Right from the day I installed WordPress on my site, I started getting spam comments/trackbacks. I have also prevented anonymous comments. I get the following email whenever a new spam is posted:
New trackback on the post `"<post name>"` is waiting for your approval
`<url>`
Website : jackettl36 (IP: 112.111.173.89 , 112.111.173.89)
URL : <redact>
Trackback excerpt:
<strong>fake OAKLEY sunglasses...</strong>
...
How to prevent such automated spam?
I would recommend you to install and enable Akismet: http://wordpress.org/extend/plugins/akismet/
Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog's "Comments" admin screen.
I would recommend you to use a free captcha service like SweetCaptcha http://wordpress.org/extend/plugins/sweetcaptcha-revolutionary-free-captcha-service/
You can also use an external service to manage your comments like Disqus http://wordpress.org/extend/plugins/disqus-comment-system/
I have good experiences with requiring people to first login before posting a comment. I would also recommend Akismet, but my company is for my own business and Akismet is only free for non-commercial use.
First off - it is near impossible to ensure 100% spam is never received on a public site that allows user submission, the best you can hope for is lowering it as much as you can.... Spam prevention is like a car alarm, it lowers the chances of becoming a victim.
There is hundreds of guides on the net but here's 5 solutions:, I personally just remove the footprints and wam! 99.9% gone.
Captcha
Using a Captcha service on your site can lower the amount of spam you receive but ultimately good spammers use de-captcha api service that costs as little as $0.01 per a decode.
Akismet
Akismet is a good service but sadly some slip though and sometimes even good messages can be flagged as spammy when they are not. I personally would use it, but it doesn't address the actual issue of how the spammers are finding you...
Removal of Footprints
This the most ignored factor and in my honest opinion the best way for a 'normal' site to avoid spam. Spammers don't have a magic list or scrape every site on the planet to find comment fields, they use search engines to find your comment fields. So you can put a stop to this by removing commonly used footprints.
Such as... footprints like:
"Leave a Comment"
"Leave a Response"
"Powered by WordPress"
By removing the above you can stop a lot of spammers finding your site, in order to understand what I'm talking about try this in Google:
Web Design + "leave a reply" + "Powered by WordPress" -"comments disabled"
This will report back Web Design sites, that have a comment box, is powered by WordPress, and does not have comments disabled. Spammers often use scraper bots such as scrapebox to find victims and they use digital footprints.
Renaming of fields
Automated software will often find named input fields, simply renaming these fields can help you confuse their bots.
For example:
<form action="comment">
Name <input type="text" name="name">
Email <input type="text" name="email">
Site <input type="text" name="site"
<input type="submit" value="Submit">
</form>
You could change this too:
<form action="comment">
Name <input type="text" name="RandomString">
Email <input type="text" name="RandomString">
Site <input type="text" name="RandomString">
<input type="submit" value="RandomString">
</form>
As many automated software use standard things such as name="email" and so on.
Removing URL field, and putting URLs straight into spam box
Another simple method of preventing spam or least lowering it, is to remove the URL field from being accessible as well as throwing all comments with URLS in the text field into the spam box.
