Spam comments are one of the most common problems in WordPress.
They clutter your database, slow down your site, and can even contain malicious links that hurt SEO.
You can easily block spam comments without using any plugin by tweaking a few built-in WordPress settings and adding small snippets of code.
Option 1: Limit Number of Links in Comments
Step 1. Create a child theme
If you have not created a child theme yet then first create a child theme
Visit to know : How to create child theme in WordPress
If you have already created a child theme then ignore step 1.
Step 2 : Add following code to functions.php of your child theme
Most spam comments include multiple URLs.
Add this simple PHP snippet to your child theme’s functions.php file:
// Automatically mark comments with more than 1 link as spam
function limit_comment_links($approved, $commentdata) {
$max_links = 1;
$comment_content = $commentdata['comment_content'];
if (substr_count($comment_content, 'http') > $max_links) {
return 'spam';
}
return $approved;
}
add_filter('pre_comment_approved', 'limit_comment_links', 99, 2);This automatically marks any comment with more than one link as spam. You can adjust it by changing the value of ” $max_links “ as per your choice.
$max_links = 1;Step 3 : Disable HTML in Comments (Optional)
Spammers often use hidden HTML or scripts. Disable it completely by adding this code in your child thme’s functions.php file:
// Disable HTML tags in comments
add_filter('comment_text', 'esc_html');
add_filter('comment_text_rss', 'esc_html');
add_filter('comment_excerpt', 'esc_html');This ensures only plain text is accepted — no links or code injections.
Step 4: Disable Comments Entirely (Optional)
If your site doesn’t rely on comments, you can simply disable them.
Add this snippet to functions.php file of your child theme:
// Disable comments site-wide
add_action('admin_init', function() {
// Redirect any user trying to access comment page
global $pagenow;
if ($pagenow === 'edit-comments.php') {
wp_redirect(admin_url());
exit;
}
// Remove comment metabox from dashboard
remove_meta_box('dashboard_recent_comments', 'dashboard', 'normal');
// Disable comments and trackbacks support
foreach (get_post_types() as $type) {
remove_post_type_support($type, 'comments');
remove_post_type_support($type, 'trackbacks');
}
});Option 2: Disable Comments on Old Posts
Spammers usually target older posts.
You can disable comments automatically after a set number of days:
- Go to Settings → Discussion
- Check the box “Automatically close comments on posts older than X days”
- Set it to 30 (or even 14) days for best results.
- Save changes.
This prevents bots from spamming your older, high-traffic articles.
Option 3 : Allow Comments Only from Logged-in Users
You can make it harder for bots by allowing comments only from registered users.
- In the same Settings → Discussion panel,
- Tick “Users must be registered and logged in to comment”
This alone blocks 90% of automated spam bots.
Option 4 : Hold Comments for Manual Approval
Even genuine comments should go through moderation before appearing publicly.
- Under Before a comment appears, check:
- “Comment must be manually approved”
- Save changes.
Now, all comments go to the Pending queue for your review.
Option 5 : Block Spam Words & Links
WordPress lets you automatically hold or block comments containing certain words.
- Scroll down to Comment Moderation section.
- Add common spam words like:
viagra
casino
free money
loan
http:
https:3. You can also use the Comment Blacklist section to instantly trash such comments.
Tip: Even adding “http” here will block most link-based spam.
Extra Tips
Avoid showing the “Website” field in the comment form (spammers love that).
Use reCAPTCHA only if needed, but preferably stick to pure code for a plugin-free site.
Delete spam regularly from Comments → Spam to keep your database clean.
By using these small tweaks and code snippets, you can block 99% of spam comments in WordPress without installing a plugin.
Your site stays faster, cleaner, and more secure — exactly how WordPress was meant to be.
Leave a Reply