Automattic's anti-spam plugin checking comments and form submissions against a global database of spam. Blocks 99.99% of spam.

829 detections
20 websites tracked
Updated 15 Jun 2026

Websites Using Akismet

What Is Akismet?

Akismet is a WordPress anti-spam plugin developed by Automattic, the company behind WordPress.com. Its job is to automatically catch and filter spam in comments, contact-form submissions, and other user-generated content before it ever reaches a site owner's moderation queue. Akismet ships pre-installed (though not pre-activated) with most standard WordPress installations, which has made it one of the most widely distributed plugins in the entire WordPress world. For millions of sites, it is the first and only line of defense against the relentless flood of automated comment spam.

The problem Akismet solves is as old as the open web. Any site that accepts comments or form submissions quickly becomes a target for spam bots that post links to dubious products, scams, and malware. Manually moderating this deluge is impractical, and leaving it unchecked degrades the site, harms its reputation, and can damage search rankings. Akismet automates the entire process, evaluating each submission against a constantly updated global model of what spam looks like and quietly discarding or quarantining the junk.

It is important to be precise about how Akismet works architecturally, because it is unusual among WordPress plugins. Akismet is a WordPress plugin that runs on your own site, but the actual spam-detection intelligence lives in Automattic's cloud. When a comment is submitted, the plugin sends details about it to the Akismet web service via an API call. That service, which learns from spam reported across the millions of sites in the network, returns a verdict, spam or not spam, and the plugin acts on it. So Akismet is a hybrid: a local plugin paired with a centralized, cloud-based detection service that requires an API key to function.

Akismet is not a browser extension, not a standalone application, and not a firewall. It does not block malicious traffic at the network level or protect against hacking; it is specifically a content-spam filter focused on comments and form submissions. It requires an Akismet API key, which is free for personal, non-commercial blogs and paid for commercial sites, reflecting the cost of running the centralized detection service.

The reason Akismet matters when analyzing a WordPress site is that its presence indicates an actively moderated site that accepts user-generated content and cares about keeping it clean. It is an extremely common detection on WordPress sites with comments enabled, and spotting it confirms both the WordPress platform and an interactive, comment-driven site.

How Akismet Works

When a visitor submits a comment on a WordPress site running Akismet, the plugin intercepts the submission before it is published. It packages a set of signals about the comment, the commenter's name, email, website, IP address, user agent, the comment content itself, and contextual data about the post, and sends this information to the Akismet API hosted by Automattic.

The Akismet service evaluates the submission against its global spam model. Because Akismet processes an enormous volume of comments across the entire network of sites that use it, it has a constantly refreshed, collaborative view of current spam patterns: the URLs spammers are pushing, the content templates they use, the IP ranges they operate from, and more. When one site reports a comment as spam, that intelligence helps protect every other site in the network. The service returns a simple verdict to the plugin.

Based on that verdict, Akismet acts. Comments identified as spam are moved to a dedicated spam folder rather than appearing publicly, where the site owner can review them if desired or let them be deleted automatically after a set period. Comments judged legitimate proceed through the normal WordPress moderation flow. Akismet also assigns a status to "discard" the most blatant, pervasive spam outright so it never even occupies the spam folder, keeping the database lean.

Akismet integrates beyond native WordPress comments. Many popular form and ecommerce plugins, including Contact Form 7, WPForms, Gravity Forms, and WooCommerce, offer Akismet integration so that form and order submissions can be checked for spam through the same service. This extends Akismet's protection across the various entry points where spam and fraudulent submissions tend to arrive.

To picture the workflow end to end, imagine a popular blog post that attracts hundreds of comments, many of them automated spam. Without Akismet, the site owner would wake up to a moderation queue clogged with junk links. With Akismet active, each incoming comment is checked against the cloud service in real time. Genuine reader comments appear normally (or await standard moderation), while the spam is silently routed to the spam folder or discarded. The owner sees a clean queue, the readers see a clean comment section, and the spam never sees the light of day. Over time, Akismet's dashboard reports how many spam comments it has caught, often a strikingly large number on any active site.

Because the detection happens server-to-server between the WordPress site and Automattic's API, Akismet's processing is largely invisible to visitors. It does, however, leave a few front-end traces, which is what makes it possible to detect from the outside.

How to Tell if a Website Uses Akismet

Akismet runs mostly behind the scenes, so it is subtler to fingerprint than a visual plugin, but it does leave real traces on pages that include comment forms. StackOptic inspects these server-side, and you can verify them manually. Where the signals are absent, the honest conclusion is that Akismet may still be active but not exposing a front-end marker on the page you are viewing.

