How to mitigate comment spam on your WordPress site.
Your WordPress installation includes Akismet, a comment spam blocking plug-in from Automattic, the company behind WordPress. Akismet detects and blocks spam with the help of its database, which contains all comments flagged as spam by its entire user base. It will catch most automated spam.
Akismet is not activated by default. To activate it, secure an API key on the Akismet website.
Enable comment moderation
WordPress includes a number of features to combat spam. They can be found under the Settings menu in the main navigation menu. Select the Discussion submenu, then scroll to Comment Moderation.
From this menu, you can limit for the number of links in a comment before it is dropped into moderation. On a low-traffic blog, we suggest you restrict all comments that include a link. On a high-traffic blog with active comment threads, we suggest you leave the default setting of two links intact. Some spam will go undetected, but a lower setting will create a moderation nightmare and irritate your visitors.
Put regular offenders on the comment blacklist
The comment blacklist is located in the same section as comment moderation under the Settings menu in the main navigation menu. The comment blacklist flags any comments including these words as spam.
The comments will not show up on your site, but will instead be held in the database. Holding comments in the database can help cultivate anti-spam plug-ins like Akismet. Be careful when adding words to the blacklist as it will match inside words as well.
Many sites now disable comments, thus preventing the need for moderation. If disabling commenting altogether is a viable option, the Disable Comments plug-in allows you to globally disable comments for the entire site and can even disable comments on multi-site installations.
Restrict comments to registered users
WordPress also allows you to restrict commenting to verified, logged-in users, but we also recommend the Social Login plug-in and the Jetpack plug-in, which allows commenters to validate themselves with social media credentials. This allows visitors to your site to comment on your posts without needing to create an account.