Comment Moderation: Fighting Spam and Trolls

A few tips from a long-time blogger.

As any blogger with even a slightly popular blog can tell you, good comment moderation is an absolute requirement to maintain a good, readable blog.

The way I see it, comment moderation serves two purposes:

  • It prevents your blog from being an advertising platform for people who don’t contribute real content. I’m not just talking about obvious spam here, either.
  • It prevents your blog from being a platform for offensive or abusive people who don’t contribute real content. And yes, I am talking about trolls here.

Let’s take a closer look at each of these two points.

Comments by Spammers

There are two kinds of comment spam.

One type — the most prevalent — is mostly automated spam posted by software commonly referred to as spambots. Once your blog gets on the radar (so to speak), automated spam can be quite significant. This blog, for example, attracts more than 500 automated spam comments a day.

This kind of spam is pretty easy to recognize. One type, for example, includes multiple links for things like online gambling, prescription medication, or pornography. The other type puts its link in the comment form’s URL field and then fills the comment field with text that may or may not make sense but has nothing to do with the content of the original post. Here’s an example from my post titled “Five Tips for Composing a More Effective Social Networking Bio“:

I precisely had to thank you so much all over again. I am not sure the things that I could possibly have accomplished in the absence of the entire tricks contributed by you on my problem. It truly was a very frightening case for me personally, nevertheless viewing your specialized manner you handled the issue forced me to leap over delight. I’m just happy for the assistance and believe you are aware of a great job that you’re getting into training other individuals via a site. More than likely you haven’t encountered any of us.

Huh? I get hundreds of comments like this every day.

It should be noted that a lot of this spam appears on posts that may be quite old. This particular one appeared on a post that was 2-1/2 years old. This is one reason why bloggers use plugins to automatically turn off the commenting feature on older posts.

Fortunately, spam prevention tools can detect and catch 99% of this kind of spam. I use Akismet on my WordPress site and it does a great job of catching and corralling this garbage so it never has a chance to appear on my blog. If you’re not using a spam prevention tool and are manually going through this crap, what are you waiting for? Don’t you have better things to do with your time?

The other kind of spam is more insidious. It’s posted by a real person and it looks like a legitimate comment. But its sole purpose is to promote a product, service, or Web site — not to engage you or other blog readers in a conversation about the original post’s topic.

In many cases, the spammer doesn’t put any real effort into his comment. It might contain a sentence or two that’s vaguely related to the post. The spam delivery is in the commenter’s name and URL. Rather than being something like “John” or “Mary Smith,” it’ll be something like “John’s Carpet Service” or “Discount Vitamin Shack.” The URL will be the URL for the site John or Mary want to promote. In most cases, the email address will be something that’s likely fake or never checked for incoming mail — usually a Gmail or Yahoo! account — but sometimes a legitimate-looking email account is included.

To me, this is a gray area — is it a legitimate comment or spam? Considering the content and purpose of the comment should guide you. Your site’s comment policy should help; I’ll get to that in a moment.


A far worse problem these days is what many people refer to as trolls. Trolls are people who post offensive or controversial commentary on blogs or discussion forums. Their goal is apparently to make themselves look smart or superior at the expensive of you or other commenters. By posting comments, they’re “trolling” for an argument — much like a fisherman might go trolling to catch fish.

This is where good comment moderation is vital to your blog.

You see, if you allow offensive commentary — including personal attacks on yourself or blog commenters — you do two things:

  • You discourage legitimate commenters from sharing their thoughts. After all, they could be the victim of the next troll attack.
  • You encourage more trolling activity by current and future trolls. After all, you let one offensive comment out there, you’re likely to allow others. They see your blog as a good place to troll for new victims.

Is that something you really want?

I have seen too many blogs and forums completely devastated by the comments posted by trolls and the offensive and defensive comments posted in response. Back in the early days of the Internet and newsgroups, we used to refer to this as “flame wars.” There’s nothing useful or productive about the comments by trolls or the resulting flame wars. Why allow them on your blog?

The Freedom of Speech Argument

The biggest defense against firm moderation that would prevent trolling activities is that it’s “censorship” and that you’re violating the commenter’s “freedom of speech.” They often use the phrase “First Amendment Rights.”

Let’s look briefly at the First Amendment to the U.S. Constitution:

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances. [emphasis added]

Where exactly does it say that I have to put up with offensive commentary on my blog? All it says is that the government can’t make a law abridging the freedom of speech. I’m not the government, I’m not making a law.

So I don’t think “free speech” is a valid argument. After all, should anyone have the right to say anything they want — no matter how offensive — on your blog?