Hidden form fields and the Akismet comment marker. On pages with a WordPress comment form, Akismet often injects markup into the form. Historically it has added a hidden field and, in modern versions, JavaScript that records interaction data to help distinguish humans from bots. Looking at the comment form's HTML in View Source can reveal Akismet-related fields or script.

Plugin asset paths. When Akismet enqueues its own assets, the URLs include the plugin directory /wp-content/plugins/akismet/. For example, a script such as akismet-frontend.js loaded from that path on a page with a comment form is a strong, direct signal of the plugin.

The ak_js or akismet field name. Akismet's anti-spam JavaScript sets a timestamped value in a form field (names such as ak_js have been used). Spotting an Akismet-prefixed field name in a comment form is a recognizable tell.

Comment-form behavior. Akismet's modern protection records the time and interaction patterns of comment submissions. While not visible as static markup, the presence of Akismet's frontend script alongside a standard WordPress comment form is the clearest combination.

WordPress confirmation first. Akismet only runs on WordPress, so confirm the platform first via the <meta name="generator" content="WordPress ..."> tag, /wp-content/ and /wp-includes/ paths, and the /wp-json/ REST API, then look for Akismet's specific markers on comment-enabled pages.

Here is how to check each signal yourself:

MethodWhat to doWhat Akismet may reveal
View SourceOpen a post with comments, "View Page Source"Akismet hidden fields or script in the comment form
Browser DevToolsInspect the comment form and the Network tabRequests to /plugins/akismet/, akismet-frontend.js, ak_js fields
curl -sRun curl -s URL on a comment-enabled postAkismet markup and asset references in the raw HTML
WappalyzerRun the extension on the live pageSometimes identifies "Akismet" when its assets load
BuiltWithLook up the domainCurrent and historical Akismet detection where signals appear

A practical command-line check is curl -s https://example.com/some-post/ | grep -i akismet. If that returns asset paths or field names, the site is using Akismet on that page. For broader methodology, see our guides on how to identify a WordPress theme and plugins and how to find out what technology a website uses.

It is worth being candid about the limits. Because Akismet's core work is a server-to-server API exchange, much of what it does is genuinely invisible from the outside. Its front-end footprint appears only on pages that render a comment or supported form, so checking a homepage with no comment form may reveal nothing even on a site that relies heavily on Akismet. Some sites also disable comments entirely while still using Akismet to screen contact-form submissions, in which case the markers live on the contact page rather than on blog posts. The strongest approach is to inspect a page that actually contains a comment or form, combine the asset-path and field-name signals, and treat their absence as inconclusive. Server-side analysis helps by fetching the unmodified HTML of the relevant page directly, without the browser executing and reshaping the form markup.

Key Features

  • Automatic spam filtering. Checks every comment and supported form submission against a global, continuously updated spam model.
  • Cloud-based intelligence. Learns from spam reported across millions of sites, so each site benefits from network-wide detection.
  • Spam folder and auto-discard. Routes spam to a review folder or discards the most blatant junk outright to keep the database clean.
  • Broad integrations. Works with Contact Form 7, WPForms, Gravity Forms, WooCommerce, and more, not just native comments.
  • Detailed stats. Reports how many spam comments have been caught over time through an account dashboard.
  • Status history. Lets owners review and correct verdicts, feeding accuracy back into the system.
  • Lightweight footprint. Offloads detection to the cloud, so the local plugin stays minimal.

Pros and Cons

Pros

  • Extremely effective at catching automated comment spam with minimal configuration.
  • Pre-installed on most WordPress sites, making setup as simple as adding an API key.
  • Backed by Automattic with a vast, network-wide dataset that keeps detection current.
  • Integrates with the most popular form and ecommerce plugins for unified spam protection.

Cons

  • Requires sending comment data to a third-party cloud service, a privacy consideration under regulations like GDPR.
  • A paid API key is required for commercial sites; only personal blogs qualify for the free tier.
  • Focused solely on content spam; it does not provide firewall or hacking protection.
  • Occasional false positives can route legitimate comments to the spam folder, requiring review.

Akismet vs Alternatives

Akismet competes with other anti-spam plugins for WordPress, some of which take a non-cloud approach. The table below compares it with common alternatives.

