JNofollowREL · TARGET · JOOMLA 4 & 5

Practice · Knowledge

How do I secure links in comments and user content?

The economics are simple: as long as a comment link passes value, posting comment links scales as a business – which is precisely why nofollow was invented in 2005.

The standing rule for every area where strangers can place links: rel=“ugc” (or nofollow) on all of them, enforced by the system rather than remembered by moderators.

The playbook in three layers – and the honest limits

Layer one, the attribute net: every link a user can place – comments, forum posts, profile fields, submitted entries, review texts – carries rel=“ugc” or nofollow, without exception and without depending on anyone's attention. In Joomla this is a solved problem: comment and forum extensions worth their salt set it themselves, and a site-wide content plugin (ours is called JNofollow – the labelled in-house recommendation) catches everything that renders through articles, including the widgets nobody remembered. Layer two, moderation where humans read anyway: the attribute removes the SEO incentive, not the link itself – phishing, malware and off-topic ads still need a human or a filter; premoderation for first-time commenters catches the worst at lowest effort. Layer three, friction for machines: spam waves are automated, so the standard kit (spam filter service, honeypot fields, rate limits) belongs to any open comment section regardless of link policy. The honest limits paragraph: nofollow does not make spam invisible to your readers, does not remove your liability for hosted content, and does not deter the spammers who never checked attributes in the first place – it removes the rational incentive, which historically shrank the industrial part of the flood. Combine all three layers and an open comment section stays what it should be: a place for humans, not a currency exchange.

Key facts

Related questions

All knowledge topics