Skip to main content
stop spam-webtechthoughts

6- Ways to stop spam from invading your WordPress blog.

Before stop spam,

First, we will know what is spam?

We can understand spammer or spam bots in a simple definition.

These are computer programs that crawl social networking site, discussion forum and contact us pages of the sites for an authentic email address on the internet.

If you use WordPress CMS and WordPress user registration plugin as well on your site/blog.

This WordPress site/blog needs to stop spam from the spammer.

Whenever e-mail id related to such a domain like [email protected], [email protected], etc. is registered on a website/blog at a regular or irregular interval.

This is called user registration spam or spam bot registration.

WordPress new user registration as spam in WordPress membership site/blog is annoying.

We will discuss here some ways to stop spam in this post.

If you do not need user registration on your blog/site, then disable membership registration.

For this, you have to follow these steps.

Go to the “General” sub-menu under the “Settings” menu of the WordPress dashboard.

Uncheck Membership Anyone can register and click on Save button.

1. Modify default login and admin URLs.

Signup form default URL in WordPress is

Admin login URL is

This kind of default URL is targeted by spam websites or spammers or boat.

These default URLs are programmed to register the fake user on the sign-up form.

Solution: –

The first way to stop spam in WordPress is to modify the default admin and login URL.

This is an effective way to stop spam.

This activity enables the WordPress site/blog make login and admin URL hide from the spammers or spambots.

To implement this, first of all, you have to install a free plugin “Hide My WP-Wordpress Security Plugin” on your blog/site.

First of all, login to your blog/site.

Go to the “Plugin” menu in the Dashboard. Hover the mouse pointer above the “Plugin” menu.

You will see the option of “Add New” Plugin. Click on it.

A new window will open for Adding Plugin. On the top right corner, type “Hide My WP” on the text box in front of Keyword.

You will see “Hide My WP-Wordpress Security Plugin” on the plugin list.

hide my wp

Click on its “Install Now” button.

The “Install Now” button will automatically be converted to “Activate” button once installation complete. Click on it to activate the plugin.

Now click on “Hide My WP” under Setting option.

You will see the setting window for “Hide My WP” plugin.

On the setting window of “Hide My WP” plugin, click on the drop-down menu in front of the permalink tab under second block option “Default article/product sorting”.

url change

The third option “custom mode(custom wp-admin and wp-login URLs)”

Enable all its features. Set the words or characters according to your convenience and click on the Save button.

  • Custom admin URL.
  • Custom login URL.

This way you can stop spam to your website/blog to a large extent by modifying wp-admin and wp-login URLs.

2.Use Google reCaptcha.

Mark D. Lillibridge, Martín Abadi, Krishna Bharat, and Andrei Broder first introduced the concept of captcha, to add spam boats to the AltaVista search engine, by adding spam URL to differentiate human and Spam bot/spammer activity.

This was done to stop spam.

Some text image is displayed in such a way to detect activity difference between Human and Spam bot/spammer.

Human only able to read, not bots.

The text shown in that image is identified and filled on the text box and click on the “verify” button.

Human and Spam bot/spammer is identified in this process.

Google has released the advance version of Captcha reCaptcha in 2007.

In 2012, the image taken from Google’s street view project began to be used with the scanned word of reCaptcha.

A new system was implemented in 2014, in which a user is asked to select 1-3 images from 9 viewed images.

It was further improved in 2017, in which most users did not require interaction.

This is more powerful than Captcha.

Benefits of reCaptcha.

1. Stop spam and brute force attack on the online form of your blog/site.

2. Less hard and easy interaction for the user. is the best captcha site.

This is free service by Google.

To implement Google reCaptcha on your blog/site first, you need to install a free plugin “Uber reCaptcha” on your blog/site.

In this, you will need two keys.

  1. reCaptcha site key
  2. reCaptcha secret key

These two keys will be available at

You need a Gmail account for this.

Login to Google reCaptcha site.

You will see something like this window.

google recaptcha

Fill out the necessary information in this. After this, make a check on “accept the ReCaptcha service” and click on the register button.

From here you will find reCaptcha site key and reCaptcha secret key.

Copy these two keys. Now paste these two keys in the respective boxes in Uber Recaptcha in front of the site key and the secret key.

According to your convenience, configure Uber Recaptcha and click on “Save Changes” button.

3. Keep user’s default role as a Subscriber.

Do you want to get registered your real visitors?

As an example, all new reader must be registered on your blog to comment on your blog post.

To do this, go to the General sub-menu option under the Setting menu in the dashboard.

