Mangcoding

icon chat
Yayan Kurnia Akbar - Tuesday, 4 March 2025 - 8 months ago

Protecting WordPress from Spam Easily Without a Plugin

single image
Photo By Freepik

Hey Guys, in this article, Mangcoding will share tips on protecting WordPress from spam in a simple yet effective way without having to install a plugin on your website. Check out the screenshot below!

mangcoding spam

The comments shown in the blog screenshot above were received in just one month. But finally, there is a solution to address this issue by blocking all comments left by spam bots. So, what are the benefits of using this method?

  • No need to install additional Antispam plugins
  • No more captchas
  • Easy to implement with just three simple steps
Link Mangcoding

Step 1 – Fake Text in the Comment Form

First, you need to determine how the comment form is inserted into the page. There are actually two ways : The HTML form is located in comments.php The form is inserted using comment_form() in a WordPress function

If the comment form is in comments.php

All you need to do is add another textarea input field after the default comment textarea, as shown below :

<textarea id="comment" name="comment"></textarea><!-- default textarea (it will be fake for bots) --> 
<textarea id="just_another_id" name="just_another_id"></textarea><!-- you should add something like this -->
If the comment form is inserted using the comment_form() function

In this case, you need to use the action hook below :

function add_non_fake_textarea_field($default) {
    $commenter = wp_get_current_commenter();


    $default['comment_notes_after'] .= '
        <p class="comment-form-just_another_id">
            <label for="just_another_id">Comment:</label>
            <textarea id="just_another_id" name="just_another_id" cols="45" rows="8" aria-required="true"></textarea>
        </p>';


    return $default;
}


add_filter('comment_form_defaults', 'add_non_fake_textarea_field');

Insert the above code into the functions.php file located in your current theme directory.

Link Mangcoding

Step 2 – Hiding the Fake Field Using CSS

Open a post that contains the comment form. You will see two textarea fields. Then, hide the default textarea, as it will serve as a “fake input” for spam bots. You can hide it however you like. For example :

#comment {
  position:absolute;
  left:-9000px;
}


.hello {
  left: auto;
}

If you’re unsure where to insert it, simply add this code to the style.css file of your current theme.

Link Mangcoding

Step 3 – Blocking Spam Comments

Finally, the last step. This code will block any comment where the default comment textarea is filled. Spam bots are unaware of the “fake field,” so they always fill in the default textarea with name=”comment” or id=”comment”.

Meanwhile, real users never fill it in because it’s hidden from them. Pretty simple, right?
Add the following code to your functions.php file.

function block_spam_comments($commentdata) {
    $fake_textarea = trim($_POST['comment']);


    if (!empty($fake_textarea)) {
        wp_die('Error!');
    }


    $comment_content = trim($_POST['just_another_id']);
    $_POST['comment'] = $comment_content;


    return $commentdata;
}


add_filter('pre_comment_on_post', 'block_spam_comments');

Why Did Antispam Stop Working in WordPress 4.4 and How to Fix It?

In WordPress 4.4, wp-comments-post.php located in your site directory has been modified. Additionally, pre_comment_on_post can no longer replace the fake comment field.

In your site directory, create a file—you can name it stopspam.php, for example. Here is the code for this file :

<?php
    $fake = trim($_POST['comment']);


    if(!empty($fake)) {
        exit;
    }


    $_POST['comment'] = trim($_POST['just_another_id']);


    require(dirname(__FILE__) . '/wp-comments-post.php');
  1. Change the form action attribute to this file (stopspam.php). If you are using comment_form(), it will be easier to do with JavaScript.
  2. Block the default wp-comments-post.php using .htaccess :
<Files wp-comments-post.php> <limit GET> satisfy any order deny,allow deny from all require valid-user </limit> </Files>

That’s the explanation of Protecting WordPress from Spam Easily Without a Plugin that Mangcoding can share. Hopefully, this article is useful and provides new insights for you. If you have constructive feedback or suggestions, feel free to leave a comment or contact us via email and Mangcoding’s social media.

Sumber : Rudrastyh

Link Copied to Clipboard