NEW: Sign up to get freelance writing jobs in your inbox. SUBSCRIBE

How to Identify Blog Comment Spam

Read Time: 9 min

Whether you run a niche blog, a personal blog, or a professional freelance writer blog targeting clients, you're bound to come up against blog comment spam at some point or another. If you open your site to comments, this is simply a reality you have to deal with.

That doesn't mean dealing with the comment spam problem has to be difficult. Yet I frequently read blogs where bloggers not only let comment spam through, but they actually respond to it as if these are legitimate comments.

Let's talk about that -- how you can tell the difference between legitimate comments that should be approved on your blog and spam-style comments that need to be dealt with. Then we'll look at what you can do to avoid or eliminate some of the most common types of blog comment spam.

Why Freelance Writers Should Care About Blog Comment Spam

Addressing blog comment spam before it can go live on your site is especially important when it comes to your freelance writer blog -- the blog on your professional site that you write for clients and prospects.

Here's why:

  • Having blog comment spam on your blog simply makes you look bad to the people you're hoping will hire you. It looks lazy and irresponsible. Those aren't traits clients seek out.
  • Blog comment spam can hurt your site in search engines. While relevant, thoughtful comments add valuable content to a post (which can help your rankings for that page), comment spam often features irrelevant content and links (and you'll often be left with a mess of broken links to clean up later as these spammed sites frequently disappear before too long).
  • You could accidentally expose your readers -- who are your potential clients -- to malicious links included in spammy comments. .

If you use a blog to build visibility in your specialty area, to communicate with freelance writing clients, to market your services, or to improve your professional site's search engine rankings, spam comments aren't a problem you can afford to ignore.

Types of Blog Comment Spam

Now let's take a look at three common types of blog comment spam you might come across, how you can tell them apart from legitimate comments (it's not always easy), and how you can prevent them from going live on your freelance writer blog.

Automated Blog Comment Spam

This type of spam makes up most of the spam comments I get on my blogs. They can be one of the more problematic types (and they can be combined with other types listed below). But they're also one of the easiest to prevent.

Automated blog comment spam is when someone uses a spam bot to automatically post a lot of comments on blogs. This can mean posting a lot of comments all at once on a single blog. Or it can be mass-posting a single comment on many blogs (meaning you might only see one from them).

How to Identify this Kind of Blog Comment Spam

Spam bots are often used to mass-post short, generic, or copy/paste comments, so those are red flags to look for.

For example, "Great post!" is a comment that has absolutely no value. Spammers post comments like those not to flatter you (they don't give a rat's furry little behind about your blog and have never read it). They do it to get a link for an approved comment. This is the most common type of spam comment I see people respond to. Don't fall for ego-bait. If they really think highly of your post and want to bother commenting, they'll add to the conversation.

You'll also see generic comments come through. This can happen when unethical SEO folks try automating semi-relevant comments. So they might try to comment on this blog with a general tip or quote about freelancing or writing, but it's not relevant to the individual post.

Other generic spam comments are in line with the "great post!" short comments, but they say more. This is becoming increasingly popular, where spammers praise a post without actually saying anything about the comment. Again, it's just ego-bait. Even if you fall for these once, you'll learn to identify them quickly as they use very similar templates. For example, one sitting in my spam folder here right now is:

It's hard to find knowledgeable people on this topic, but you sound like you know what you're talking about! Thanks

That's a spam comment. They posted it multiple times, so it was easy to spot. But the generic nature alone means it adds no value and doesn't belong on my blog. They likely posted this to dozens or hundreds of blogs at once. If you're unsure, Google the comment's text (in quotes) and see if it shows up on a lot of other sites. The one above does.

I also mentioned copy-paste comments. These are when spam bots try to make comments look relevant by literally copy-pasting a paragraph from your post into a comment form. So if a comment sounds oddly familiar, that's often why.

What's the point of these mass-comments? It's usually about links. While you might filter comments before approving them, not everyone does. So spammers target a large number of blogs hoping at least some of those links go live immediately and stay on poorly-maintained blogs.

How to Prevent this Kind of Blog Comment Spam

One option for dealing with automated blog comment spam is to use a captcha -- making people type what they see in a picture or having them do a math problem.

But the best way I've found to counter this kind of spam comment is by using a honeypot plugin. What this does is put an invisible field in your comment form. It can be set so the comment is never sent or is marked as spam if the commenter fills out that field.

