CAPTCHA | The Blog Pros

December 15, 2022

How to Add Cloudflare Turnstile CAPTCHA in WordPress

Do you want to add Cloudflare Turnstile CAPTCHA in WordPress?

CAPTCHA and reCAPTCHA can stop spambots, but they’re also unpopular with visitors. By using a non-intrusive technology like Turnstile, you can protect your website from spambots and automated scripts without annoying your visitors.

In this article, we will show you how to add Cloudflare Turnstile to your WordPress website.

How to add Cloudflare Turnstile CAPTCHA in WordPress

Why Add Cloudflare Turnstile CAPTCHA in WordPress?

Spam is a big problem for all websites including WordPress. Spambots can use non-secure forms to send you spammy links, which will make it more difficult for you to do lead generation.

They can also try to break into your site’s login form by using brute force attacks or flooding your site with spam comments that’ll damage the visitor experience and your WordPress SEO.

If you run an online store, then automated scripts may even place fraudulent orders.

Many website owners use CAPTCHA and reCAPTCHA to block scripts and bots. However, a lot of people complain that these technologies deliver a poor user experience, and some even worry about CAPTCHAs stealing their data.

With that being said, Cloudflare has introduced Turnstile CAPTCHA. This alternative technology uses a selection of non-intrusive challenges that often run invisibly in the browser. This allows you to protect your website without asking visitors to complete complex puzzles.

To help keep visitor information private, Cloudflare uses Apple’s Private Access Tokens to test whether the visitor is a real person without collecting extra data.

If you’re using form builders or WooCommerce, then Turnstile also integrates with these third-party plugins. This allows you to add invisible CAPTCHAs across many different areas of your WordPress website.

With that in mind, let’s see how you can add Cloudflare Turnstile CAPTCHA in WordPress. Simply use the quick links below to jump between the different steps.

Install a WordPress Cloudflare CAPTCHA Plugin
Get a Cloudflare Turnstile Site Secret and Site Key
Add Cloudflare Turnstile CAPTCHA to Your WordPress Website
Bonus: Add Turnstile CAPTCHA to Your WordPress Forms
Bonus: Add Cloudflare Turnstile CAPTCHA to WooCommerce

Install a WordPress Cloudflare CAPTCHA Plugin

The easiest way to add Cloudflare’s CAPTCHA to WordPress is by using Simple Cloudflare Turnstile. This free plugin allows you to connect your website to the Turnstile service, and then check that it’s responding to your requests correctly.

First, you’ll need to install and activate the plugin. If you need help, then please see our guide on how to install a WordPress plugin.

Upon activation, go to Settings » Cloudflare Turnstile.

Adding a site key and secret key to a WordPress website

The plugin will now ask you to provide a site key and site secret.

You can get these for free by clicking on the link next to ‘You can get your site key and secret from here.’

Get a Cloudflare Turnstile Site Secret and Site Key

The link will take you to the Cloudflare login page where you can register your domain and create a site key and site secret. This is free, but you will need to create a Cloudflare account using your email address, if you haven’t already.

Once you’re logged into the Cloudflare dashboard, find ‘Turnstile’ in the left-hand menu and give it a click.

This will take you to a screen with some basic information about Cloudflare Turnstile.

If you’re happy to go ahead, then click on the ‘Add site’ button.

Adding a site to the Cloudflare dashboard

On this screen, start by typing in a ‘Site Name.’

This is just for your reference so you can use anything you want.

Adding a WordPress website to the Cloudflare dashboard

Next, type your website’s domain name into the ‘Domain’ field.

The next step is choosing which CAPTCHA widget you want to create. The first choice is ‘Managed,’ which is the method recommended by Cloudflare. This is where Cloudflare analyzes the browser’s request and then decides what kind of challenge it should run.

While this is happening, the visitor will see a loading animation.

Adding a Cloudflare Turnstile CAPTCHA to WordPress

Wherever possible, Cloudflare will try to run a non-interactive challenge in the background, so the visitor doesn’t have to do anything.

In this case, the user will simply see a ‘Success’ message when their browser passes the test.

Creating a managed Cloudflare Turnstile CAPTCHA

Sometimes, Cloudflare may decide that it’s safer to show an interactive challenge instead. However, the visitor will simply need to check a box rather than complete a puzzle, so it’s still easier than the traditional puzzle-based CAPTCHAs.

Unless you have a specific reason not to, it’s smart to use managed CAPTCHAs as this gives you a good level of security with minimum impact on the visitor experience.

How to create a managed CAPTCHA for WordPress

Don’t want to use interactive challenges on your WordPress website? Then you can choose ‘Non-interactive’ or ‘Invisible’ instead.

Non-interactive challenges run in the browser so the visitor doesn’t have to take any action. Just like the managed CAPTCHA, visitors will see the loading animation and a ‘Success’ message when the challenge is complete.

