Spam originating from your WordPress website can come from two places.
Comment spam and form submissions.
Unfortunately there is no one magic bullet to stop all spam.
My advice, is to take basic precautions but also to not worry about it too much until you have to.
What is comment spam?
Comment spam is where people comment on your blog posts and leave spammy links to their website.
How to prevent comment spam
The first step to preventing comment spam is to tighten up the rules for who can post comments on your website.
Comment spam can be prevented in several ways.
Use the inbuilt settings (Settings -> Discussion) to limit the control of people who want to comment.
This is enough to stop comments appearing on your website. But, you can still get comments waiting for you to authorise. If this becomes unbearable, the next step is to use the spam prevention settings in your security plugin. I currently recommend iThemes Security Pro. They allow you to add a recaptcha on the comments form. You can read about that spam feature here.
If an overwhelming amount of spam is still getting through you can try the free, well respected plugin Anti Spam Bee
Now, I’m not saying this is going to solve all your comment spam problems but if they still persist after that, you could consider a paid service such as Askimet.
I have clients who use Askimet and they still have to manage their spam comments – so please don’t think it’s a ‘cure all’ service.
I also have clients who have small blogs and get zero spam.
My point is, worry about it when it happens.
Form submission spam
What is form submission spam?
This is where you receive emails that are just plainly spamming you with services and products you don’t really want or need. These emails can be very annoying.
How is form submission spam sent?
There are two ways it can be sent. Manually or automatically.
If it is manual spam, there is absolutely nothing you can do. If there is a real human filling out your contact form then there is no way of stopping that form from being sent. If you get a huge amount of spam from a specific country you could stop showing your website in that country – but this is an extreme measure to take.
If the spam in automated then there is a bot or a program filling out as many contact forms on the web that it can find.
How to stop automated form submissions
Just like comment spam, it isn’t always easy to stop.
The method of reducing spam may depend on how your contact form is built. It may be native to a theme or you may be using a plugin.
First, check with the theme or plugin how they recommend you stop it. Sometimes they have additional plugins or tips you can use for reducing spam.
For example, Gravity forms provide this advice.
If they don’t have any specific advice then you can try adding a Google captcha.
Google captcha V3 is a modern method that doesn’t involve doing sums or clicking images. This isn’t fool proof though. Some spam still gets through but it can greatly reduce it.
Again, how you add this depends on the way your form was built. I use the theme Divi and it’s really easy to add a Google captcha to a form.
If you still get a lot of form spam then it is worth considering paying for Askimet. Just as with comment spam, it’s not a fix all solution but it should go a long way to helping you beat the problem.
Spam is an every day part of having a visible website. Sad but true.
You can take steps to reduce it but it may never fully be eradicated.
This is absolutely something you can put on the back burner and worry about when it actually becomes a problem. That is why I avoid adding extra plugins if there is no existing spam problem.
Do you get a lot of spam? What type is it and how are you combatting it?