Legitimate commenters never see that field. So their comments go through, and they don't have to worry about things like captchas.

Bots try to automatically fill out all fields they see, and they see the field in your site's code even though it's visually hidden from your readers. When they fill it out, their comment is rejected.

The best plugin I've used for this, and the main spam plugin I use on most of my blogs, is Anti-Spam.

Malicious Blog Comment Spam

I'm not talking about "mean" comments that you don't like here. When I say "malicious" I mean the spam comments will contain malicious links.

You've probably long since learned to be careful about clicking links in emails. Spammers can create spoof sites that look like they're from your bank, PayPal, insurance company, or other sources you would normally trust. The emails contain a link to take you to the spoof site where they either download malware to your device or get you to use their fake login form so they have your real credentials and can access your accounts (the latter is called "phishing").

To avoid those malicious links, you can simply hover your mouse pointer over the link so the address appears at the bottom of your page or email software (in every one I've used at least). So it's clear if the link will take you to the legitimate website or a fake.

Malicious links in blog comments are similar. They'll often lead your readers to malware.

How to Identify this Kind of Blog Comment Spam

The big difference between malicious links in blog comments and malicious links in emails is that the blog spam doesn't use spoofed sites as often.

It's not like a spammer thinks you'll believe someone from a major bank is commenting on your blog. So there's no well-known brand to compare the links to.

How can you tell then?

Well, you don't want to go clicking on links from unknown commenters, and stumble into some malware yourself. So for this, I highly recommend installing a security plugin.

The Wordfence Security plugin is a good bet. I can't recall who first recommended it to me (either Cathy Miller or Sharon Hurley Hall), but it's what I use on this blog. Among other security features, the plugin can scan the links your commenters leave and alert you to possible malicious links.

How to Prevent this Kind of Blog Comment Spam

Install the Wordfence Security plugin if you use WordPress (or another security plugin if you use a different blog platform).

SEO / Link Blog Comment Spam

You're probably familiar with this kind of comment spam. It's what many of us traditionally think of -- garbage content posted only for links. While SEO spammers are getting more clever, most of this is still easy to identify.

How to Identify this Kind of Blog Comment Spam

A dead giveaway for this kind of comment spam is when the commenter includes a keyword phrase in your name field. That's because they're following old school SEO rules, trying to build quick and easy links using their target keyword as their anchor text (the text that's linked to their site).

Looking through my spam folder for this site right now I can see I was hit by one of these folks using a spam bot (this kind is often automated). I was hit with over a dozen comments where the username is listed as "Pandora Charms," and the comments link to an e-commerce site selling them. My spam plugin caught them in this case.

The SEO spam comments posted by bots are often easy to find. You'll see a lot of them repeating, and they'll use the same link or name repeatedly in a short period of time. But these can also be some of the trickiest spam comments, especially for newer bloggers who aren't used to manual spam yet.

This is when SEO folks (the ones who suck at their jobs) manually enter comments on your blog for their clients. Your honeypots and captchas won't stop them because it's a person commenting just like a legitimate commenter.

Sometimes they'll even try to post a legit-looking comment. It'll be niche-appropriate. It might even be on-point. A few months back I had one here who got a comment by me until I noticed a trend.

That trend was a sudden increase in comments. So I looked into them more to see who they were coming from and where they might have found the blog. Every new comment was relevant, though quite short. They were posted under different names. But then it jumped out at me. They were all coming from the same IP address (which should be listed with each comment in your blog's admin area).

So basically this was someone who wasn't a real reader of the blog. They were being paid to post comments to build links for their clients.

With something like this you have to decide on your personal limits. I have a no tolerance policy. If I catch an SEO person or marketer posting on behalf of others, they're deleted. Then I ban the IP address and every email address used by them so far. For your freelance writer blog where your concern is prospects and clients, I'd suggest the same.

How to Prevent this Kind of Blog Comment Spam

You'll be able to block most of these spam comments using honeypot plugins like the one I mentioned earlier. That's because much of it is automated. But for manual spam, you simply have to pay attention. If you suddenly see increases in comments, take a closer look.

WordPress itself has some great built-in tools that help here too. For example, there's a blacklist feature (under Settings > Discussion) where you can blacklist names, email addresses, and IP addresses. There are two options -- block them completely so their comments are automatically deleted, or blacklist them to a moderation list so their comments will always have to be manually approved. The latter is a better option for problem commenters you don't actually want to get rid of. I recommend the former for SEO spammers.

