Block Comment Spam Bots


Comments are processed by the wp-post-comments.php file. Automated spammers (’spam bots‘) can provide (‚post‘) data directly to that page, bypassing any comment processing, by using CURL/WGET commands.

The result is comment spam – and not always caught by common comment spam checkers. Even if it is, processing that spam takes some server resources, including writing to the database.

This plugin adds a simple and changing hidden field value to the comment form. The processing of the comment form is changed to check for that hidden field. If not found, then the normal comment form entry was bypassed by the spam bot, so the comment is discarded. Otherwise, the comment is processed normally.

This is the best solution to block comment spam. We’ve tested it on a site that had 20-40 spam comments a day. With this plugin enabled, there have been none. Not one. Zero. No comment spam during a week of testing, and it continues to block comment spam on our sites.

The Admin, Comments page is modified to show a column with the value of the hidden field. This is an assurance that the comment was not entered via an automated CURL/WGET to the wp-comments-post.php file. A comment that is on the list that does not show the hidden field value was entered manually, and other comment spam blocking techniques might be needed for your site. But you won’t see those blocked comments with this plugin enabled.

An information screen provides a CURL command you can use to test the effectiveness of blocking (or not blocking) direct access to the wp-comments-post.php file.

Current version adds the hidden field to the comment form after a delay to help block bots that are using the comment form to submit.

This provides a total solution to comment spam.


This section describes how to install the plugin and get it working.

  1. Upload the plugin files to the /wp-content/plugins/plugin-name directory, or install the plugin through the WordPress plugins screen directly.
  2. Activate the plugin through the ‚Plugins‘ screen in WordPress
  3. Use the Settings->Plugin Name screen to configure the plugin
  4. (Make your instructions match the desired user flow for activating and installing your plugin. Include any steps that might be needed for explanatory purposes)


Does it really work?

Yep. We’ve tested it on a site that was getting 20-40 spam comments a day. With this latest version, there have been no spam comments. And the protection continued for a full week during our testing. Just like that battery rabbit, it’s still going strong, blocking comment spam.

Does this modify the comment form?

The comment form will look as it always did.

Are there any settings?

Nope. Just an information screen about how it works, including an easy way to test blocking automated comment spam.

What about customized comment forms?

No changes to the visual or operational comment form is made. It just adds a hidden field with a unique value, then checks for that field on submit. Plus it blocks direct posting to the comment processing code.

What about Contact forms?

This plugin doesn’t affect Contact forms; it just works on comments.

But we have a solution for Contact forms – see our site. It works on WordPress and other sites. Takes a small bit of customization for your WP theme, but full instructions are included.

And, like this plugin, it’s entirely free.

So a full solution for comment and contact spam is …?

This plugin, plus the FormSpammerTrap code you can easily add to your site.

You’re welcome!


Für dieses Plugin gibt es keine Rezensionen.

Mitwirkende & Entwickler

„Block Comment Spam Bots“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:


Version 1.5 (1 Jan 2020)
– Changed the styling of the box that shows the CURL command for the site.
– Added an additional image showing a possible result from the CURL command.
– Minor CSS changes.
– Some minor changes to the information on the settings/information screen.

Version 1.4 (29 Dec 2019)
– Added more info to the FAQ area.
– Some more info on the Settings/Info screen.

Version 1.3 (24 Dec 2019)
– Added the storage and display of the hidden field on the Admin, Comments screen. That field can be edited, although not sure why you would want to.
– The addition of a column for the hidden field value will allow you to see if a spammy comment was entered manually. A blank value indicates that the comment was entered manually.
– Added a timed delay to change the value of the hidden field, to prevent automated entry of the actual comment form.
– Added additional information on the ‚Info/Settings‘ screen, including the CURL command you can use to try to automated a comment.
– All function and variable names now have a prefix to ensure that there are no conflicts with other core/theme/plugin functions or values.
– Added CSS files, and images in the assets folder.
– Some minor changes to this readme file for additional information.

Version 1.2 (23 Dec 2019)
– Not released/testing version

Version 1.1 (18 Dec 2019)
– Initial Release (prior versions used in development only)