How To Disable WordPress Comments & Protect The Website From Spam Attacks

Many website owners monitor traffic statistics. As a website owner or administrator, you do the same. And from time to time, you may see a sharp increase in external traffic. Of course, it’s great: people seem to like the content you post. But then you monitor the results more carefully and notice that most of the traffic comes from suspicious resources. Besides, weird comments start to pop-up in different parts of the website. Something like this: “hey, I’ve just discovered this amazing lipstick for $1” along with the link to the product. It means that you’ve been attacked by spambots. Why do you need to protect a website from bots? Why do you need to disable WordPress comments? Check out this article to learn all about it.

Why It’s Important to Prevent Spammers from Permanent Access

Usually, when website owners see first spam comments, they simply remove it. That’s not the best solution, because:

  1. Bots can visit your page dozens and hundreds of times a day. So traffic statistics are not accurate. And it’s hard to analyze visitor behavior.
  2. Numerous visits by spammers overload the server. Probably you won’t even notice single visits. But when there are hundreds of visits, real users suffer from slow page speed.
  3. Many bots not just bombard your website with spam, but search for vulnerabilities too. Thus, hackers can get access to the admin dashboard.

Spam protection

There are several ways to protect your website from spam.

  1. Free plugin. It helps to disable WordPress comments posted by bots.
  2. .htaccess file. It blocks access for all resources with suspicious IP-addresses.

Disable WordPress comments

If your website suffers from spam comments, you need to disable WordPress comments. By default, all comments on your website are stored and pending. As you can see from the example below, there are 42 spam comments waiting for approval:

How to disable WordPress comments and protect the website from spam

You can remove WordPress comments manually. But there are high chances that spam comments will come back. You can use a plugin – Disable comments. Install it on your WordPress website. Open Settings => Disable comments.

How to disable WordPress comments and protect the website from spam

Open the General tab. There you can choose what comments to disable – everywhere or on certain post types.

How to disable WordPress comments and protect the website from spam

The screenshot above shows that all options have developer notes and tooltips.

This plugin helps you to protect the website on the long-term perspective. And you should also remove all spam waiting for approval. Do that in one click. Go to Comments cleaner => Remove all comments => Delete.

How to disable WordPress comments and protect the website from spam

Our developers recommend using additional plugin features and disable XML-RPC protocol as well. We’ve discussed why this protocol is so dangerous in this article. Just press ON, and it’s done.

How to disable WordPress comments and protect the website from spam

Use .htaccess to Block Spammers on the Website

This way you’ll block users with suspicious IP-addresses from accessing the website. The list of suspicious IP-addresses is configured by you. It helps to protect websites from hacker attacks, unwanted ads, and incorrect data in metrics. However, .htaccess doesn’t fully protect from spambots. Spammers change IP-addresses regularly. Plus they can share IP-addresses with real users. So these users won’t be able to access your website as well.

However, if you willing to take the risk, follow the guides below:

  • Find the .htaccess file in the root directory. You can do that from the hosting settings.
  • If this file is missing, create a new file in Notepad and save it as htaccess.txt in the root directory. Then rename it as .htaccess.
  • Open the file and copy the following text:
Order Allow,Deny 
Allow from all 
Deny from XXX.XXX.XXX 
Deny from XXX.XXX.XXX

Replace X with IP-addresses you’d like to block. You’d have to add items to the list and modify it regularly.

If you don’t succeed in following these instructions, consider asking the hosting provider team to help.

What Option to Choose?

Storing suspicious IP-addresses in the .htaccess file to block spambots is quite a rough approach. First of all, this way you’ll block real users with the same IP-addresses. Secondly, hackers may have numerous IP-addresses, which make adding them to the list a pointless waste of time.

Another way to handle the issue is a plugin to disable WordPress comments. It helps to get rid of spam, in case your website has been attacked by bots. Objectively, that is the most effective solution.

Scroll to Top