If people want to spout hate and offensive commentary, they can do it on their own blog.

Creating a Comment Policy

One way to fight back against spammers and trolls is to create and uphold a site comment policy. This policy should clearly state what is and/or isn’t allowed in the comments on your blog. Linking to this policy in an obvious place — or even placing a short version of it right above or below the comment form — will make it clear that you don’t tolerate spam or bad behavior.

Want some examples of good comment policies? Here are a few to give you ideas:

  • An Eclectic Mind. This is the comment policy for my personal blog. It’s a bit wordy — what do you expect from me? — but it does cover all the bases. You might also be interested in another post on my blog, “I Love Blog Comments Here.”
  • Stonekettle Station. Jim Wright doesn’t put up with crap either. That’s the short version of his comment policy. The long version, which address trolls and free speech, can be found here.
  • Whatever. John Scalzi’s comment policy. Simple and to-the-point.
  • Lorelle on WordPress. Lorelle knows more about WordPress blogging than I ever will. Here’s her site’s comment policy. You might also be interested in another post on her blog, “Comments on Comments.”

This topic was also addressed back in 2007 by Lorelle VanFossen in The Blog Herald.

Do you have a site comment policy you want to share with readers here? Post it in the comments for this post.

Maintaining Order

Creating a policy isn’t enough. You also have to maintain it. That means objectively reviewing every comment on your site and deleting the ones that violate the policy.

Yes, deleting them.

My advice is not to edit them, or allow them but reply with a warning, or do anything else. If a comment violates your policy, just delete it.

Don’t even send the commenter an email message telling them that you’ve deleted their message and why. If a commenter lacks the courtesy to be civil and follow your established rules on your blog, does he deserve any courtesy from you?

More important than that is the entire concept of “feeding the trolls.” When you respond in any way to a troll, you encourage more trolling activity. You see, these people just can’t let it go. They see any response as having a victim on the hook and they keep up their trolling behavior.

Ignore them and they will go away. Really.

You need to keep this in mind no matter where you see trolls. If you can’t delete their offensive crap, just ignore it. (Or, if it’s offensive enough, contact the site owner directly and tell him/her what you think and how it makes you feel about their blog/site/forum. A responsible site owner will take care of the problem.)

And if the whole concept of trolls is new to you, I urge you to read the entire “Troll (Internet)” entry on Wikipedia. It’s excellent and it clearly shows how bad these people can be for an Internet community like a blog.

Steps to Take

To sum up, I want to review the steps you might want to take to moderate and control the comments on your blog.

  1. Install and use spam prevention tools. Akismet is the best one (in my opinion) for a WordPress blog. It’s free.
  2. Write and post a site comment policy. Use the ones linked to above to give you ideas.
  3. Set up your blog to require moderation of all comments. On a WordPress blog, you do this in Discussion Settings.
  4. Regularly check for and approve (or delete) new comments. I’ve created a bookmark in my browser to quickly go to the comment moderation panel for each of my sites. I check for comments every morning and sometimes during the day so few comments are ever held in moderation for long.
  5. Resist the urge to respond to trolls on your blog. Don’t respond in comments or in email. You will regret it.
  6. Ignore the comments posted by trolls on other sites and in online forums. Don’t feed the trolls.

Please use the comments for this post to share your thoughts, experiences, and questions about this topic.

Twitter’s Report for Spam Feature

Block and report with one simple click.

Spam has been a problem on Twitter since it became mainstream over a year ago. It’s an extremely frustrating situation for those of us who want to use the service as a social networking tool — to actually meet and interact with other people who we find interesting. We’re the ones who follow up on new followers and actually read incoming @mentions (or @replies) and direct messages.

Report for SpamI’ve urged people to report spammers using the @spam Twitter account. But now there’s a better way: The Report For Spam link on the person’s profile page.

This example shows it quite clearly for a spammer account that began following me today. It’s the last link in the Options area. Clicking the link displays a confirmation dialog to make sure you really do want to block the account and report it for spamming. Click OK and the job is done.

What kind of account activity is considered spamming? The Twitter Support page, “Reporting Spam on Twitter,” lists many examples of what the Twitter folks consider spam. I recommend that you read it if you’re not sure what Twitter spam is.

In this example, the spammer had followed hundreds of Twitter users, likely because they’d tweeted using a keyword the spammer had programmed into a bot. The spammer posted just one tweet, which didn’t make much sense and included a link. I didn’t click the link; it’s never wise to click a link posted by a spam account. (Think candy from stranger.) The link was likely either going to sell me something or attempt to install some malware on my computer.

