Many of you are probably facing serious problems with comment spam in WordPress, which is frustrating.


You’ve added an anti-spam plugin, but some pesky spam comments are still slipping through.

So, every layer of protection that you can add will aid in the battle against spam.


In this article, I’ll show you how to add another layer of spam protection, using one of WordPress’ built-in features, called Comment Blacklist

Blacklist comments in WordPress

The Comment Blacklist feature is found in Settings -> Discussion, once you log in to your WordPress Dashboard.

WordPress comment blacklist


In that box, you can add IP addresses and different words, and if those words are found inside the name, email address, links, or content, the comment will be sent to Trash.

You can blacklist words and IPs by adding them one per line.

So, for example, if you want to blacklist some words that are commonly used by spammers, such as viagra, rental, casino, loan, you add them one per line in the Comment Blacklist box, then press the Save Changes button.

WordPress comment blacklist words


I’ve thrown in an IP as an example as well.

Now, when a comment contains one of those words or that IP, it will go straight to Trash.

You can view the comments that are inside the Trash by going to the Comments section and clicking on the Trash link.

Comments section WordPress

Since some words might be used in legit comments, depending on the context, you might want a more mild action to take place, which is to hold comments for moderation, therefore not sending them straight to trash.

The Comment Moderation box is exactly above the Comment Blacklist one, and it works the same.

So, if you wish, you can add the words here, or add a part of them here.

WordPress comment moderation

List of blacklisted words

There are several lists on the net with words that webmasters usually blacklist, but I’ve found a ginormous one on GitHub, which was started back in 2011 and it’s being constantly updated.

It contains over 26.000 phrases, keywords, and patterns that are commonly used by bots and spammers. Here’s the link to the list itself.

Of course, false positives can still happen, so keep an eye out.

I suggest reading the description on GitHub for more useful info.

You might also want to read:

That’s a wrap

Hope you liked the post and found it useful.

Don’t forget to share it in order to help out others!

You can also follow us on Twitter and subscribe to our YouTube channel.

If you want to start your own WordPress blog, or need a website for your business, our WordPress installation service is at your disposal!