If you choose ‘Invisible’ instead, then the visitor won’t see the animation or success message. This setting allows you to completely hide the CAPTCHA from your visitors, which can avoid confusion and won’t add any clutter to your WordPress theme.

After making your decision, click on the ‘Create’ button.

As soon as you’ve done that, Cloudflare will show your site key and secret key.

Creating a site key and secret key for your WordPress website

You can now add this information to the plugin’s settings on your website.

Add Cloudflare Turnstile CAPTCHA to Your WordPress Website

In your WordPress dashboard, head back to Settings » Cloudflare Turnstile. You can now go ahead and add the ‘Site Key’ and ‘Site Secret’ to your WordPress dashboard.

Adding the Cloudflare secret key and site secret to WordPress

After that, you may want to customize how the CAPTCHA looks on your website, and how it acts. To start, you can open the ‘Theme’ dropdown and choose from light, dark, or auto.

The following image shows an example of how the ‘Dark’ theme looks in the WordPress comment section.

A Cloudflare Turnstile CAPTCHA with a dark theme

By default, Cloudflare Turnstile shows a ‘Please verify that you are human’ message to visitors. You may want to change this. For example, you might briefly explain why the CAPTCHA is so important, or that it will only take a few seconds to complete.

To add your own wording, simply type into the ‘Custom Error Message’ field.

Creating a custom error message for a WordPress CAPTCHA

After that, you can select the forms where you’ll use the Cloudflare Turnstile CAPTCHA.

The options you see may vary depending on the plugins you’ve installed, but by default, you can use Turnstile with all the built-in WordPress forms. This includes the login page, user registration form, and password reset page.

Enabling Cloudflare Turnstile CAPTCHA for the WordPress forms

When you’re happy with the information you’ve entered, scroll to the bottom of the screen and click on ‘Save Changes.’

Now, if you visit your website you’ll see the Turnstile CAPTCHA in action.

Bonus: Add Turnstile CAPTCHA to Your WordPress Forms

WordPress comes with different built-in forms, but you’ll often want to create custom forms. For example, you might replace the default forms with professionally-designed alternatives that better suit your website.

You can also add forms that are missing from the core WordPress software, such as contact forms and online order forms.

Simple Cloudflare Turnstile integrates with the best contact form plugins for WordPress including WPForms and Formidable Forms. This allows you to add the same advanced CAPTCHAs to all your forms, no matter how you created them.

How to add a CAPTCHA to a WordPress contact form

To add a CAPTCHA to any WPForms or Formidable Forms page, simply go to Settings » Cloudflare Turnstile in your WordPress dashboard.

At the bottom of the page, you should see a section for either WPForms or Formidable Forms, depending on which plugin you’re using.

Integrating Cloudflare with WPForms and Formidable Forms

Simply click on either of these sections to expand.

To add the CAPTCHA to all your forms, just check the ‘Enable on all…’ box.

If you’re using a ‘Managed’ or ‘Non-interactive’ CAPTCHA, then you can change whether the loading and success animation appears before or after the form’s ‘Submit’ button.

In the following image, we’re using the ‘After button’ option.

Changing where the CAPTCHA appears in WPForms

To make this change, simply open the ‘Widget Location’ dropdown.

Then, choose either ‘Before Button’ or ‘After Button.’

Changing the location of the CAPTCHA widget

Some forms may not need a CAPTCHA. For example, you might disable the CAPTCHA for forms that aren’t getting many conversions, to see whether this improves your conversion rates. For more information, see our guide on WordPress conversion tracking made simple.

To remove the CAPTCHA, you’ll need to type the form’s ID into the ‘Disable Form IDs’ field.

If you’re using WPForms, then you can get this ID by going to WPForms » All Forms.

The ‘Shortcode’ column shows each form’s ID. For example, in the following image the form ID is 62.

How to disable CAPTCHAs on your WordPress website

If you’re a Formidable Forms user, then head over to Formidable » Forms instead.

On this screen, find the form that you want to exclude and make a note of the number in the ‘ID’ column.

Forms, created using the Formidable Forms WordPress plugin

You can now add these IDs to the ‘Disable Form IDs’ field.

To remove the CAPTCHA from multiple forms, simply separate each ID with a comma.

Disabling the Cloudflare CAPTCHA for multiple forms

When you’re happy with how you’ve set up the integration, don’t forget to click on ‘Save Changes’ to store your settings.

Now if you visit any form created using Formidable Forms or WPForms, you’ll see the Cloudflare Turnstile CAPTCHA in action.

Bonus: Add Cloudflare Turnstile CAPTCHA to WooCommerce

Scripts and bots aren’t just bad news for WordPress blogs and websites. If you run an online store, then spambots and automated scripts might try to register with your store and place fake orders.

