de Valk
      By Joost de Valk on 4 January, 2011

      I doubt it. It’s pretty tough to set up.

      • Michael
        By Michael on 5 January, 2011

        I’d be interested.

  28. Ryan
    By Ryan on 5 January, 2011

    I like this idea as a way of curbing serious spam problems, but for the vast majority I think this is a bad idea. Requiring an email address is placing an extra stumbling block in the way of commenting and is slightly irritating.

    • Kristof
      By Kristof on 5 January, 2011

      Majority of sites require an email address to comment so not sure how requiring a legitimate one would be a stumbling block.

      • Fernando Veloso
        By Fernando Veloso on 5 January, 2011

        Agree. Definitely this is a major pain for “some” of our visitors BUT a very appreciated effort by some others.

      • Ryan
        By Ryan on 11 January, 2011

        The majority of sites require an email address to be entered, that doesn’t mean it needs to be legit and it doesn’t mean someone needs to go check their email to verify their comment. It’s the verification part which is the stumbling block.

        I’m always a fan of reducing the barrier to participation as much as possible. Even my forum allows guest posting (with post moderation) to ensure that as many people as possible participate.

  29. carson
    By carson on 5 January, 2011

    Thanks for these tips, I was looking for this sort of thing for a client of mine.

  30. Fernando Veloso
    By Fernando Veloso on 5 January, 2011

    Definitely this can be a pain to *some* visitors BUT for vast majority of people, this is an extra 10 seconds to write name,email, and comment.

  31. Elliott
    By Elliott on 6 January, 2011

    Thanks, I just implemented it.

  32. Chris
    By Chris on 16 January, 2011

    Thanks Yoast, after using the SEO plugin on our site Rock Salt I’m going to use this one as well. Thank you so much for your contributions to the wordpressphere.