Dealing with comment spam with Akismet and Disqus

A barrage of spam - so much fun.

You now run your own website. From content to comments, you have complete control with all the rewards and headaches that come with it.

And it’s the headache of comment spam that you can most easily deal with. Not to be confused with the trolling jerkiness that Web commenting can often become, nor the Viagra-laced emails spam you get daily, comment spam is intended not to harm your site, but rather is targeted at legitimate commenters on your site.

From the moment you first set up your site, you likely started to see items ranging from statements talking about how great your content is with odd Russian email addresses to some gibberish with some sort of ties to medicine to porn. These spam attempts can come from automated bot barrages – the image above from my email was part of a large incursion of more than 150 attempts, almost certainly an automated effort – to disingenuous items written up by actual humans – think about Brent Payne’s discussion and his early days as what amounted to a spam commenter.

While cleaning out some plugins recently I accidentally turned off a key spam-blocker or two, resulting in an email inbox stuffed with those notifications, bursting at the seams with spam comments awaiting moderation.

By taking a couple of easy steps, you should never have to deal with this while running a WordPress-powered site. There are numerous plugins, systems and techniques to squashing spam, these are merely my preferred methods because they’re easy to implement and use and because they work so well. And there are plenty of ways to insulate a non-Wordpress site, but you get to look those up your yourself.

Install Akismet

WordPress has a fine built-in commenting system, but it will do nothing to block spam. If you do nothing else, install the Akismet plugin to help make the good fight.

Akismet is a service that actually runs separate from your site on the developer’s server. By giving it access to your site you allow it to run a check on all inbound comments and trackbacks – when someone links to you.

Each time a new comment, trackback, or pingback is added to your site it’s submitted to the Akismet web service which runs hundreds of tests on the comment and returns a thumbs up or thumbs down. As a result, you don’t have to waste your time sorting through and deleting spammy comments from your blog.

Installation is as simple as loading the plugin and obtaining an API key from Akismet. APIs are Application Programmer Interfaces, bits of code that allow software components to work with eachother and they are becoming increasingly prevalent as apps proliferate the Web in general and specifically the data journalism and publishing arenas. But all you’ll need to know about APIs to use Akismet is that the API key is a number string you’ll be directed to paste into the plugin settings page in your Dashboard.

Akismet, part of the suite of apps from Automattic, which also runs and contributes to, used to require a account – the free version of WordPress – but that is no longer the case. The service is free for individual use. Installing and activating Akismet should be added to your running list of life no-brainers.

UPDATE: Disqus – see below – actually incorporates Akismet into its spam filtration. If you choose to install Disqus, you don’t need Akismet.


There are a number of fine commenting systems and options built in to WordPress, with variations based on themes used. And WordPress comments do require a login with email by the commenters. As you can see from that inbox image, though, email login protocols are hardly robust. And while Akismet is geared toward filtering the nonsense out, Disqus is all about fostering productive communication.

All of you in this class will be familiar with Disqus based off our commenting requirements on the class Tumblr. Beyond a simple comment board though, as you may have noticed, the true strength of Disqus is that it requires real people signing in with either a Disqus account or through various social networking services.

While this does not guarantee spammers won’t converge on you, it does make things much more difficult and cost prohibitive in terms of labor and time investment for them. By requiring a “real person” login, you’ll see commenter’s Facebook pictures, Twitter profile avatars and the like if they log in that way. But no matter which way commenters log in, they will have to create or maintain an account in some form that makes it difficult for spammers to play.

As a side benefit, Disqus offers a fairly rich commenting experience. Tiered, discussion-type comments and rich media embedability help your commenters to make the most of the content experience. There is also a basic rating system. The base system is free, though there are some for-pay add ons, and makes for a great partner to the Akismet spam scrubber.

With both plugins, though, you’ll want to skim through the comments marked as spam to make sure your filtering isn’t catching legitimate commenters in the net.

Why not Facebook Comments?

A growing trend in the news industry is to turn to Facebook for comment moderation. Using Facebook Comments forces readers to log in with a personal Facebook account to take part in forums.

This is a great solution for keeping the trolls at bay and also will help improve and encourage engagement with your Facebook community, including sharing of content.

But what it isn’t geared toward is spam filtration. While Facebook’s Real Name policy is meant to make sure real people are creating accounts, it’s far from foolproof. While this should insulate you from the spambots, it’s not enough to keep driven spammers from setting up fake accounts specifically for commenting.

So, while Facebook Comments helps improve the civility, it is not a spam filter. And rather than just enable Facebook Comments, which requires a Facebook Developer account and creating an app – not as hard as it sounds – Disqus offers the same functionality but isn’t limited to Facebook.

Number of Views:3437