Some anti-spam plugins also do a good job of blocking these. I'm using CleanTalk now, which is a premium plugin. I'm not a big fan of it for this site in particular, though for most WordPress blogs it should be a good option. They'll send automated spam to your spam folder, and a lot of manual spam is also caught based on spam reports from their other users.

My Preferred Anti-Comment-Spam Strategy

While I use CleanTalk here now (due to compatibility issues with my former plugin and another tool I'm using here), my preferred system on most of my blogs looks like this:

  • I get rid of Akismet (which might have been pre-installed in your WordPress installation). It is woefully inadequate and I've had issues with it preventing legitimate comments from getting through, even to the spam folder.
  • I leave comment links nofollow so spammers don't feel incentivized to build links using my blogs. (That should be your default in WordPress.)
  • I use the Anti-Spam honeypot plugin. This stops the vast majority of spam, as most of it is from bots.
  • I actively use WordPress's built-in blacklists for any manual spammers. Spam once, and they're filtered. (WordPress Admin > Settings > Discussion)
  • I also use a built-in WordPress setting that requires approval for a commenter's first comment. The first goes to moderation. Once I've approved them, their future comments go live automatically. This makes sure I see all manual spam before it has a chance to get on the blog. (You can choose to always moderate all comments, but that feels like overkill to me, and a waste of time.)

Almost no spam has gotten through here. The worst came years ago from a colleague who was overly aggressive their own SEO and marketing, spamming their link all over the place on other writing blogs. Those you can deal with manually, and they don't happen often.

A perk of the Anti-Spam plugin I use on all of my other blogs is that bot-posted spam doesn't go to your spam folder (where you would need to sort through them periodically to make sure no legitimate comments got caught up in the mix). They never get into your site's database in the first place.

That's it. It's a simple system. That plugin is free. The WordPress default settings are easy to change. And by doing this, not only can you protect your professional freelance writer site from spammers, but you can save time in managing your blog. Give it a try.

Do you have favorite tools or methods for dealing with blog comment spam? Tell me about it in the comments. Just, you know... don't spam.

16 thoughts on “How to Identify Blog Comment Spam”

  1. Thanks for spelling out your anti-spam approach, Jenn. I use many of the same plugins, but forgot – duh! – about the built-in WordPress blacklists. I’ve been blocking IPs in WordFence.

    This is also an excellent resource for me to share with new clients to help them separate fake comments from real ones. πŸ™‚

    Reply
    • Thanks Sharon. That’s one thing I love about the writer community. Comments on blogs like these tend to lead to real conversations. So the link spam and ego-bait are easier to sort out. I’d hate to be getting started as a blogger now in another niche.

      Reply
  2. A few years back, a friend was excited to be getting comments on her new blog. One glance and I knew they were spam, but she insisted they were legitimate. Then I said, “If they’re real comments, why are they so vague?”

    I hope it clicked with her, but I doubt it.

    Reply
    • It’s unfortunate. New bloggers want comments because it can feel like a form of validation… that we’re not just talking to ourselves. It’s not the easiest lesson to learn when you’re starting out. But better sooner than later I suppose, when damage is done to real reader trust, rankings, or you end up linking somewhere malicious without realizing it.

      Reply
  3. Ah, yes, I remember my early days when Comments were everything. I naively responded to a comment that asked me what design I was using as he found it so fabulous. Another high dashed. πŸ˜€

    Reply
  4. So far Akismet has worked quite well for me, but I’ve heard complaints similar to yours from other bloggers.

    I also moderate comments from people who haven’t yet had a comment approved.

    Reply
    • Unfortunately there’s no way to know if Akismet is causing the problems it did for me unless someone who tries to comment happens to go out of their way to tell you they commented and it didn’t show up. Most folks aren’t likely to do that. I didn’t dig into it more until I’d gotten multiple complaints, which was a mistake on my part. The first few came from a heated post where people only told me because they were angry, thinking I’d censored their comments when I hadn’t. They just didn’t exist in the system. A while later a colleague I knew well said the same thing, letting me know they commented but it must be caught in moderation (though it wasn’t). Not in the pending list. Not in the spam folder. Just didn’t exist. That was when I dug more and found out other bloggers had discovered the same. So just be aware of it I guess. Unless you luck into it happening to someone you know or someone who thinks it’s worth the effort to contact you privately about it, it could be happening and most bloggers wouldn’t even know. I wish I knew if there was a common tie with those comments that might have triggered the issue, but it seemed totally random, and I have no idea how many others were affected.