I’m thrilled about this new Twitter feature. If used consistently by serious Twitter users and acted upon by the folks at Twitter headquarters, we should see a reduction in spam and perhaps a lot of discouraged spammers. Sadly with the proliferation of automated Twitter follow and spamming tools, it’s unlikely that the spam problem will ever completely go away.

Learn it all.But I think that if we do our part to report spammers as they follow or interact with us, we’ll make the Twitter experience a bit more enjoyable for everyone.

PLEASE Report and Block Twitter Spammers

It’s getting completely out of control.

This afternoon, I received @ replies from three different Twitter users who do not follow me, all of which contained spammy content. All three messages were obviously automatically generated based on a key word I’d included in a tweet:

  • Spammer 1 invited me to a “Free Procrastination Seminar” after I used the word procrastination in a tweet.
  • Spammer 2 pointed me and a Twitter friend to a site that sells face masks after I suggested that my friend wear a face mask when cleaning out a dusty hay barn.
  • Spammer 3 pointed me and a Twitter friend to a site that sells MacBook Pro batteries after my friend and I had a Twitter exchange about his MBP battery.

It’s bad enough that everyone and his uncle is trying to use Twitter to promote themselves and their businesses. But now they’ve set up empty Twitter accounts and are using automated tools to send out Tweets that promote their products or services based on key word matches. That means they could be sending out hundreds or thousands of advertising tweets per day, clogging up your Twitter timeline with their crap.

I, for one, am sick of it.

There are two things you can do to help stop Twitter spam:

  • Follow @spam on Twitter. This is a special account monitored by the folks at Twitter. Once you follow @spam, it will follow you back. You can then send direct messages to @spam when you want to report a spammer. For example, you might compose a message like this:
    d spam @spamguy123 is sending me unsolicited advertisements.

    The folks at Twitter investigate legitimate spam complaints. In addition, @spam sends out periodic tweets about using Twitter safely, so you might pick up a few useful tips.

  • Block spammers. If you get followed by a spammer or received an @ reply with spammy content, take a moment to block that Twitter user. The folks at Twitter take blocking into consideration when evaluating spam reports and account activity.

You can learn more about reporting Spam to Twitter here.

Learn it all.Please don’t just ignore the spammers. Do something to stop them. Only if we all act can we get a better handle on the situation. The folks at Twitter hate spam even more than we do. It clogs their bandwidth and stretches the resources of their servers. If we help them identify spammers, they’ll help us by suspending their accounts.

Spread the word.

Blogging Basics: Comment Spam, Part II

Part II: When Comments Go Wrong

In the first part of this series, I explained what comments and pingbacks are and how they can benefit your blog. If you don’t know this stuff, go back and read that first. In this part of the series, I’ll explain how and why the comments feature can go wrong and list three tools for WordPress that can fight it.

Spam, Spam, Spam, Spam

While your blog’s readers like the comments feature because it enables them to participate in your blog, spammers like it, too. It gives them the ability to share their spammy comments and links on your blog.

Comment Spam ExampleComment spam is a terrible problem for bloggers. If left uncontrolled, it can quickly take over your blog by filling post comments with a lot of garbage — some of of obscene — including links to Web sites you probably don’t want to advertise for. Your blog visitors will have to wade through all this junk to find real comments. If the problem is bad enough, the probably won’t bother looking. If the comment spam is offensive enough, they might not visit your blog again.

Pingback SpamComment spam’s close cousin is pingback spam, which is relatively new to blogging. In pingback spam, someone else’s blog links back to yours, placing a pingback link to that blog in your blog. The purpose may be to get your site visitors to come to that blog, or, if you have nofollow disabled, to improve the site’s Google page rank.

Both comment spam and pingback spam can be automatically generated. For comment spam, spambot programs can automatically find comment forms on a blog, fill in the fields, and submit the spam comments. Pingback spam can be created through the use of feed “scraping” tools that pull parts of posts from your blog and posts them to the spammer’s blog, along with a link to yours. Because of automation, so there’s no limit to how much spam can be sent to your blog.

Spam Stopping Tools

Fortunately, there’s help. Many WordPress programmers are out there, fighting the same war against spam that you are. They have the skills to write plugins that can identify spam and quarantine or delete it so it doesn’t appear on your blog.

While there are numerous spam prevention tools out there for WordPress users, I have personal experience with three of them:

  • Aksimet, which is part of and comes as a plugin with self-hosted WordPress blogs, is created and maintained by the folks at Automattic, makers of WordPress. It’s fully integrated into WordPress and is extremely effective. I tell you more about how to set up and use Akismet in Part IV of this series.
  • Spam Karma, by Dr. Dave, is another powerful spam prevention tool. I used this exclusively for a while and it caught all the spam that appeared on my site. The only reason I stopped using it is because I switched to Akismet.

