WordPress Spam Protection Tutorial

Spam protection usually causes a lot of troubles to any website, no matter it based on WordPress, Joomla!, Magento or some other forum platform. Applying security measurements partially guarantees that the website will not be hacked. Of course wordpress spam protection is not just about the installation of a particular plugin, but it also keeping the application and its extensions always up-to-date.

WordPress Spam protection suggestions

A good WordPress spam protection includes several points to cover. Here are mine:

  • Make sure website and its plugins are updated.
  • Pay attention to wp-admin section section and either protect it with password or restrict the access to specifics IPs.
  • Protect any active forms, no matter comments or posts, with captcha feature.
  • Remove the plugins you do not need. I personally think that 5-6 plugins are enough for any WordPress. Building a website with 50+ plugins might be a very bad idea, because it is almost impossible to check and test each plugin for possible vulnerabilities.
  • Your access passwords such as FTP or the wp-admin panel password are strong. Using your pet’s  name as password is not a good option.

In this tutorial I will explain how to protect the forms on your website with captcha plugin. The process is actually easy, but I will provide detailed instructions to be sure the protection is applied successfully and no automated script will be able to post spam-like comments or register additional users.

How to install security plugins

Now let’s login to wp-admin section of your website and click Plugins button located on the left column of the panel. On the next screen click Add New and then type Captcha by BestWebSoft in the search field titled Search Plugins. The next step is install activate the plugins. Note this is randomly selected plugin that I tested and recommend as good one.

When the plugin is installed, click Settings as shown here and make sure that captcha is enabled for all possible forms.

WordPress spam protection

WordPress spam protection

Of course there are some paid options, but in this tutorial we will work with the free ones. At the bottom of the page you will find option to disable capctha for the registered users. I personally would recommend keeping it enabled. If the computer of the user is infected with virus, then the form will protect your website from spam comments. At the same page you will also find captcha adjustment options.

Spam protection basic settings

Spam protection basic settings

Advanced spam protection

As the basic options are set, we can proceed with the Advanced ones shown on this screen shot:

Spam protection - advanced options

Spam protection – advanced options

The image packages are selected by default and it is fine to leave them this way. You will see image enlargement option which can be checked for better user experience. The other option allows you to define captcha code entering time frame and notices upon typing incorrect code.

The other two sections allow you to whitelist particular IP address and add custom style for the main captcha class. If you are sure your computer is not infected with any virus, then you may whitelist your local IP address and skip captcha. The other option that allows you to insert a custom code is also interesting. Using it you can change the layout of the captcha class making it better looking.

WordPress Spam Protection tutorial - basic in advanced protection
Article Name
WordPress Spam Protection tutorial - basic in advanced protection
WordPress Spam Protection tutorial - basic in advanced protection using security plugins
Publisher Name

Do you want to share your opinion?

Your email address will not be published. Required fields are marked *


We are not industry specific. We are WordPress specific. We work with everyone to help them find solutions with their troubles.
If you show us the problem you are experiencing, we will show you how to fix it. It is that simple.

Reported WordPress issues

  1. Wordpress error establishing a database connection when clone to test subdomain
  2. Website functionality automatically start and stop working
  3. Vagrant install box errors
  4. confusion about Blogging copyright
  5. WordPress Custom Posts - Remove Base slug
  6. Wordpress on Azure Linux App Service over https
  7. Caption under image in wordpress not working
  8. How does a “POST / HTTP/1.1” request referred from wp-admin succeed when I don't have Wordpress installed?
  9. Call To Action Button Off Center
  10. How to get list of all cookies being created by a domain

WordPress problems we are working on

  1. Sequential Number Contact Form 7
  2. wordpress - Loading theme post via plugin
  3. Can't get Products div align in Mobile View with CSS
  4. jQuery prev and next toggle gallery wont work inside WP Query Loop
  5. Critical error(s) found in CMS module(s). Debug information is available below
  6. Get Specific Custom Field from Custom Post type by key
  7. how to append html to post in wordpress using api
  8. Array value into list table column in wordpress
  9. Mobile hamburger links are aligned left for some reason
  10. How to redirect all the pages in wordpress to a custom login

Resolved issues

  1. Wordpress replace keywords content wito custom post title and link
  2. load iwordpress admin via iframe
  3. How to link MySQL database to Wordpress?
  4. Wordpress Rest API - invalid nonce with Backbone Client
  5. Properly configuring a Wordpress search filter for custom post meta using wp_query and values sent via the URL
  6. Change hover color on Wordpress Main menu link
  7. Wordpress files modified durning git clone (line endings, filemode or gitattributes did not help)
  8. Real Estate Manager plugin is blocking my page from scrolling [on hold]
  9. jQuery Email Field Validation ISSUE Wordpress
  10. React Native App with WordPress REST API - not allowed to create posts as this user
wppotion - powered by persistence and passion