      Reply
    • Oh, I hope not Anne! πŸ™ I actually had a conversation about that with another writer on Twitter a while back and promised a post on why I always recommend keeping comments open. (Honestly, as a reader, I usually quit reading blogs that take them away.) Will try to post that over the next week or two, with a point of trying to sway you. πŸ˜‰

      Reply
  5. Hi Jen,

    I once had a website where I let everyone post comments without restrictions. Although it was bad for the website, I find it quite interesting that it still get good rankings despite the spams. It was an experiment and the spams provide free content for the website despite all the links they added in their comments. It even ranked number one for the keyword “naruto shippuden games” at that time and was earning through adsense. It stayed at the top for the said keyword for two years but then Google sanctioned me because of some copyright issues but not because of the spams. I eventually stopped the website because it is getting ugly. One thing I learned though, spam comments do have some benefits but still, the negative effects far outweigh the positive ones. Cool stuff by the way. Cheers!

    Regards,
    Farrell

    Reply
    • Hi Farrell,

      It might have been that you had enough legitimate comments to help with keyword relevance or something similar SEO-wise. It could also be a result of the time, depending on when that site was live. (Remember, there was a time keyword-stuffing worked too — Google changes its rules all the time, and the link quality issue became a bigger deal fairly recently.) It’s also possible you had other positive ranking factors that simply outweighed the irrelevant comments left on your site. There’s no single ranking signal that’s going to determine everything — though it would be great if we had a simple formula to follow sometimes, wouldn’t it? πŸ™‚

      My general rule is focus on readers first. I first learned SEO from a major media brand I was working with about 12-13 years ago, and then I was fortunate enough to have some respectable SEO firms as PR clients. What was nice about that is they were able to teach me more about SEO, and I was able to teach them about visibility, authority, and reputation. And through years of work and testing, we really did find the trick to ongoing and sustainable search engine rankings was focusing on readers. Not post lengths. Not keyword stuffing. Not quantity. But making a site a true resource. Nothing else led to more natural links (they were able to spend much less time intentionally trying to build links because of our thought leadership work for their clients). And nothing else protected sites more from Google’s constantly-changing algorithms. As a bonus, doing that also helped build subscribers and social media interactions (I was an online PR and social media consultant — one of the earliest — so this was a big part of what we worked on together). So it diversified clients’ traffic sources enough that even if there was a major Google upheaval, clients’ traffic never totally tanked.

      Just some things to keep in mind. Focus on readers first. That includes being careful about what you expose them to (such as malicious links in spam comments). More comments can absolutely have benefits. But the higher the quality, the more they’ll help, and the less they’ll put your site at any kind of risk. πŸ™‚

      Reply
      • Hi Jen,

        Yes, the site was old and was made like 7 years ago and yes Google has made a lot of changes to its algorithm since then. 5 years ago, one of my sites got a page rank of 3 from 0 in just one month but now, I am having a hard time reaching that on my new website. I do focus on my readers now and always provide quality contents. Although the start is slow, my traffic is increasing bit by bit each day. I know it will have better results in the future. Good luck to both of us.

        Regards,
        Farrell

        Reply
        • Do you mean PR or search results rankings. If you mean PR (and for those not familiar with page rank), Google doesn’t update that publicly at all anymore. So if you’re using an old browser plugin or something, you’ll never see it increase no matter what it really is on the back-end, visible only to Google.

          If you just mean rankings, stick with it. It depends a lot on your niche and how specific the queries are, as I’m sure you know (again, more for the benefit of newer folks). I can still rank highly-specific sites quickly on the first page. But others targeting broader niches have a much tougher time (including this one, which never recovered after I royally screwed up some structural changes and redirects during a big rebranding and site merger). Other old sites have done better. Some worse. Same with new. It’s hit or miss sometimes because it’s so competition-dependent. But stick with it, outlast some of them, and you’ll eventually work your way up.

          Reply
    • I’m not sure if they’ll work together or conflict, so just be careful with that. I think when you download CleanTalk it’s a 7-day free trial or something, so I’d use that alone first to see if it’s worthwhile for you or not. The only reason I even tried it was because this is an open-membership site and the forum was getting slammed with spam for a while. So I needed a plugin to prevent bot registrations on top of comments. Now that I’ve closed the forum, I may rethink that for the New Year. Anti-Spam alone has been a real gem on every other blog I own.

      Reply

Leave a Comment