Check Membership checkbox “Anyone can register” option and set the new user default role as “Subscriber”.


As a subscriber role keeps your blog more secure than other roles.

Because WordPress does not allow a user as a subscriber to access admin dashboard.

Spambot can’t do some bad effects on your blog. If it registers itself as a subscriber.

4. Confirm e-mail via a link.

User e-mail confirmation or activation is a great way to stop spam registration.

Whenever a new user registers their e-mail on a blog/site, the user has to click on a confirmation link sent to their e-mail account to confirm and verify the e-mail account.

e-mail confirmation

Spambot/spammer are unable to do such verification.

A user who does not verify their e-mail account. Such e-mail accounts are placed on the pending mode.

Admin can either manually verify or delete such e-mail.

5. Manually approve a new user.

With the activation of this feature,

Admin has to manually approve all the new user.

Before login and use the desired site the new user has to get approved by the admin.

Admin can delete the account if it seems spammy.

Solution: –

To manually approve a new user via Admin, you have to install and activate a free plugin “New User Approve” on your blog/site.

The screen will display this type of message, whenever a new user will land on your registration page.

user login

After registering his email id, the user has to go to his e-mail account and click on the link sent by blog/site to verify their e-mail account.

After that, the admin has to click on the “Approve New User” option of the dashboard menu to complete the registration process.

This will open a new window of User Registration Approval.

manual user approval

From here admin can approve or deny the newly register user.

In this way, New User can be manually approved by Admin using this plugin.

Admin can deny user registration if he feels any of the e-mail ids is spammy.

This stop spam registration on your blog/site substantially reduce.

6. Use Akismet online spam filtering service.

Akismat is an online spam filtering service, used for spam monitoring, detection and deletion.

It filters spam from posted spam comments and trackback pings.

We all know that having excessive spam comments affects the ranking factor of your blog. It is dangerous to the blog/site security as well.

Akismet is well aware of spam bots, malicious commenting tricks buffer overflow.

Akismet analyzes WordPress comments and trackbacks in its own way.

Whenever something new is added to your site, Akismet performs many tests to analyze whether it is spam or not.

Benefits of using Akismet.

  1.  You do not need to find spam comment and link on your site. This work is automated by Akismet.
  2. Whenever any spammers input spam on your blog, you are given a warning.
  3. It checks and filters comments on site/blog before placing it on your WordPress moderation queue.
  4. As a spam blocker, it blocks spammy comments.
  5. It keeps the historical record of every comment to make the moderation process easier and better.

How to activate the Akismet online filtering service?

To activate the Akismet online filtering service on your site/blog, you need to sign up at Akismet site first.

Create an account by signing up on this site.

It delivers the service in three categories Personal, Bussiness and Enterprise’s plan.

akismet plan

  • Personal: – This plan is done for personal, non-commercial site and blog.
  • Business: – This plan is done on commercial, Bussiness and Professional site/blog.
  • Enterprise: – This plan is done on the publishing network, agencies, host and university site.

From this site, you will receive an Akismet API Key. We will use the Akismet online filtering service to activate on your site/blog.

Copy it to you.

First login to your blog/site.

Click on the plugin => Add New on the Dashboard.

A new window will open. Type “Akismet” on the search plugin field at the top right corner.

You will see the Akismet plugin at the top of search result.


Click on Install Now. After a while, “Install Now” will turn into the “Activate” button. Click on this and activate this plugin.

As you click on the activate button, you will see “set up your Akismet Account” button at the top of the list of installed plugins.

Click on it.


Now you will be asked to enter the Akismet API key on the new window.

After entering the API key, click on the “connect with API key” button.

As you click that button, your Akismet online filtering service will be activated.

I am sharing some resources here which will help a lot in the SEO of your blog.

Final words: –

I hope, after reading this post, you will definitely implement these tricks on your blog.

You will be successful to stop spam and feel safe your blog.

I hope all these tricks will give you a positive experience.

If you like this article and you want to make a comment. Feel free to make a comment. I will be happy to answer you.

Founder , WebtechThoughts

Barun Chandra is technology enthusiast and a blogger. He is fond of technology in depth and writes posts in simple words to make understand easy.

Get Free Email Updates!

Signup now and receive an email once I publish new content.

I agree to have my personal information transfered to MailChimp ( more information )

I will never give away, trade or sell your email address. You can unsubscribe at any time.

2 thoughts to “6- Ways to stop spam from invading your WordPress blog.”

Leave a Reply

Your email address will not be published. Required fields are marked *