What anti-spam plugins or methods do you prefer most?

This is probably one of the biggest questions I get from WordPress clients, and to be honest, I’m learning about new anti-spam plugins constantly because there are so many out there.

Everyone knows about Akismet, and it does seem to be relatively effective. However, many people I talk with don’t enjoy its reliance on API keys, or think it is not necessary, etc for various reasons.

In my experience Akismet + another “honeypot” type of plugin seem to be a good combination – if you aren’t aware the “honeypot” plugins usually add a simple javascript field that only fires for human visitors, so it can easily cut down on spam bots (however it adds more javascript to your site).

In terms of performance and simplicity, though, what method(s) are you guys using?

CloudFlare claims to learn from WordPress “spam” databases but I haven’t noticed it being effective without various anti-spam plugins also being installed…

WPBruiser has been on my “try this out” list for a while.

1 Like

Spam Destroyer is typically one of the first plugins I install on a WordPress site. It won’t help against automated spam, but in my experience, that’s what 99.99% of the spam comments I see are.

Because of this, I usually don’t bother installing Akismet, but I would imagine it would be a nice complement to Spam Destroyer if I dealt with a lot of manual spam as well.


I’ve never needed anything beyond Akismet honestly.

1 Like

Akismet seems like the most reliable solution because of the company behind it and their ability to keep ahead of spammers, but I don’t like it as a sole solution.

I use Akismet as a backstop to the honeypot approaches that helpfully prevent most spam form submissions from being made in the first place – until spammers get the better of them. Every six months or so that will happen, and then you see Akismet doing a lot more work. At that point I usually look for a better honeypot plugin if the one I’m using isn’t improved.

The honeypot plugins I can use now usually are limited to ones that don’t use cookies (which defeats server side caching) and play well with Postmatic’s Epoch plugin. Currently that means WP Bruiser or WordPress Zero Spam.

Bruiser and Zero Spam are a little overbuilt for my tastes, but they work. They go beyond spam to logging and blocking bad IPs, brute force login protection, etc. I prefer to use Jetpack or some other solution for that.

Jeff Starr’s Block Bad Queries and Black Hole for Bad Bots offer additional protection from spammers and scripted attacks without any significant overhead.


I started switching sites to Cookies for Comments a couple of years ago. Sites that were getting dozens of spam comments a day now get maybe one every few months. Love it.

1 Like

Anti-Spam Bee

I don’t like the whole having to register for Akismet to a third party, even if that is Automattic/WP universe.

1 Like


I created the free WordPress plugin StopBadBots to block bad bots.
You can download it on WordPress repository:

Plugin Developer

1 Like