“Cool post. I wrote one similar at [insert link here]. Check it out!”
“Great idea, [user name]. I wrote about this at length on my blog [insert link here].”
“Thanks! [insert link here]”
And my personal favorite: “[insert link here] [insert link here] [insert link here]”
See something you recognize? Of course you do. Anyone who runs an online community of any sort has dealt with spammers. Whether it’s a community run through blog comments or a WP forums-based community, the spam can be ridiculous. Users sign up, throw a boilerplate reply into every thread, and are never seen again. It’s not too hard to stop that kind of WordPress forum spam these days, though.
Preventing WordPress Forum Spam
Spammers tend to be pretty nefarious. We hear a lot of stuff about botnets, machine learning, AI algorithms, and so much more all the time. The folks who end up giving the world so much WordPress forum spam are people who want to get backlinks to their shady sites in any way possible, or to trick people into heading to their online virus incubators in hopes of being today’s lucky winner! or something just as enticing.
In general, there are a couple of preventative measures you can take that are so simple that setting them up may take you no time at all.
Don’t Remove rel=”nofollow”
This one literally takes no time. WordPress automatically adds rel=”nofollow” to any links to comments. Don’t use a plugin to remove it. That’s it. Just leave it alone.
That way, people won’t spam you with comments like the ones above just to get backlinks because you’re offering them low-hanging fruit. And yes, there are ways to use search engines to find WP comments that are dofollow. No, I won’t tell you how.
Keep your Forums Password Protected
If you’re running forums where you can password protect the forum content itself, do it. I don’t mean lock posting behind being a registered user (that can lead to a number of issues in terms of spam registrations), but locking the forum content itself behind a password.
You can do it in different ways depending your forum software. If you have something like WPForo that uses standard WP pages in it, you can always use the Password Protection option under the display options before publishing.
This way, even if you have people trying to register to your site, they can’t actually spam your forums since they can’t access it. (Your real members can get the PW emailed to them or something like that.)
Plus, if Google can’t crawl the page (and it can’t because you didn’t give Big G the password), nothing inside gives away link juice. So the dofollow/nofollow stuff doesn’t even apply.
Use Forum-specific Measures
Some forums like bbPress and BuddyPress (that are basically an official WordPress forums because they’re made by Automattic) have tons of built-in features that you can tweak to help prevent the nasty WordPress forum spam they know is coming. You can often forums to private and hidden (no-index, too) and close topics and forums except for certain member ranks.
For lots of software, you can even add editing/posting limitations based on time. That way, a spambot can’t post a topic or reply that gets past any filters, then go in and edit their reply once you stop paying attention to include their underhanded links, malicious code, etc.
Check your particular forum’s software and make sure you take advantage of any built-in protections they offer. Any minor inconveniences they may cause (like a shortened window for editing posts) are totally offset by preventing an insurgence of spambots into your community. bbPress itself has a whole codex entry all their anti-WordPress forum spam features. (They take this stuff seriously, apparently.)
Plugins and External Protection
Spammers are pretty savvy, even if they’re despicable. They often find ways to circumvent the security measures we put in place, and most software companies can’t quite keep up. That’s why WP being open-source is awesome because not only does that open up the software itself to a plethora of security updates across multiple companies, but it also gives those same companies a platform to release their products as plugins to us as quickly as they can get them shippable.
WordPress forum spam gets hit pretty hard by some of these plugins. Which means you should totally look into them.
Stop Signup Spam
This one’s cool. The plugin itself is simple: when someone signs up for your site, it runs an API call to the Stop Forum Spam database (yes, one exists, and it’s awesome), and if the user/spambot who’s trying to ruin your day is listed, they don’t get to register. Good stuff, right?
For now, the developer shows support for the core WP registration form, GiveWP, Restrict Content Pro, and MemberPress — all of which are major players in the WP forums scene.
After some drama in 2017 regarding it’s free version, WP-SpamShield relaunched itself as a premium plugin. It only costs $28 USD, so that’s not really much for the security it can provide you. The biggest boon for this plugin is not just that it protects you from a ridiculous amount of spam from behind the scenes (without nasty CAPTCHAs and questions and UX-breaking drudgery).
WP-SpamShield has a great reputation, and it supports integration with nearly every form, registration, membership, and forums software you can think of. The part that I am personally impressed by is how they handle the flagged users. The plugin page says that when something is “blocked as spam, the user is given instant feedback and has a chance to correct” whatever was wrong. That’s how it’s done, y’all.
When your users are treated like people, they feel appreciated. When spambots are treated like people, they…keep being spambots and get blocked from your forums.
Yep, you read it right. Akismet. The default, spam-fighting plugin that comes with each and every new WordPress installation. You definitely, absolutely want this puppy running in the background of your site. Why’s that?
Because it’s proven to work. And because it’s been proven to work, most reputable WordPress forums integrate with it natively. Heck, both bbPress and BuddyPress have dedicated Akismet pages on their respective codices that spell out exactly how the software natively interacts with Akismet.
And because it’s a native (if optional) part of Core, almost every other major forum has it integrated, too. As well as the other major spam blockers. So you rarely run into a conflict between different styles of blocking and filtering (like you do with the Jetpack anti-spam filtering, which is why that one’s not included here, but it is an option you can look into). If your secondary form of protection does happen to have a conflict, most of them have a way to disable Akismet integration without your having to disable Akismet itself.
With all that in mind, it’s probably a good idea to activate Akismet on your site. What have ya got to lose besides a few thousand spambots?
Spam Will Never End
If it were possible for someone to completely eradicate spam from the internet, I am fairly certain the person who discovered how would win the Nobel Peace Prize. It would be that much of a humanitarian effort. However, since that’s about as likely as faster-than-light space travel, we are stuck figuring out which plugins and practices can filter out as much WordPress forum spam as possible.
No single tool can do it alone. You will probably need to double-up, if not triple-up, on the measures you take as your communities grow larger and larger. Thankfully, there are lots of options out there. If one doesn’t work, just experiment with something else. You’ll find something that works best for you and your community.
What are the most effective methods you’ve found for fighting WordPress forum spam?
Article featured image by Malchev / shutterstock.com