Every transaction comes with processing feeds, so fake orders can cost you a lot of money and make it difficult to grow your business.

The good news is that Cloudflare Turnstile also integrates with WooCommerce. This allows you to protect all your eCommerce pages including the WooCommerce login, signup, and checkout pages.

The Cloudflare Turnstile CAPTCHA on the WooCommerce checkout page

To add Cloudflare Turnstile to your WooCommerce pages, simply go to Settings » Cloudflare Turnstile.

Then, scroll to the ‘WooCommerce Forms’ section.

Adding CAPTCHAs to your WooCommerce forms

If it isn’t already expanded, then click on this section.

You’ll now see all the WooCommerce pages where you can add a Cloudflare CAPTCHA. Simply check the box next to each page that you want to protect.

Protecting your WooCommerce store with a CAPTCHA

After that, don’t forget to click on ‘Save Changes’ to store your settings. Now, if you visit any of your WooCommerce pages, you’ll see the Cloudflare Turnstile CAPTCHA.

We hope this article helped you learn how to add Cloudflare Turnstile CAPTCHA in WordPress. You can also go through our ultimate WordPress security guide and the best WordPress membership plugins.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Add Cloudflare Turnstile CAPTCHA in WordPress first appeared on WPBeginner.

January 15, 2021

Useful Regular Expressions for Validating Input in Google Forms

Your organization has a few vacant positions and you are planning to use Google Forms to prepare a pre-interview questionnaire for job applicants. You have created a form and it has all the standard fields where candidates can enter their name, email address, website URL, phone number, zip code and other essential details.

The form is ready for publishing online but before you make it live, how would you ensure that candidates have entered data in the correct format? And even if the format is proper, is the data itself valid? Can you add a CAPTCHA to Google forms to prevent spam bots? Can you include a profanity filter to block people from submitting entries that include obscene words?

When you are expecting dozens, or even hundreds, of responses in your Google Forms, it is always a good idea to have some rules in place and respondents data should be matched against these rules even before they submit the form. For instance, if your form is asking for a person’s year of birth, they should only be allowed to enter a number between 1900 and 2014.

Advanced data validation in Google Forms using RegEx (regular expressions)

Regular Expressions in Google Forms

Google Forms makes it relatively easy to add such advanced date validation rules to individual fields through Regular Expressions (or regex or regexp). Think of them as search patterns and every character entered in a form field is matched against that pattern - the form can only be submitted if the patter and the user-input matches.

Let’s understand this with a real-world example.

Say your Google form expects the user to enter their year of birth. At the time of designing the form, expand the “Data Validation” section below the form field (see screenshot above) and choose Regular Expression from the drop-down. Next select “Matches” in the other drop-down and enter ^(19\d{2}|20[0-1]\d)$ in the input field. The field will now accept input value like 1920, 2010 but would reject other values that fall outside the range.

Regular Expressions for Common Form Fields

A regular expression may appear gibberish but they aren’t so difficult to read and understand if you can know the basic rules of the language. What you see here is a compilation of some useful regular expressions that can be used to validate common form fields like URLs, phone numbers, zip codes, dates, etc.

1. Postal Address - allow only alphanumeric characters, spaces and few other characters like comma, period and hash symbol in the form input field.

[a-zA-Z\d\s\-\,\#\.\+]+

2. ZIP Code - the regex allows ZIP codes in standard formats and it matches both US and Indian zip codes.

^\d{5,6}(?:[-\s]\d{4})?$

3. Date - accept date input in the mm/dd/yyyy or mm-dd-yyyy formats.

((0[1-9])|(1[0-2]))[\/-]((0[1-9])|(1[0-9])|(2[0-9])|(3[0-1]))[\/-](\d{4})

Also see: Get Google Form Data by Email

4. Email Address - the regex below should match most common email address formats, including Gmail aliases that accept the ”+” sign but there’s no perfect solution.

[a-zA-Z0-9_\.\+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-\.]+

5. URL (Web domain) - this is useful for fields that require the user to enter their website address and it even matches the upcoming TLDs like .directory or .restaurant. The other regex matches YouTube URL including those using the youtu.be domains.

https?\:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,}
https?\:\/\/(www\.)?youtu(\.)?be(\.com)?\/.*(\?v=|\/v\/)?[a-zA-Z0-9_\-]+

6. Character Limit - the default text box in a Google form allows users to input any number of characters but you can impose a limit with the help of regular expression. Here we limit the input to 140 characters much like Twitter.

[\w]{1,140}

7. Phone Numbers - these are often a series of numbers preceded by an optional ”+” sign and the area code may be inside brackets.

\+?$?\d{2,4}$?[\d\s-]{3,}

8. Price (with decimal) - if a form field requires users to enter a price of an item in their own currency, this regex will help. Replace the $ sign with your own currency symbol.