  • Bad Behavior is a plugin by Michael Hampton. It attempts to head off spam by determining whether a hit to a blog post is by a human or a spambot. Spambots are automatically denied access. One side benefit of this approach is a reduction in MySQL activity due to spambot access — that’s why I initially began using it. I used Bad Behavior in conjunction with one of the other spam prevention tools listed here for some time before trusting Akismet to do the whole job. The reason: Bad Behavior sometimes records false positives, making it impossible for certain real people to post comments. This problem occurs rarely, but since Akismet seems to be doing the job on its own, I prefer not to take the chance. (Note to Michael if you stop by to read this: if I got this wrong, please do comment to set me straight.)

I should note here that both Akismet and Spam Karma can “learn” about spam based on how you resolve comments you manually moderate. That’s why it’s important to properly identify any false positives or missed spam.

In the next post of this series, I’ll explain how you can identify comment spam — even when it doesn’t look like spam.

Learn More

Get more from your software.

Learn more about working with a self-hosted WordPress installation — or Check out my WordPress courses on

Blogging Basics: Comment Spam, Part I

Part I: Understanding Comments and Pingpacks

One of the main things that differentiate a blog from a Web site is the ability of readers to interact with what you post. This is done primarily through the use of comments.

Comment Basics

Most blogging software supports reader commenting. Typically, a comment form appears at the bottom of a post. Readers can enter their comments about the post, along with their name, e-mail address, and Web or blog URL. When the form is submitted, the comment is added to the post.

Post with CommentsThe screenshot here shows what a post on my blog, An Eclectic Mind, looks like with a few comments added, as well as a comment form.

Most blogging software packages offer the blogger options for handling comments. WordPress, for example offers several options:

  • Comments can be enabled or disabled by default or set on a post-by-post basis.
  • Commenter e-mail address can be required for a comment to be submitted.
  • Blog registration can be required for a comment to be submitted.
  • Comments can be held for moderation or automatically moderated based on a handful of options, including moderation and blacklist words or phrases.

Pingbacks and Trackbacks

Pingbacks (or trackbacks) are part of the commenting arena. A pingback happens when another blogger writes a post in which he links directly back to your post. He may have quoted your post in his and is linking back to the source. Or maybe he just wants to tell his readers how good your post was and send them over to your blog to read it. If his blogging software supports pingbacks or he has manually entered the link as a trackback, a special comment is sent to your blog with a link back to his blog.

Technically, a trackback is different from a pingback. A pingback is automated. The other blogger’s blogging platform must be capable of creating the pingback comment. Before automated pingbacks were widely supported, blogging platforms included a trackback feature that required the blogger to manually enter a linked post’s URL in a field when creating his post. Nowadays, these two terms are often used interchangeably.

In WordPress, you must have pingbacks enabled for your blog posts in order for WordPress to receive them. Pingbacks can appear with comments or, if the blog’s theme separates comments from pingbacks, they can appear separately. For example, my blog’s theme separates comments and pingbacks under different “tabs.”

Pingbacks look different, too. Instead of including a blogger’s name and comment, they include the name of the post that links to your post and a short excerpt surrounded by [...] characters. Here’s what a pingback looks like on a post in this blog:

Pingback Example

Comments, Pingbacks, and Reader Participation

It’s pretty easy to see how comments encourage reader participation. Comments give readers an opportunity to add or respond to your post. If enough readers comment and you respond, a conversation gets started. Sometimes that conversation can have more value than your original post.

For example, one of the most popular posts on this site is about a change in iTunes that affected how podcasts play back on an iPod. I identified the problem and created a workaround. A bunch of readers commented. One of the readers commented by sharing an AppleScript he’d written to automate my workaround. Another reader fine-tuned that script so it ran more efficiently. To this day, I use that script as my workaround. You can see the post and read the comments here.

Pingbacks also encourage reader participation, but in a less direct way. Suppose you read this post and think that your readers might benefit from it. You write a post on your blog that refers to it and adds your own comments. When you link to this post from your blog, a link to your post appears on this post. So readers reading comments here can go to your post to see what you’ve written about this topic.

Unfortunately, not everyone uses comments and pingbacks as they’re intended. The result is comment and pingback spam. I’ll discuss those in the next post of this series.

Lynda.comLearn More

Learn more about working with a self-hosted WordPress 2.7 installation — or Check out my WordPress courses on

Related Posts:

The following posts on this site are related. This list is not machine-generated.