Preventing anonymous comments in WordPress

I value comments a lot, in fact, I look at the number and quality of comments on a post almost as much as I look at the number of shares, tweets and pageviews to determine how well a post was received. Recently I’ve done some posts that got a lot of annoying responses. Most of those were anonymous comments, which lead me to change my comment policies a bit to prevent those from happening in the future.

This tactic might work for more people, so I thought I’d share it:

Confirming the comment e-mail address

Using a plugin called comment e-mail verification I now force people to use a real e-mail address when commenting. The process is simple: if you comment for the first time, your comment will be kept in moderation automatically. You’ll get a confirmation e-mail with a link in it. Clicking that link will take your comment out of moderation and place it immediately.

The plugin allows you to change the email message sent to the end user as well as some other things, but mostly just works. I use this plugin in conjunction with my own comment hacks redirect plugin, which takes people who comment here for the first time to a special thank you page. This page looks like this:

Commenting thank you page

So the process goes like this, when someone comments here for the first time:

  • Visitor leaves a comment.
  • Visitor is redirected to the comment thank you page, which states, among other things, that they have to confirm their email address.
  • Visitor clicks the confirmation link in his / her email, which takes the comment out of moderation.
  • The visitor is redirected immediately to the comment.

Funnily enough, I now see visitors leave the same comment twice. Once with a fake e-mail address, and then later on with a real e-mail address.

Next to the measures above, I’ve also added some statements to my Comment Rules, above the comment submit button. I now strictly adhere to these rules:

  • Keywords instead of a real name? Comment gets deleted.
  • A fake name instead of your real name? Comment gets deleted.
  • A comment “signature” (with or without links)? Signature gets deleted first time, second time, comment gets deleted.

I’m curious though, most of you reading this are bloggers, what do you do to prevent not just comment spam but annoying comments and commenters?

Learn how to write online copy that ranks!

  • Covers all from picking keywords to publishing
  • Includes personal feedback
  • On-demand SEO training by Yoast
  • End up with a ready-to-use blog post!
More info

64 Responses to Preventing anonymous comments in WordPress

  1. Chris
    Chris  • 8 years ago

    Thanks Yoast, after using the SEO plugin on our site Rock Salt I’m going to use this one as well. Thank you so much for your contributions to the wordpressphere.

  2. Elliott
    Elliott  • 8 years ago

    Thanks, I just implemented it.

  3. Fernando Veloso
    Fernando Veloso  • 8 years ago

    Definitely this can be a pain to *some* visitors BUT for vast majority of people, this is an extra 10 seconds to write name,email, and comment.

  4. carson
    carson  • 8 years ago

    Thanks for these tips, I was looking for this sort of thing for a client of mine.

  5. Ryan
    Ryan  • 8 years ago

    I like this idea as a way of curbing serious spam problems, but for the vast majority I think this is a bad idea. Requiring an email address is placing an extra stumbling block in the way of commenting and is slightly irritating.

    • Kristof
      Kristof  • 8 years ago

      Majority of sites require an email address to comment so not sure how requiring a legitimate one would be a stumbling block.

      • Ryan
        Ryan  • 8 years ago

        The majority of sites require an email address to be entered, that doesn’t mean it needs to be legit and it doesn’t mean someone needs to go check their email to verify their comment. It’s the verification part which is the stumbling block.

        I’m always a fan of reducing the barrier to participation as much as possible. Even my forum allows guest posting (with post moderation) to ensure that as many people as possible participate.

      • Fernando Veloso
        Fernando Veloso  • 8 years ago

        Agree. Definitely this is a major pain for “some” of our visitors BUT a very appreciated effort by some others.

  6. Kristof
    Kristof  • 8 years ago

    Just got it. Do I hear a plugin coming?

    • Joost de Valk

      I doubt it. It’s pretty tough to set up.

      • Michael
        Michael  • 8 years ago

        I’d be interested.

  7. Joost de Valk
    Joost de Valk  • 8 years ago

    Need to test something…

    • Kristof
      Kristof  • 8 years ago

      Hi Joost – I subscribed to comments but the only email notification I’ve received is your “test” (two times). Is that what you’re testing?

      • Joost de Valk

        Hi, no sorry, just added a feature to immediately subscribe to my newsletter by checking that box when commenting ;) those tests are stopping now :D

        • Kristof
          Kristof  • 8 years ago

          I saw that – it’s a nice option. Is it a plugin and can it be integrated into aWeber or is it through feedburner?

