Why Spam Comments Exist (and How to Stop Them)

WordPress comment spam seems inevitable. No matter what type of website you’re running, if you allow visitors to comment on your posts, you’ll find spam. The more popular your content is, the more you’ll get. These unwanted contributions interrupt the flow of the dialog in your comments section, annoy you and your community, reduce your site’s credibility, and decrease traffic. But why, exactly, do people leave spam comments and what can you do about them?

Why spam comments exist

To generate backlinks for SEO purposes 

It used to be common practice, and a fairly effective one, to post links in comments and forums on other websites to improve search rankings. This stopped being the case years ago when various platforms began using the nofollow attribute, which prevents Google from crediting those links in their search rankings. This doesn’t stop spammers from trying, though. 

To increase traffic and sales on another website 

Those links might not improve SEO anymore, but they can still help people generate more traffic and boost sales. Some comments containing these links are easy to identify, especially if they’re automated, as they’ll usually contain misspellings, use strange words, or be entirely off-topic. 

When left by individuals, though, they can be more difficult to spot and may be relevant, well-written, and even helpful. 

To capture your visitors’ information or direct them to phishing sites 

This is what website owners see the most because much of it is done by bots — software that can send out millions of form submissions and emails in a short amount of time. With this type of spam, you might see a lot of links to websites claiming to sell cheap prescription drugs, online dating services, gambling, and questionable products.

How to stop spam comments

Option one: Manual moderation

discussion settings in WordPress to prevent spam

In your WordPress dashboard, go to Settings → Discussion to review your options for comment moderation. From there, you can:

  • Disable pingbacks and trackbacks. Pingbacks are automatically generated when someone links to your website if both sites have them enabled. A pingback will also contain a link to the site that linked to yours. While this sounds like it might be valuable, it’s extremely susceptible to spam. 
  • Edit other comment settings. Enable “Users must be registered and logged in to comment” and “Automatically close comments older than X days.”
  • Hold comments in a queue. Select “Comments must be manually approved” and/or “Comment author must have a previously approved comment.”
  • Block comments with certain words or phrases. If you see a pattern of words associated with spam comments, you can input them in the Comment Moderation section. You can also send comments directly to the Trash that contain specific keywords, URLs, IP addresses, emails, and more. 
  • Hold a comment if it contains one or more links. Since links in a comment are often an indicator of spam, you can choose to hold all comments with multiple links for moderation. 

After saving your settings, you’ll still need to review comments as they come in and delete spam as you find it. This can take a lot of time, keeping you from the important tasks of content generation, sales, and audience engagement. You also risk accidentally approving spam comments, deleting relevant comments that contribute to the conversation, or lagging behind and allowing spam comments to build up. 

Option two: Automated filtering 

This is a popular option for WordPress site owners because most want to avoid the frustration of tedious manual comment moderation. Here are a few features of an anti-spam tool like Jetpack Anti-spam: 

  • Automated moderation saves you time. Jetpack Anti-spam eliminates the need to manually approve or delete spam comments and automatically filters pingbacks and trackbacks. There are also no cumbersome CAPTCHAs, improving user experience and engagement.
  • Accurate filtering that learns as it goes. No automated system is 100% accurate. But Jetpack Anti-spam is adept at filtering spam right out of the gate, and also learns from user input. If the occasional spam comment slips through and you manually mark it as spam, the system learns from this input. Over time, you’ll see less and less spam.
  • Advanced stats. Identify problem IP addresses and check stats on spam, ham (legitimate comments), missed spam, false positives, and overall accuracy rates. You can view stats by month or by year.
  • Contact form spam prevention. Jetpack also helps prevent contact form spam if you use Jetpack forms, Gravity Forms, or Contact Form 7.
  • Trusted performance with Akismet. Jetpack Anti-spam uses Akismet’s best-in-class spam protection engine to deliver a 99.9% accurate experience. Akismet is a long-established anti-spam plugin for WordPress that’s not only one of the most popular, but also one of the most reliable. Over the past 15 years, Akismet has filtered more than 500 billion spam comments. If you’re only looking for spam protection, this is your best choice. If you’re interested in other security features like backups, malware scanning, brute force attack protection, and downtime monitoring, then Jetpack gives you everything in one package.

Automating spam prevention saves you time, money, and frustration. It also leads to a better user experience and contributes to improved search rankings. 

Ready to start slaying comment spam in your sleep? Get Jetpack Anti-spam and rest easy.This entry was posted in Security. Bookmark the permalink.

Millions of Windows 10 users warned over dangerous ransomware threat

Written By Jeff Parsons.

A fake update allegedly for the Windows 10 operating system is instead hijaking computers with ransomware.

Hundreds of PCs across the world have already fallen victim to the scam, with millions more at risk.

Known as the Magniber ransomware, it appears as a normal Windows security update.

It appears to have started spreading around the internet early last month.

While it can be distributed under different names, the most common appear to be: Win10.0_System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi.

According to victims who have reported the virus to BleepingComputer, it is largely targeting students and non-professional users.

Once a computer has been infected, users are served a warning saying that all their personal files have been encrypted.

The Magniber ransomware drops a README.html document in each folder it encrypts which points users towards the hacker’s Tor payment site.

The website will provide victims with one free file that is decrypted without a charge – but forces them to pay in cryptocurrency to unlock the rest.

It seems the majority of demands have been set at around 0.068 Bitcoins, which equals out to about $2,600 or £2,000.

Microsoft has updated its support pages with strategies for combating the latest wave of ransomware attacks. But unfortunately, it cannot help anyone who has fallen for the scam.

Microsoft advises to use its anti-malware software Windows Defender but notes ‘there is no one-size-fits-all response if you have been victimized by ransomware.

Ransomware is a type of computer virus that takes over a victim’s PC and then locks them out of their own system.

It will often encrypt or steal files from the user until a ransom is paid – often this is asked for in untraceable cryptocurrency.

Ransomware can be small, targeting just a few isolated users, or large – infecting entire companies or governments.

Nowadays, ransomware is common and deployed freely by hackers. It first gained mass consciousness when it brought the NHS to a standstill in 2017.

During that attack, a type of ransomware called WannaCry infected 200,000 computers in over 150 countries.

NHS England reported at least 80 out of the 236 trusts were affected by the cyber-attack and locked out of their systems. In addition, 603 primary care and other NHS organizations, including 595 GP practices, were also affected.

The WannaCry incident ended up costing the UK £92 million, with global costs of the malware adding up to a whopping £6 billion.