Disclaimer: Any products/services mentioned or recommended below are suggestions based on our own experiences. We have no affiliation with any of the products or services mentioned and you should always thoroughly and independently research your options to decide what is best for you.
Pretty much all website’s are in a constant state of war against spammers. And where there is a will, there is unfortunately often a way when it comes to spammers polluting your website with fake comments and fake user accounts.
The purpose of these fake comments and accounts is to create backlinks back to their own websites as often as they can, on as many websites as they can. The websites these spammers are trying to promote may contain malicious malware that they are trying to fool people into downloading, or they may be advertising something illegal or dangerous. Whatever the case may be, it’s a very good idea to put some protection in place on your own website, to minimise the amount of spam that gets published on the front-end of your website.
Of course, the busier your website is, and the more engagement it encourages from your users, the harder it can be to moderate the content that visitors are publishing on your website. Larger sites are better to invest in higher-grade, paid solutions, such as Akismet, which are designed to handle such situations. However, for the average website, they may not be able to justify the cost of such software, though still want to have some protection in place.
Thankfully, there’s a great free option for WordPress websites, and it only takes a few minutes to put in place!
First of all, you’re going to need to grab the Captcha by BestWebSoft plugin. Once this plugin is installed on your website, you’ll need to create a recaptcha account with Google so that you can grab your Site Key and Secret Key to fill in on the plugin’s settings page. You can use an existing Google account to do this, or create a new one. To generate your keys, this guide outlines the steps you’ll need to follow in Google. At step 5, choose reCAPTCHA V3 – keeping in mind V3 may be outdated in time, so you may need to choose an even later version if there is one there.
Once that’s done and you’re connected to the Google recaptcha engine, the hard part is all over! Now, we need to do a few quick configurations to optimise the plugin. This will ensure it is protecting your site as comprehensively as possible. We’d recommend the following settings at the time of writing this article:
On the settings tab of the Captcha by BestWebSoft plugin:
- Make sure the reCAPTCHA version matches the version you chose when you created your reCAPTCHA profile in Google.
- Enable reCAPTCHA for everything except the login form. The login form is less necessary, as this won’t prevent spam comments or account creations. It will only help to prevent malicious login attempts – but you should already have a security app in place handling this. When this is the case, having reCAPTCHA on your login form becomes a bit unnecessary and an annoyance to your legitimate users, so it’s just best left off.
- Hide reCAPTCHA for all user roles. This stops your legitimate, logged-in users from being presented with captcha challenges unnecessarily. You may find you need to tweak this in time to include/exclude certain roles on your individual site.
- Remove the message from the “Whitelist Notification” field – it’s generally not necessary.
Optionally, you may also want to uncheck the “Pro Options” box on the “Misc” tab. This hides all of the features you can’t use on the free version, although you may prefer to explore these options first, in case you decide they are worth the upgrade for your website.
And that’s it! With the above configurations in place, your WordPress website will be largely protected against spam comments and spam account creation, without the expense of high-grade anti-spam software.
As an additional step, you may wish to check through and delete any existing spam comments via the “Comments” link in the left-hand WordPress admin menu. Similarly, you may wish to check through and delete any spam/suspicious user accounts under “Users”.
As always, if you have any questions about this post or our shared hosting, VPS, reseller or dedicated server plans, simply call us on 1300 MY HOST (694 678) during business hours, or submit a ticket through our Support Portal and one of the crew will be in touch!