\$?\d{1,3}(,?\d{3})*(\.\d{1,2})?

9. Complex Password - only accept a string that has 1 uppercase alphabet, 1 lowercase alphabet, 2 digits and 1 special character. Also the minimum allowed length is 8 characters.

(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9].*[0-9])(?=.*[^a-zA-Z0-9]).{8,}

10. CAPTCHA - Google forms do not offer CAPTCHAs but you can create one using regex. Here’s a simple captcha that requires users to answer a simple question - what is 2+2?

^(4|[Ff][Oo][Uu][Rr])$

Also see: Regular Expressions for Gmail Search

11. Word Limit - If you would like to limit the number of words that a user can type in the input field of a Google Form, there’s a regex for that as well. In this case, we only allow any input that has between 10 to 15 words:

^[-\w]+(?:\W+[-\w]+){9,14}\W*$

November 24, 2020

How To Add Google reCAPTCHA v3 In PHP Contact Form

Google has introduced another and upgraded form of recaptcha called Google reCAPTCHA v3. It gives greater protection from the spam bot or maltreatment in your web structures or web forms. Google reCAPTCHA v3 API works on the premise of spam score which implies that the reCAPTCHA v3 API restores the spam score of each input given by the client action.

Benefits of Google reCAPTCHA v3

This reCAPTCHA v3 is exceptionally simple to utilize as compared to Google reCAPTCHA v2 on the grounds that the client doesn't have to click on the checkbox which is in the Google reCAPTCHA v2. It just ascertains the spam score dependent on the information and client's movement and chooses whether it is a spam action or not.

September 3, 2020

Put the Smackdown on Spammers: 15 Top-Rated WordPress Antispam Plugins

If you have a WordPress site, there’s a good chance you welcome giving your users the option to comment on a blog, register for information, send you an email, or something else. It’s great to have folks communicate with you, but this also opens the door to (gulp!) spam.

Unfortunately, spam comes with the territory, as the WordPress CMS is so popular, it naturally attracts an increased number of troublemakers looking to hack or wreak havoc on your site.

If not dealt with, it can become like swatting mosquitoes away from your WordPress site — annoying and challenging to control.

Dev Man swatting away spam. — Dev Man’s swatting powers demonstrated while on a website without spam protection.

Luckily, there are plugins out there that can come to your rescue and defend your site against spammers, ensuring that only real users you want to connect with get through.

We’ll be looking at 15 top-rated plugins that can help you fight against spam—keeping real engagement flowing and kicking any spammer attempts to the curb.

Each plugin has specific features, and they’re all different. Take your pick. You might want to use just one or combine them as part of a full-proof spam protection strategy.

We’ll also look at ways to combat spam from your WordPress dashboard without a plugin.

15 Top-Rated Anti-Spam Plugins

1. Akismet

Akismet filters through the comments on your blog and marks any suspicious-looking one as spam. When they’re spotted, the comments will be sent to the spam section of the WordPress admin’s comments page.

To use Akismet, you need to get an Akismet.com API key. Keys are free for personal blogs, and there are paid subscriptions available for businesses and commercial WordPress sites. So, depending on what kind of operation you have set up, you can choose accordingly.

With over 5 million active installations, it’s the most popular combat against spam.

2. Defender

Our free Defender plugin is our answer to security and can quickly put the smackdown on spammers. With his powerful firewall, you can block hackers or bots before reaching your site with his defense.

He has IP banning, IP lockouts, 404 detections, the capability of automatically identifying bad acting IPs, and much more. Therefore, you can eliminate spam and anyone up to no good before they have a chance even to reach your website.

With a solid 5-star review and popular with over 30K active users, you’ll want to have Defender in your corner to stop spammers in their tracks.

For more information, check out our article on how to get the most out of Defender security.

3. WordPress Zero Spam

Instead of relying on visitors to prove they’re genuine users with CAPTCHA, the WordPress Zero Spam plugin makes spam bots jump through hoops so your users can enjoy a better user experience. After all, let’s face it, CAPTCHA can be complicated.

It uses AI in combination with effective spam detection techniques and a database of known malicious IPs from across the globe to detect and block spammers.

It can also integrate with popular 3rd party apps, such as Contact Form 7, BuddyPress, WPForms, and more.

Plus, it’s completely free to use.

4. NoSpamNX

NoSpamNX blocks comment spam by creating a field that only bots can see. Then, once bots fill it out, the comment is not published and can either be blocked or completely moved into the spam queue.

Instead of relying on CAPTCHA or calculations to defend you against automated bots, NoSpamNX automatically adds additional form fields to your comment form that are invisible to human users.

When a spambot blindly fills these fields out, the comment doesn’t get saved. Then, you can decide whether to block the spambots or mark them as spam.

