How to Prevent Spam Comments Containing Only URLs in WordPress

Posted on by user
If you’re dealing with a large number of spam comments that contain only URLs, you can implement the following measures to block them effectively.

1. Configure WordPress Settings for Spam Prevention

Automatically Hold Comments Containing URLs for Moderation

  1. Go to WordPress DashboardSettingsDiscussion.
  2. Find the setting “Hold a comment in the queue if it contains X or more links.”
    • Set this value to “1” to hold all comments containing URLs for moderation.

2. Enable Akismet Anti-Spam

WordPress comes with Akismet Anti-Spam, a powerful spam filter that blocks most spam comments automatically.

  • Install and activate the Akismet plugin.
  • Get an API key from Akismet’s website.
  • Enable automatic spam filtering to delete spam comments immediately.

3. Block Comments Containing Only URLs (Add to functions.php)

You can prevent comments that contain only URLs by adding this code to your functions.php file:


function block_url_only_comments($approved, $commentdata) {
    if (preg_match('/^https?:\\/\\/\\S+$/', trim($commentdata['comment_content']))) {
        return 'spam'; // Mark URL-only comments as spam
    }
    return $approved;
}
add_filter('pre_comment_approved', 'block_url_only_comments', 99, 2);
  • Effect: Any comment containing only a URL will be automatically marked as spam.

4. Add Google reCAPTCHA to the Comment Form

To block spam bots, integrate Google reCAPTCHA into your comment form.

  • Install the reCAPTCHA by BestWebSoft plugin.
  • Get your Google reCAPTCHA API key and configure it in the plugin settings.

5. Block Spam IP Addresses

Identify and block spammer IP addresses by adding them to your WordPress Comment Blacklist.

  1. Go to Settings → Discussion → Comment Blacklist.
  2. Add suspicious IP addresses to prevent them from posting comments.

Nginx

server {
    listen 80;
    server_name yourdomain.com;

    # Block specific IP addresses
    deny 192.168.1.100;
    deny 203.0.113.42;

    location / {
        root /var/www/html;
        index index.php index.html index.htm;
    }
}

Apache

Alternatively, block IP addresses via .htaccess:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REMOTE_ADDR} ^192\\.168\\.1\\.100$ [OR]
    RewriteCond %{REMOTE_ADDR} ^203\\.0\\.113\\.42$
    RewriteRule .* - [F,L]
</IfModule>
  • Replace 192.168.1.100 and 203.0.113.42 with spam IPs you want to block.

6. Enable Manual Comment Moderation

  • Go to SettingsDiscussion → Enable “Manually approve comments before they appear.”
  • This prevents spam comments from being automatically published.

7. Modify the Comment Form

  • Remove the URL input field from the comment form to discourage spam.
  • Instead of using wp-comments-post.php, consider replacing it with a contact form plugin that includes anti-spam features.

Summary: The Most Effective Solutions

  1. Enable Akismet Anti-Spam
  2. Block comments containing only URLs (use functions.php method)
  3. Use Google reCAPTCHA for spam prevention
  4. Use Blacklists and Manual Moderation for additional protection