          • Joost de Valk

            It’s custom code I wrote just now that uses the Mailchimp API. You should’ve received a welcome email ;)

    • Adam W. Warner
      Adam W. Warner  • 8 years ago

      I just received a notification of your comment twice…if that helps in your testing;)

  8. Niek
    Niek  • 8 years ago

    Amazing one Joost, I was thinking about this for some time and this one just fixed it :)

  9. Emile Giethoorn
    Emile Giethoorn  • 8 years ago

    Why not use the WP-SpamFree Plugin? It seems to work fine for my site.

  10. Gert Ooms
    Gert Ooms  • 8 years ago

    Another great post, with some useable information,
    currently I had set my blog to ‘always moderate comments’ but this
    wil help a lot and users can in fact self moderate their comments.
    I’d never thaught of using a comment redirect plugin, but you
    convinced me again …

  11. Mike
    Mike  • 8 years ago

    I added bit defender, that helped. I still get some. But, I’m afraid some of the others that get through might be a legit comment, and I could be deleting one of the few real comments I get. Are they getting that good at generating spam? Any advice you might have on how to really tell the difference would be appreciated. I get maybe 20 a day that get through the bit defender. I’ve checked some, and e-mails are fake, website in the link doesn’t exist. I go in every day or so and clean out the spammy ones, but I would rather leave a “relevant” spam, than delete a legit comment. Any hate speech, or annoying, antagonizing comment just gets deleted without question.

  12. Michael
    Michael  • 8 years ago

    What I’ve been using on client sites has been replacing the standard WordPress comment system with facebook comments. So far working well. Only gripe is it takes it about 1-2 seconds for the comment system to load, but doesn’t seem to slow the rest of the page down.

    Anyone else have thoughts/experiences about using Facebook to power your comments?

  13. Swamykant
    Swamykant  • 8 years ago

    This is an excellent idea. As my blog’s traffic is growing day by day, I find hundreds of spam comments. In those comments there are some genuine comments too.

    Thanks for sharing me the links of the two interesting plugins.

  14. archshrk
    archshrk  • 8 years ago

    I use Simple Trackback Validation which really helped a lot but that was before making comments nofollow so it may not be necessary anymore. I don’t get enough comments to warrant such a strict comment policy and like others have said it may discourage comments for smaller sites.

    I don’t mind the anonymous commenting much since I know most of them are from 9th graders who are playing games instead of paying attention in class. What bothers me is when they use a bogus email AND subscribe to comments.

  15. Kristof
    Kristof  • 8 years ago

    I like this idea but curious if you’ve seen a decrease in the number of legitimate comments since you’ve implemented the plugin & comment policy?

  16. TrafficColeman
    TrafficColeman  • 8 years ago

    Joost..I’m an one shot guy when it comes to people leaving stupid comments just to get some exposure..My things that I just banned their IP address and not even given them an second chance…loyal readers will leave good comments and spammmers will continue to be spammy people…but just on my site.

    • Peter Wilson
      Peter Wilson  • 8 years ago

      I’d be careful with blocking IP addresses permanently. Most people will use a dynamic IP address so the blocking will only be effective in the short term.

      If a legitimate commenter and a SEO gaming commenter both use the same ISP, then you could end up blocking a legit commenter in the long term.

  17. John Garrett
    John Garrett  • 8 years ago

    What happens with me is that my autofill sometimes fills in the wrong email address (happened to me on your site yesterday :))

    Then I don’t want to use that one so I might try to resend the comment with the correct email. This will no doubt get me blacklisted at some point (need to pay more attention!)

    I don’t have so much trouble with spam or even annoying comments (yet), but I can see based on the comments here that the bigger you get the more valuable time is taken up dealing with this. It looks like an opportunity for a savvy developer to step in and combine the features of the various plugins that are mentioned here.

    Man I wish I was a savvy developer…

  18. Adam W. Warner
    Adam W. Warner  • 8 years ago

    Just activated Comment Redirect and love the simplicity. Great “customer service” option for my readers.

    I do have a small suggestion on the placement of this plugin’s settings though. It’s under the Plugins menu, why? Wouldn’t it make sense to put a comments plugin’s settings under the “Comments” menu?

    Maybe it’s not possible?

    Just wondering what the reasoning is behind it’s placement.

    • Paul Campbell
      Paul Campbell  • 8 years ago

      Can anyone confirm if the “Content Redirect” plugin works with the current version of WP? The plugin page in says:

      Compatible up to: 2.5
      Last Updated: 2008-7-6

      Many thanks,


    • Paul Campbell
      Paul Campbell  • 8 years ago

      Hi Adam – do you use a current version of WP?