5. Stop Spammers

A useful plugin that blocks many forms of spam so you can use fewer plugins is Stop Spammers. This plugin helps block comment and registration spam, spam email, and spambots while also monitoring your login attempts.

It also features over 50 + configuration options for maximum personalization.

Stop Spammers works right away once installed without much to adjust. However, if you’d like more options, there is a Stop Spammers Premium option.

6. FV Antispam

FV Antispam is a powerful and straightforward plugin that moves any spambot comments directly into the trash. It works with Akismet by combatting bot spam while Akismet combats human spam.

It’s a great solution, partially because of the low CPU load. It doesn’t burden your hosting or slow down your server, unlike many other effective antispam plugins.

7. CleanTalk Spam Protection

CleanTalk is a universal antispam plugin. It blocks all bots from the forms on your site. That includes comment and registration spam, along with spam that comes through other forms on your site (e.g. bookings, shopping carts, widgets, etc.).

The one thing it won’t do is block manual spam; however, you’ll see a nice reduction in spam, considering most spam is created with bots. Plus, this plugin scans your site for preexisting spam.

It also includes a firewall, which helps prevent your site from DDoS and XML-RPC attacks.

8. Antispam Bee

Antispam Bee puts the sting on spam by blocking spam comments and trackbacks effectively, without CAPTCHA, and without distributing personal information to 3rd party services.

This free plugin will also schedule spam to be deleted and view stats on the blocked and deleted spam.

It’s one of the more popular options for combatting spam, with over 500K active users and a solid 5-star rating.

9. Titan Anti-Spam & Security

The Titan Anti-Spam & Security plugin has quite a few awesome features to prevent spam; it includes a firewall, antispam, malware scanner, site accessibility checking, and security & threats audits.

It doesn’t use CAPTCHA and includes an algorithm that ensures reliability and accuracy against spambots. It’s very well updated, and it always meets new versions of CMS.

10. Spam Destroyer

Spam Destroyer stops automated spam from bots that are sent to your default WordPress comment form. They make it as effortless as possible to use, because once you install it, it’s ready to go. It’s intended as a drop-in solution with no settings or configuration required.

For a free, simple, and easy to use plugin, Spam Destroyer is a great option.

11. WPBruiser

WPBruiser is a security and antispam plugin that is based on algorithms that identify spam bots without any captcha images.

It takes care of spambot signups, spam comments, and brute force attacks. What’s great is it can stop bots from leaving spam in the first place, eliminating the need to go through and deleting spam manually.

It also integrates with numerous plugins, including Jetpack, Epoch, Postmatic, and more.

12. Analytics Spam Blocker

The Analytics Spam Blocker works a bit differently than our previous plugins that have been mentioned, where it stops spam bots from reaching your site, so the traffic isn’t accounted for in your Google Analytics data. That means that you should only see genuine traffic reflected in your analytics.

A nice feature is you can also easily report referral spam domains with the Analytics Spam Blocker reporting tool.

13. Bad Behavior

The Bad Behavior plugin blocks all incoming traffic from spambots so they can’t access your site. Therefore, it acts as a gatekeeper so that spammers can’t even get to the point of leaving spam.

Bad Behavior is set up to work alongside existing spam blocking services to increase their effectiveness and efficiency. So, if you choose to activate a few spam blocking plugins, this can be an excellent addition to include.

14. Cerber Security

The Cerber Security, Antispam & Malware Scan defends your site against spam, hacker attacks, trojans, and malware.

It has features such as limiting the login attempts when logging in by IP address or subnet, custom login URLs, Cerber anti-spam engine, etc.

All the features that this plugin provides is worth checking out. With a 5-star rating and over 100K downloads, it’s a popular choice.

15. Stop WP Comment Spam

As the name suggests, the Stop WP Comment Spam plugin helps fight spam by automatically detecting comment spam. It does all of this without using annoying questions, quizzes, or CAPTCHA.

All that you need to do to get it working is to install it. This plugin features a free trial, and then there is an option to upgrade to the Pro version, which has features such as protecting your contact forms, the ability to stop fake user registration, run reports, and more.

3 Quick Tricks to Stopping Spam in the WordPress Dashboard

As you can see, to stop spam in your comment section, you have a wide range of plugins at your disposal.

There’s also a way to combat spam directly from the WordPress dashboard.

So, here’s a look at three ways to combat manual spam when a plugin might not be enough or when you want some added protection.

1. Make Users Register

One thing that may help is to make users register. Many drive-by spammers will not want to go to the trouble of registering to leave a quick spam comment. After all, they’re pretty lazy.

Go to Settings > Discussion > Other comment settings and check the box to make users register.

The user must register checkbox. — You’ll check the little box and be all set.

Some bots can attempt to register at your site, and while some may be successful, others will not. So even if some use automated software for registrations, it still puts up a wall that will work at least some of the time.

