If you have a blog, you have spam. There is just no way around it. And now hackers can use the comment area to inject malicious files into your site. However, WordPress has some default tools that you can use to combat spam. If you have a WordPress website, this is what you should do:

Fight Spam with WordPress Settings

The first thing to do to fight spam is to configure your Discussion Settings which can be found under Settings in your left hand menu. Approving spam comments can open the gate for more spammers to target your site, so you want to moderate comments if at all possible. Here, there are 6 main areas to help reduce spam.

1. Require name & email I would never allow anyone to comment without filling out their name and e-mail. You may worry that this will reduce the amount of engagement on your site, but this is a standard practice and expected.
2. Allow only registered users to comment If your site is one that has registered users – all the better!  Definitely require them to be logged in before they comment.
3. Close comments on older posts If your blog is time sensitive, you can use this option to close comments older than a few days or weeks.   If your posts are relevant for longer, you may have to keep this unchecked.
4. Require approval You should definitely have this checked if your blog is a small one and you want to keep complete control over your comments. Choose this or #5 so you can approve each comment quickly.  I like to reply to people who comment on my site, so this is a great option for me.    However, if your site is busier, you may have to rely on the options below.
5. Allow trusted users to save time I like to manually approve all my comments, but if a comment author has a previously approved comment, then they can probably be trusted and this can save you a lot of time.
6. Hold comments with links Finally, if a comment has more than 2 links, there is a good probability that it is spam.  Definitely hold those comments for moderation. If you are getting a lot of spam, lower this to 1 to catch more spam. However, you do not want to set this to 0 or you will be sending every comment to moderation.

Fighting Spam with Plugins

If changing your settings doesn’t work, it might be time to use a plugin.

Akismet comes installed on current versions of WordPress by default. That’s a pretty big backing from WordPress. This plugin costs $5 a month if you make any money from your site, such as through an affiliate link, ad, or paid service.

Anti-spam is one of my favorite free options. Just install and activate it. There are no captchas for users to fill out or settings to worry about. It just works.

Captcha is a very simple plugin that not only protects your comments from robots posting, but can also protect your login area from brute force attacks. It adds a simple math question to your comments section (No crazy captcha letters to try to figure out). If you’re not ready for a pop-quiz every time you login, you can choose simple addition and subtraction and disable the multiplication questions. Easy!

Since different sites have problems with different types of spam, the same solution may not work for everyone. You can find many spam plugin options in the Official WordPress Plugin Directory. Be sure to check their reviews to make sure other users consider them effective.

September 17, 2014 Update:
Already have TONS of spam comments? Use the Delete Pending Comments Plugin. Simply install it, and then after activating the plugin, just click “Delete Pending Comments” under the Comments section in your Admin area. Then you will see this:

Simply copy and paste that sentence into the box and click the blue button and all your pending comments will be gone in seconds. Problem solved. Then, add one of the plugins above and you can delete this plugin once it’s done it’s job.

Have you had problems with spam? What did you do?