Have you recently launched a new website and started seeing comments come in that feel... a little like off? Are you wondering if they might be spam comments? Maybe they're overly flattering (did this person really think my post about church website domain names was the most inspirational thing they've read all year?) or maybe it looked a bit too self-serving (okay, great, I love that you read my article, but why did you drop seven links to unrelated articles from other websites?).
Well, I'm sorry to have to be the one to tell you this, but you're in the early stages of a spambot attack.
The blog post comments are probably being submitted by spambots. These are bots built to scan WordPress websites to find comment boxes even when those boxes are hidden from real people. Even when comments aren't displayed on your website, WordPress can still have comments activated through some underlying settings, and these bots are great about finding those vulnerabilities.
The good news is that the comments themselves don't really cause any harm. The end-goal for the spambots is to get people to click on their links, so as long as you (and any other website admins) don't click the links and the comments themselves don't get published to the website, there's not a ton of immediate damage.
The damage begins when you start to see more and more of these spambots hitting your site. Usually it starts with just a handful of spam comments a day, but over several weeks they will grow as more bots find the vulnerability. I've seen the number of comments grow to become hundreds of submissions a day, which is not only annoying, but can harm the server that hosts the website by choking its resources.
The first thing you should do is confirm that you're not displaying comments on your website. While there are some sites that need/want to allow comments, the vast majority of websites these days has absolutely no need for them. And if you do need comments, it usually works best to use a third-party discussion platform like Disqus to manage them. WordPress's built-in comment system is awful.
The exact approach to remove the display of comments from your website will depend on the theme you're using, but in most builders it's as simple as editing the template view for single posts and then deleting the section on the page that contains comments.
This doesn't prevent these bots from submitting comments, but it does prevent the public from seeing their dangerous links.
But the heart of the issue is to prevent these comments from being submitted in the first place. I almost always follow a three-step process:
With those three settings combined, I've had pretty good luck eliminating spam comment submissions, and I think it will work for you, too!