And if you notice a specific IP address causing trouble, you can block it with, for example, our Defender plugin.

The other thing to consider, of course, is your non-spamming visitors. If forced to register, users may go away. You’ll need to make a judgment call if registration is right for you.

2. Close Comments on Older Posts

Another way to combat spam is to shut the comment section down after a certain amount of time. Shutting down the comments can make sense if you have a highly publicized blog when published, and traffic dies down after a certain amount of time.

Go to Settings > Discussion > Other comment settings and check the box to close older articles’ comments.

From here, you can choose how many days old a post needs to be before shutting down comments.

Not all, but lots of spammers like to leave links on pages at least somewhat related to whatever it is they’re trying to promote. You may have posts that fit that bill, but when you close comments down after a certain amount of days, then the possibility of having comments open on such a post shrinks dramatically.

If you close comments after 14 days and a spammer finds a post from two months ago via search, the comments on that post will be closed by the time they arrive.

Just keep in mind that doing this may hurt non-spamming visitors. Some may want to leave comments on older posts.

That said, most older posts tend not to get many comments. Folks see that the post has some age, and the flow of initial comments has either slowed considerably or stopped altogether.

If you like this method but worry about closing down comments to genuine visitors, you could extend the time allowed for comments.

3. Hold Comments with Links

This setting lets you hold comments with a certain amount of links in the body of the comment.

Go to Settings > Discussion > Comment Moderation and set the number of links you’d like to allow.

Where you'll click to hold comments for moderation. — Want to hold a comment if it has two or more links? No problem!

You can decide how many links should trigger a hold here. Two is the default, but you could change that to one (or anything else).

Keep in mind, changing it to zero will hold all comments. That could get very time consuming to shuffle through them all in that setting.

Like That, Your Spam is Stopped

With all 15 anti-spam plugins mentioned in this post and ways to tweak your WordPress dashboard manually, you should easily combat spam on your site. Your WordPress site will be spam-free before you know it!

Spammers will be moving on to more vulnerable locations, leaving you more time to focus on actual users on your site and less annoyed.

If you’d like some more spam-tastic information, check out our Ultimate Guide to WordPress Spam.

On that note, go out there and put the smackdown on spammers.

September 3, 2020

Put the Smackdown on Spammers: 12 Top-Rated WordPress Antispam Plugins

Unfortunately, spam comes with the territory, as the WordPress CMS is so popular, it naturally attracts an increased number of troublemakers looking to hack or wreak havoc on your site.

If not dealt with, it can become like swatting mosquitoes away from your WordPress site — annoying and challenging to control.

Luckily, there are plugins out there that can come to your rescue and defend your site against spammers, ensuring that only real users you want to connect with get through.

We’ll be looking at one dozen top-rated plugins that can help you fight against spam—keeping real engagement flowing and kicking any spammer attempts to the curb.

Continue reading, or jump ahead using these links:

12 Top-Rated Anti-Spam Plugins
3 Quick Tricks to Stopping Spam in the WordPress Dashboard
Like That, Your Spam is Stopped

Each plugin has specific features, and they’re all different. Take your pick. You might want to use just one or combine them as part of a full-proof spam protection strategy.

We’ll also look at ways to combat spam from your WordPress dashboard without a plugin.

12 Top-Rated Anti-Spam Plugins

1. Akismet

With over 5 million active installations, it’s the most popular combat against spam.

2. Defender

Our free Defender plugin is our answer to security and can quickly put the smackdown on spammers. With his powerful firewall, you can block hackers or bots before reaching your site with his defense.

With a solid 5-star review and popular with over 30K active users, you’ll want to have Defender in your corner to stop spammers in their tracks.

For more information, check out our article on how to get the most out of Defender security.

3. WordPress Zero Spam

It uses AI in combination with effective spam detection techniques and a database of known malicious IPs from across the globe to detect and block spammers.

It can also integrate with popular 3rd party apps, such as Contact Form 7, BuddyPress, WPForms, and more.

Plus, it’s completely free to use.

4. NoSpamNX

NoSpamNX blocks comment spam by creating a field that only bots can see. Then, once bots fill it out, the comment is not published and can either be blocked or completely moved into the spam queue.

Instead of relying on CAPTCHA or calculations to defend you against automated bots, NoSpamNX automatically adds additional form fields to your comment form that are invisible to human users.

When a spambot blindly fills these fields out, the comment doesn’t get saved. Then, you can decide whether to block the spambots or mark them as spam.

5. Hivemind (formerly: Stop Spammers)

A useful plugin that blocks many forms of spam so you can use fewer plugins is Hivemind. This plugin helps block comment and registration spam, spam email, and spambots while also monitoring your login attempts.

It also features over 50 + configuration options for maximum personalization.

Stop Spammers works right away once installed without much to adjust. However, if you’d like more options, there is a Stop Spammers Premium option.