      I activated it using Joost’s link and it just won’t work for me. It was only when I checked the plugin page in that I spotted it only works for older WP versions…

      Compatible up to: 2.5
      Last Updated: 2008-7-6

      Maybe there is a download link for an updated version that works in WP3+ ?

      Can you point me in the right direction?



  19. JP
    JP  • 8 years ago

    Looks like a great plugin, but what happens when a person uses a valid email address but otherwise violates your TOS? The plugin will allow them to validate their comment and get it approved automatically before you get a chance to review it.

    For those of us who don’t get many comments, moderating every comment (from new commenters) is the way to go.

    • Joost de Valk

      No the other validations will also still take place, but there’s not many other restrictions. Akismet, for instance, will still do its work though.

  20. Rene
    Rene  • 8 years ago

    Useful idea.. but with a high traffic blog like yours “fake” comments with bogus email accounts must add up in the WP admin cluttering up your database every day, or is it cleaned up automatically after X days ?

    Offtopic, what kind of plugin/code do you use for related posts ? tia !

    • Joost de Valk

      I clean out comments at least once a day, otherwise they would add up indeed.

      The related posts stuff is done in my theme, not through a plugin.

  21. Alexis
    Alexis  • 8 years ago

    Your ideas are great. I really think that’s innovation.

  22. Ozh
    Ozh  • 8 years ago

    Way to go. My own comment policy on my blog has always been the very same you’re now enforcing (real name, no SEO keyword, no forum sig), except that I don’t delete, I mark as Spam, hoping that Akismet will globally stfu the clueless commenter :P

  23. Chris Cree
    Chris Cree  • 8 years ago

    I ended up on some of those early dofollow lists too. Because folks tend to just copy/paste & republish those lists I keep cropping up on new ones even though I went back to nofollow in my comments years ago because of all the spam.

    I added a comment policy and linked to it prominently right before the comment submission form. Unfortunately it didn’t cut down on the spam much. But at least I didn’t feel guilty about marking comments as spam after that.

    A few months back I installed the Growmap Anti Spambot Plugin that adds a javascript check box that has to be marked for a comment to be accepted. Bots don’t see the check box so they can’t comment. And folks have to at least claim they aren’t spammers by checking the box.

    It’s not an ideal solution by any means. But it has cut spam down from hundreds a day to a handful.

  24. Dave from The Longest Way Home
    Dave from The Longest Way Home  • 8 years ago

    I’ve just had two weeks of spam hell (worst was 1900 in a day). I once used tantan noodles to offer captcha only to those who fail it’s spam test. But, I think W3 total cache nulls it out. I will check out Mollom though.

    As I am often away from my site and not online 24/7 I hold first time comments for moderation. After that people are free to come and go.

    I will delete anything with a promotional link (which is nofollow’d anyway) I also remove the underline in comments, which seems to make people stop as well.

    Regarding names. It doesn’t bother me so long as it’s not a keyword name or name of a company selling something etc.

    I like the idea of a commenter clicking on a link in an email. But wonder slightly if they would do so immediately. Do you still approve the comment even if they do not click the email to confirm?

    • Ron Mahon
      Ron Mahon  • 8 years ago

      I used Mollom on my Drupal sites for years and it was very good. Gave you a nice graft of it’s activities etc.

      Haven’t tried in WP but I build a new site and I am using Intense Debate Plug in which eliminates a few plugins.

      I fact that with Yost SEO Plugin has reduced the plugin by probably 40 to 50%

      Too Soon to know about Intense but I love wp-seo


      • Dave from The Longest Way Home
        Dave from The Longest Way Home  • 8 years ago

        Sadly same issue on WP site re Mollom. When W3T is running it makes the mollom pop up fail :( Some day hopefully

  25. Diane
    Diane  • 8 years ago

    How do you work out what a fake name is? Does it have to match the email address? I use my full name Diane for the name but only di@ in my email. Do you need the surname too?
    I moderate on a forum and we get tons of spam from people building links and they use silly names with a number in – but they’re getting harder to spot as the posts will often be a bit fluffy and wasteful, much like some of the regular posters who I know aren’t spammers!

    • Joost de Valk

      Yeah that’s a bit harder to do then you’d think, so I just delete when some name is obviously not right. Combined with comment above I might have to revise that part of my thinking a bit ;)

  26. Peter Wilson
    Peter Wilson  • 8 years ago

    For a site with an established audience, such as this, I think verifying the email address is a valid process. The audience will happily confirm their details. For a site in the process of building an audience & the discussion that follows, the extra step could lead to legitimate commenters deciding it’s all too hard and giving up.

