Hey Dev.to community! π
If you run a WordPress site with comments enabled, you've probably dealt with the nightmare of spam comments. I wanted to share a free, open-source plugin we built to tackle this problem.
The WordPress Spam Comment Problem
Every WordPress site with comments enabled is a target. Bots crawl the web 24/7 flooding comment forms with:
- Link spam β comments stuffed with shady URLs to boost SEO for scam sites
- Keyword stuffing β walls of text targeting pharmaceuticals, gambling, and adult content
- Phishing links β comments designed to trick visitors into clicking malicious URLs
- Gibberish spam β auto-generated nonsense from bot networks
WordPress's built-in spam tools are basic at best. Akismet helps, but it still requires manual review and doesn't give you granular control over what gets deleted and why.
Introducing Injected Spam Cleaner
Injected Spam Cleaner is a free, open-source WordPress plugin built by the security team at Injected.Website. Instead of relying on a cloud API, it gives you 15+ smart filters that run locally on your site β no external service required.
Smart Detection Filters
- Keyword matching β Flag comments containing specific words or phrases
- Link detection β Identify comments with excessive URLs or links to known spam domains
- Pattern recognition β Catch common spam patterns like repeated characters, ALL CAPS blocks
- IP address filtering β Block or bulk-delete comments from known spam IP ranges
- Suspicious behavior detection β Flag comments posted too quickly, from TOR exit nodes, or with spoofed user agents
Bulk Operations
- Delete hundreds or thousands of spam comments in one click
- Filter first, review second β see exactly what will be deleted before pulling the trigger
- Selective deletion β target only comments matching your criteria
Lightweight & Private
- No external API calls β everything runs on your server
- No subscription fees β completely free and open source (GPL-2.0)
- Minimal resource usage β won't slow down your site
Akismet vs Injected Spam Cleaner
Akismet is a good first line of defense, but it has limitations:
| Feature | Akismet | Injected Spam Cleaner |
|---|---|---|
| Cost | Free for personal, paid for commercial | 100% free |
| External API required | Yes | No |
| Smart filters | Basic (spam/not spam) | 15+ granular filters |
| Bulk deletion | Limited | Yes, with preview |
| Privacy | Sends comment data to cloud | All local processing |
| Keyword customization | No | Yes |
| IP-based filtering | No | Yes |
The two work great together β Akismet catches spam before it's published, while Injected Spam Cleaner helps you clean up what's already there.
How to Install
- Download from the GitHub repository
- In WordPress admin: Plugins β Add New β Upload Plugin
- Upload the
injected-spam-cleanerv1-3.zipfile - Activate the plugin
- Navigate to Tools β Spam Cleaner to configure filters
Real-World Result
We used this on a WooCommerce store with 47,000 spam comments accumulated over two years. The cleanup took under 15 minutes:
- Comments with 3+ URLs β 31,000 matches
- Known spam keywords β 12,000 more
- Known bot network IPs β 3,500 more
- Manual review of remaining 500 comments
Security Beyond Spam
Spam comments can be a serious security risk. Malicious links can harm your SEO rankings, expose visitors to phishing, and indicate your site is being targeted by bots.
Need a full security checkup? The team at Injected.Website offers free WordPress security scans.
Get the Plugin
π GitHub: github.com/injectedwebsite/wordpress-spam-comment-remover
π Website: injected.website
Built by Injected.Website β WordPress Security Experts.
Top comments (0)