6. CleanTalk Spam Protection

The one thing it won’t do is block manual spam; however, you’ll see a nice reduction in spam, considering most spam is created with bots. Plus, this plugin scans your site for preexisting spam.

It also includes a firewall, which helps prevent your site from DDoS and XML-RPC attacks.

7. Antispam Bee

Antispam Bee puts the sting on spam by blocking spam comments and trackbacks effectively, without CAPTCHA, and without distributing personal information to 3rd party services.

This free plugin will also schedule spam to be deleted and view stats on the blocked and deleted spam.

It’s one of the more popular options for combatting spam, with over 500K active users and a solid 5-star rating.

8. Titan Anti-Spam & Security

The Titan Anti-Spam & Security plugin has quite a few awesome features to prevent spam; it includes a firewall, antispam, malware scanner, site accessibility checking, and security & threats audits.

It doesn’t use CAPTCHA and includes an algorithm that ensures reliability and accuracy against spambots. It’s very well updated, and it always meets new versions of CMS.

9. Spam Destroyer

For a free, simple, and easy to use plugin, Spam Destroyer is a great option.

10. Analytics Spam Blocker

A nice feature is you can also easily report referral spam domains with the Analytics Spam Blocker reporting tool.

11. Cerber Security

The Cerber Security, Antispam & Malware Scan defends your site against spam, hacker attacks, trojans, and malware.

It has features such as limiting the login attempts when logging in by IP address or subnet, custom login URLs, Cerber anti-spam engine, etc.

All the features that this plugin provides is worth checking out. With a 5-star rating and over 100K downloads, it’s a popular choice.

12. Anti Spam

As the name suggests, the Anti Spam plugin helps fight spam by automatically detecting comment spam. It does all of this without using annoying questions, quizzes, or CAPTCHA.

3 Quick Tricks to Stopping Spam in the WordPress Dashboard

As you can see, to stop spam in your comment section, you have a wide range of plugins at your disposal.

There’s also a way to combat spam directly from the WordPress dashboard.

So, here’s a look at three ways to combat manual spam when a plugin might not be enough or when you want some added protection.

1. Make Users Register

One thing that may help is to make users register. Many drive-by spammers will not want to go to the trouble of registering to leave a quick spam comment. After all, they’re pretty lazy.

Go to Settings > Discussion > Other comment settings and check the box to make users register.

And if you notice a specific IP address causing trouble, you can block it with, for example, our Defender plugin.

The other thing to consider, of course, is your non-spamming visitors. If forced to register, users may go away. You’ll need to make a judgment call if registration is right for you.

2. Close Comments on Older Posts

Go to Settings > Discussion > Other comment settings and check the box to close older articles’ comments.

From here, you can choose how many days old a post needs to be before shutting down comments.

If you close comments after 14 days and a spammer finds a post from two months ago via search, the comments on that post will be closed by the time they arrive.

Just keep in mind that doing this may hurt non-spamming visitors. Some may want to leave comments on older posts.

That said, most older posts tend not to get many comments. Folks see that the post has some age, and the flow of initial comments has either slowed considerably or stopped altogether.

If you like this method but worry about closing down comments to genuine visitors, you could extend the time allowed for comments.

3. Hold Comments with Links

This setting lets you hold comments with a certain amount of links in the body of the comment.

Go to Settings > Discussion > Comment Moderation and set the number of links you’d like to allow.

You can decide how many links should trigger a hold here. Two is the default, but you could change that to one (or anything else).

Keep in mind, changing it to zero will hold all comments. That could get very time consuming to shuffle through them all in that setting.

Like That, Your Spam is Stopped

Spammers will be moving on to more vulnerable locations, leaving you more time to focus on actual users on your site and less annoyed.

If you’d like some more spam-tastic information, check out our Ultimate Guide to WordPress Spam.

On that note, go out there and put the smackdown on spammers.

September 17, 2019

How to Install and Setup Facebook Comments in WordPress

Facebook is the largest social network in the world. That’s why some of the top WordPress blogs use Facebook comments instead of the default WordPress comments.

If you are planning to add the Facebook comment system to your WordPress site, then you are in the right place.

In this article, we will show you how to install and setup Facebook comments in WordPress. We will also explain how to display the Facebook comment count on your website.

Pros and Cons of Using Facebook Comments in WordPress

Before we get started with the tutorial, let’s cover the pros and cons of using Facebook comments compared to default WordPress comments.

One of the most obvious benefits is that Facebook comments increase your website’s visibility on Facebook.

When someone leaves a comment on your site, they can check the “Also post on Facebook” option to share their comment with their Facebook friends. This has a huge potential for additional traffic to your website.

Also, spammers will stay away from your website because they won’t receive a SEO backlink by commenting on your posts.