ProductApproachData handlingBest for
AkismetCloud-based global spam model via APISends comment data to AutomatticSites wanting effortless, accurate comment filtering
Antispam BeeLocal heuristics, no external serviceKeeps data on-site (privacy-friendly)Privacy-conscious sites avoiding third-party APIs
CleanTalkCloud-based, broad form and registration coverageSends data to CleanTalk cloudSites needing spam protection across many entry points
reCAPTCHA / hCaptchaChallenge-based bot detection on formsSends interaction data to providerBlocking bots before submission via a challenge
Honeypot pluginsHidden-field bot traps, no external serviceFully localLightweight, privacy-friendly bot blocking

If a site turns out to use a different anti-spam approach, the same detection techniques apply; when profiling a WordPress site's broader toolset you might also check which contact-form plugin it runs, such as Contact Form 7, since the form plugin and the spam filter are often configured together.

Use Cases

Akismet is most at home on any WordPress site that accepts comments and wants them kept free of spam without constant manual moderation. Bloggers and publishers are the classic audience: an active blog can attract overwhelming volumes of automated spam, and Akismet handles it silently so the comment section stays useful for genuine readers.

It also fits news and media sites with busy comment sections, membership and community sites where user-generated content is central, and any site using a supported contact-form plugin that wants to screen submissions for spam. Ecommerce stores running WooCommerce use Akismet to filter spam and fraudulent submissions through its integration. Because Akismet ships with WordPress, it is also the default first choice for site owners who simply activate what is already there.

Consider a few concrete scenarios. A popular personal blog might receive thousands of spam comments a month; Akismet quietly catches nearly all of them, leaving the owner a clean queue of real reader engagement. A small business running a WordPress site with a Contact Form 7 form might enable Akismet to stop spam enquiries from cluttering its inbox. A community forum or membership site might rely on Akismet to keep discussion threads readable. In each case the common thread is user-generated content that would otherwise be overwhelmed by automated spam.

From a sales-intelligence perspective, detecting Akismet on a prospect's site is a useful signal in its own right. It confirms a WordPress site that actively accepts and moderates user-generated content, which suggests an engaged audience and an interactive, content-driven property. Combined with other detections, it helps build a picture of how a site operates and how it is maintained. Mapping these technology footprints to buyer characteristics is the essence of using tech-stack data to qualify leads, and a near-ubiquitous WordPress companion like Akismet is a reliable confirmation point in that analysis.

Frequently Asked Questions

Is Akismet free?

Akismet offers a free tier for personal, non-commercial blogs, where you can name your own price (including zero) for an API key. Commercial sites, businesses, and sites that display advertising or sell products are expected to use a paid plan, which funds the centralized detection service. The plugin itself is free to install and ships with WordPress, but it does nothing until you connect it to the Akismet web service with a valid API key.

Can you tell if a site uses Akismet for free?

Sometimes. The clearest free checks are to view the source of a page that has a comment form and look for asset paths containing /wp-content/plugins/akismet/, a script such as akismet-frontend.js, or Akismet-related hidden fields (names like ak_js). A quick curl -s URL/post/ | grep akismet reveals these on a comment-enabled page. Because Akismet works largely through a server-to-server API and only marks comment or form pages, the absence of these signals does not prove it is inactive.

Does Akismet protect against hacking?

No. Akismet is specifically a content-spam filter for comments and supported form submissions. It does not function as a firewall, malware scanner, or login-protection tool, and it does not block malicious traffic at the network level. Sites needing protection against hacking attempts, brute-force logins, or vulnerabilities use dedicated security plugins for those purposes. Akismet's scope is deliberately narrow: keeping user-generated content free of spam.

Is Akismet a privacy concern under GDPR?

It can be, because Akismet sends commenter data, including IP address, email, name, and the comment content, to Automattic's cloud service for analysis. Under regulations like GDPR, this constitutes sharing personal data with a third-party processor, so sites are generally expected to disclose Akismet's use in their privacy policy and, where appropriate, obtain consent. Privacy-focused site owners sometimes choose local-only anti-spam plugins specifically to avoid sending data off-site.

Why does Akismet only show signals on some pages?

Akismet's front-end footprint appears on pages that render a comment form or a supported submission form, because that is where it injects its protective fields and scripts. A homepage or a page with comments disabled may show no Akismet markers at all, even though the plugin is active and protecting the comment-enabled posts elsewhere on the site. This is why detection is most reliable when you inspect a blog post with comments open or a page containing a supported form.

Want to identify Akismet and the rest of a site's stack automatically? Run any URL through StackOptic at https://stackoptic.com.