    I’m not sure of the benefit of forcing commenters to use an actual name rather than a handle. If the commenter is better known by their handle then it is a better identifier than their real name.

    • Joost de Valk

      Good point on the “handle”. I might have to revise that a bit.

      • Peter Wilson
        Peter Wilson  • 8 years ago

        I’d consider making it something like:

        Your real name or a widely used handle is required. Comments using keywords as an attempt to game SEO will lead to the comment being deleted.

  27. Rarst
    Rarst  • 8 years ago

    Why care about real email? For some people it doesn’t make sense to leave their email address anywhere they go and it isn’t faulty logic really.

    I moderate first comments and if you have previously approved comment(s) then you skip moderation. Had to bark once or twice at some aggressive commenters, other than that works just fine.

    Same on real names. What is real name? You can change it to whatever you want even in real world. Online merely makes it more convenient to handle your identity how you find comfortable.

    PS many thanks for not going external comment systems way. They are terrible to the point I first stopped commenting with them and recently even blacklisted some of their scripts so they don’t even load.

    • ap in tallinn
      ap in tallinn  • 8 years ago

      I’d also like to see the reasoning, how does the real e-mail help to get better quality?
      btw, I use a special e-mail address (trash@…) for websites I don’t trust, all mails to this address are trashed in Gmail. But I can find them in trash folder and click a link if required…

    • Joost de Valk

      Hey Rarst, I don’t agree on the email address stance. If you want to leave a comment on my property, I want to have a valid way of contacting you. If one does not want to leave that, well, then he/she just shouldn’t comment :)

  28. quicoto
    quicoto  • 8 years ago

    Great! I’m thinking about installing your Comment Redirect plugin.

    On my blogs I don’t actually have many problems with spam. But I basically follow the rules you just posted (keywords, signatures..)


  29. Barry Adams
    Barry Adams  • 8 years ago

    I like your approach Joost, it’s very comprehensive and encourages real comments from real people. Adds a level of interaction with the commenter as well which I really like.

    I don’t get a lot of comments on my blog (I’m not nearly as popular as you :)) but on the Belfast Telegraph site we went from an anonymous comment system to comments powered by Disqus, which include a comment rating system. This seems to have the desired effect of making comments user-moderated to an extent, and the efforts of setting up a Disqus account tend to work well to prevent comment spamming.

    • Joost de Valk

      Yeah that has its benefits, but Disqus is terribly slow at times and leads to sites being down sometimes, which isn’t worth it in my opinion…

      Also, ratings wouldn’t work as well here I think, as I’d like to rate stuff and not have other people rate comments for me :)

  30. bert boerland
    bert boerland  • 8 years ago

    and something like for example

    • Joost de Valk

      Hmm looks useful too, have you tried it on a recent install Bert?

  31. Mayur (AgentWP)
    Mayur (AgentWP)  • 8 years ago

    I have disabled the links in the comments content as well as for the author name. Thus spammers don’t bother to comment any more.

    • Joost de Valk

      Yeah but that also means you’re not allowing other people to see the “context” of someone’s comment.

  32. Rhys
    Rhys  • 8 years ago

    Hi :)

    Couldn’t agree more with your comments.

    Unfortunately, my blog was once hit as I appeared quite promenantly in one of those “Dofollow” lists out there. So I got a bunch of spammy comments, some either questioning the ethics of being so anal “But people are contributing to my blog!” they’d say.

    One thing I use for commenting – which is a slight plug – is my plugin InComment. This tracks the commenter’s entrance path into the site using a simple cookie, and then when a comment is left, on the base of the email that gets sent, the path is placed at the bottom of the email. So you can see if the commenter arrived by legit means or by searching for “Leave A Comment” +”Wordpress” +”[keyword]” Google search.

    • Ryan
      Ryan  • 8 years ago

      Very cool idea!

      I get the occasional comment where I’m a bit sketchy as to whether it’s a legit comment made by someone who is utterly stupid or it’s a spammer. Your plugin could make sorting the hard-to-tell spam from the stupid comments.

    • Stany
      Stany  • 8 years ago

      I have a few blogs that attract plenty of ‘link hunters’. Akismet is pretty good at eliminating spam but the manual entries have to be moderated.

      A combination of your methods looks like a powerful setup. In the end you only want to keep people who appreciate your blog and add value while being part of your community.

    • Joost de Valk

      Great idea Rhys, now you could have absolutely left a link to that plugin, in fact, I’ll add it for you ;)

      • Rhys
        Rhys  • 8 years ago

        Cheers. Didn’t want to overstep the mark on my first comment :)

Check out our must read articles about Blogging