Another benefit of using Facebook comments is that it removes the anonymity factor, so users are less likely to leave spam comments because it’s tied to their Facebook profile.

However, this can act as a major downside as well.

Some users don’t feel comfortable leaving a comment using their Facebook profile because they like the sense of being anonymous.

Another disadvantage of using Facebook comments is that they are not stored or synced to WordPress, whereas third-party commenting systems like Disqus does sync with WordPress.

If you have older posts with default WordPress comments, then those comments may appear before or after the Facebook comments.

However, it is better to remove the WordPress comment system entirely if you are using the Facebook comment system on your site. Otherwise, spammers and bots will use the WordPress comments to spam your website.

Now that you know the pros and cons, let’s take a look at how to install Facebook comments in WordPress.

Setting Up Facebook Comments in WordPress

The easiest way to add Facebook comments in WordPress is by using a WordPress plugin.

We will be using the Lazy FB Comments plugin for the sake of this tutorial. This free plugin not only adds the Facebook comment system to your site, but it also lazy loads the comments to improve page speed.

First, you need to install and activate the Lazy FB Comments plugin. You may follow our guide on how to install a WordPress plugin for detailed instructions.

Upon activation, you need to visit Settings » Lazy FB Comments to configure the plugin.

To use Facebook comments on your website, you will have to create a Facebook app and then add the application ID to the plugin’s settings page.

If you have previously created an app for your site, then you can use that application ID here. Otherwise, you will have to create a new app by going to the Facebook for Developers page.

To get started, you need to register for a Facebook Developer account if you don’t have one. Next, you will have to click on the My Apps link, present at the top-right corner of the page.

A dropdown menu will open up where you need to click on the Create App option. This will open a modal window where you will have to provide your email address and a name for your app.

Once done, you need to click on the Create App ID button. This will open a popup box and will ask you to enter some CAPTCHA letters. Simply fill in the CAPTCHA textbox and then click on the Submit button.

Facebook will now create a new app for you and then redirect you to the app dashboard. You will notice your APP ID displayed there.

Next, you need to tell Facebook how you’d use the App.

Simply click on the Settings » Basic link from the left sidebar, and then click on the + Add Platform button, present at the bottom of the page.

A new popup window would appear on the screen. You need to click on Website to select it as your platform.

This will add a new “Website” section in your app’s settings page where you can enter your website URL.

After saving your settings, you can now copy the APP ID and paste it in the FB Application ID textbox of the plugin’s settings page on your WordPress site.

Once you are done, you need to scroll down and then click on the Save All Changes button to store your settings.

Now you will see a new option to “Moderate Comments” beside the title of this plugin. We will explain how to moderate Facebook comments in the next section.

This plugin also comes with a comprehensive set of options. You can go through the settings to see if there is something that you would like to change.

For example, you can change the Load Comments option to “On Scroll”. This will load the Facebook comment system only when someone reaches the end of the article. This will help you improve page load speed.

Other than that, the default settings should work for most websites.

Now, you can visit any post on your WordPress site to see the Facebook comment system in action.

Moderating the Facebook Comments on Your Website

As the admin of the Facebook app, you will get notifications for new comments when you log in to your Facebook account.

You will also find a link to moderate comments on the plugin’s settings page.

Just like WordPress comments, you can set comment moderation rules on Facebook by clicking on the Settings link. This will open a popup where you need to click on the “Moderation Rules” tab.

From here, you can decide the maximum character limit to be allowed in a comment. You can also set a limit after which the comments will be automatically closed on your posts.

Facebook allows you to add new comment moderators as well. You need to click on the “Moderators” tab and then add the person using the textbox.

Once you are done, you need to click on the Save button to store the settings.

Display the Facebook Comment Count in WordPress

One of the downsides of using the Lazy FB Comments plugin is that it overtakes WordPress comment count functions and outputs a Facebook-branded version of the comment count.

If your theme displays comment count, then this would not look good

If you still want to display the Facebook comment count, then you can do that with the help of a code snippet.

First, you need to connect to your WordPress hosting account using an FTP client and then go to the /wp-content/themes/ folder.

From here you need to open your current theme folder and then locate the single.php file.

Next, you need to right-click on that file and then click on Download.

After that, you should open the single.php file using a plain text editor like Notepad. Once the file is open, look for the code used by your theme to display comment count and carefully replace it with the following code.

<fb:comments-count href="<?php echo get_permalink($post->ID); ?>"></fb:comments-count> Comments

This code snippet will help you to display the Facebook comment count on every post.

Finally, you need to save the file and then upload it back to the current theme folder using FTP.

That’s all! We hope this article helped you install and set up Facebook comments on your WordPress site.

You may also want to check out our guide on how to add Facebook open graph meta data in WordPress or how to get a virtual phone number for your website.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Install and Setup Facebook Comments in WordPress appeared first on WPBeginner.