My Flower Shop Was Selling Viagra (According to Google)

ByHamad Waran

Let me paint you a picture: It’s Valentine’s Day,  the Super Bowl of the floral industry — and I’m staring at my WordPress dashboard wondering why my beautiful online flower shop is ranking for “cheap Viagra online” instead of “long-stem roses delivery.”

I’m Sarah. I sell flowers. Peonies. Sunflowers. Those gorgeous eucalyptus arrangements that Pinterest moms go crazy for. What I don’t sell is cryptocurrency, casino memberships, or little blue pills. But you wouldn’t know that from looking at my comment section.

Spoiler alert: This story has a happy ending, thanks to a free WordPress spam comment removal plugin I stumbled across at 2 AM while stress-eating chocolate and questioning my life choices. But let me start from the beginning.

The Day I Discovered My Comment Section Was a Pharmacy

I started Petals & Prose five years ago from my kitchen table. Built my own WordPress site (thank you, YouTube tutorials), wrote blog posts about flower care, and slowly grew a loyal customer base. Life was good. My hydrangeas were thriving. My SEO was… well, I thought it was fine.

Then one day, a customer sent me a screenshot. “Hey Sarah, did you know there’s a comment on your rose arrangement blog post offering to sell me Bitcoin?”

I laughed. One weird comment. No big deal, right?

Wrong. So, so wrong.

I logged into WordPress and nearly dropped my coffee. My comment section looked like the waiting room of a very questionable pharmacy. There were 23,847 spam comments hiding in my database. Twenty-three thousand. On a flower blog.

Here’s a greatest hits collection of what I found:

🚫 ACTUAL SPAM FROM MY FLOWER BLOG:

• “Buy cheap Viagra online fast shipping!!! 💊💊💊” (on my tulip care guide)

• “Купить диплом университета” (Russian diploma mill spam)

• “Great post! Very informative! Click here for FREE CASINO BONUS”

• “Invest in Bitcoin now!!! 1000% returns guaranteed!!!” (on my wedding bouquet ideas post)

• 47 comments in Chinese characters I couldn’t read (but probably weren’t complimenting my dahlias)

 

The Real Damage (It’s Not Just Embarrassing)

At first, I thought the spam was just embarrassing. But then I started digging, and honestly, I wish I’d stayed blissfully ignorant. Here’s what those 23,000+ spam comments were actually doing to my business:

  • My Google rankings tanked. Turns out, Google doesn’t love it when your flower blog links to offshore casinos. Who knew? My organic traffic dropped 40% in three months.
  • My site became molasses-slow. All those spam comments bloated my database from 200MB to over 2GB. Pages that used to load in 2 seconds now took 6+.
  • Customers lost trust. Nothing says “professional florist” like a comment section full of cryptocurrency scams and Cyrillic characters.
  • My hosting costs went up. Bigger database = bigger backups = higher storage fees. I was literally paying to store spam.

The “Solutions” That Didn’t Work

My first instinct was to manually delete them. WordPress lets you select 30 comments at a time. I did the math: at 30 comments per click, with each batch taking about 15 seconds, I’d need to repeat this process 795 times. That’s approximately 3.3 hours of non-stop clicking.

I made it through 12 batches before my hand cramped and my soul left my body.

I tried a few other plugins. One wanted $99/year. Another deleted some legitimate customer comments (including a lovely review from Mrs. Henderson about her anniversary arrangement). A third one crashed my site entirely.

At this point, I was ready to burn my laptop and become a hermit who grows flowers in the woods and sells them at farmers markets, technology-free.

The 2 AM Discovery That Saved My Sanity

It was 2 AM. I was on my third cup of chamomile tea (the irony of a florist stress-drinking flower tea is not lost on me). I was googling “free WordPress spam comment removal plugin” for probably the 47th time when I found something different.

It was from a cybersecurity company called Injected.Website. I’d never heard of them, but a quick search showed they’re doing some serious work in the cybersecurity space — malware removal, hacked website recovery, that kind of thing. Real security experts, not just another random plugin developer.

And they’d released a spam comment remover plugin. Completely free. No catch. No “premium version” upsell. No subscription. Just… free.

I was skeptical. In my experience, “free” usually means “free until you actually need it to work.” But at 2 AM with 23,000 spam comments mocking me, I had nothing to lose.

What Happened Next (I Actually Cried a Little)

I downloaded the plugin from their GitHub, installed it, and opened the dashboard. It was actually… beautiful? Clean design, easy to understand, no confusing technical jargon. The plugin has over 15 different spam detection filters:

  • Cyrillic/Russian character detection (goodbye, diploma spam!)
  • Chinese character filter (sorry, but my customer base doesn’t read Mandarin)
  • Spam keyword detection (casino, viagra, crypto — caught them all)
  • Multiple links filter (legit comments don’t have 7 links)
  • Generic praise detector (“Great post!” with a casino link is not a real compliment)
  • Suspicious TLD filter (caught all those sketchy .ru and .tk links)

Here’s the part where I cried: I selected my filters, clicked “Scan for Spam,” watched it identify 23,412 spam comments (it correctly left my 435 legitimate comments alone), and then clicked “Delete All Found.”

Four minutes and thirty-seven seconds later, they were gone.

All of them. Every single casino ad. Every Viagra offer. Every crypto scam. Every piece of Cyrillic diploma spam. Gone.

The Before and After (Actual Numbers)

Because I’m a data nerd who tracks everything (it’s how I know exactly which flowers sell best on Mother’s Day), here’s what changed:

Metric Before 😭 After 🎉
Database Size 2.1 GB 340 MB
Page Load Time 6.2 seconds 1.8 seconds
Spam Comments 23,847 0
Backup Time 38 minutes 6 minutes
Hosting Cost $45/month $19/month
My Stress Level 💣💣💣💣💣 🌸🌸🌸🌸🌸

 

And yes, my Google rankings started recovering within a month. Turns out, when you stop accidentally linking to offshore gambling sites, Google likes you again.

How to Clean Up Your Own WordPress Spam (The Easy Way)

If you’re dealing with the same nightmare I was, here’s exactly what to do:

  1. Download the plugin from GitHub: github.com/injectedwebsite/wordpress-spam-comment-remover (it’s completely free)
  2. Install it through WordPress Admin → Plugins → Add New → Upload Plugin
  3. IMPORTANT: Backup first! The plugin has a built-in CSV export feature. Use it. Trust me.
  4. Select your filters — start with Cyrillic, spam keywords, and multiple links
  5. Scan and review — make sure it’s not catching any legitimate comments
  6. Delete and celebrate with a nice cup of tea and maybe some flowers 🌸
🌻 GET THE FREE PLUGIN

Download: github.com/injectedwebsite/wordpress-spam-comment-remover

Full Instructions: injected.website/free-wordpress-spam-comment-remover-plugin

 

Why Is It Actually Free? (I Asked the Same Thing)

I was suspicious too. Why would a cybersecurity company give away a professional-grade tool for free?

From what I can tell, Injected.Website is doing big things in the WordPress security world. They handle the serious stuff — malware removal, recovering hacked websites, cleaning up those nasty SEO injection attacks where hackers fill your site with Japanese gambling spam. (Yes, that’s a thing. No, I don’t want to talk about how I know.)

Releasing free tools like this seems to be their way of helping the WordPress community and building trust. And honestly? It worked on me. If my site ever gets actually hacked (knock on wood), I know exactly who I’m calling.

The Moral of This Flowery Tale

If you’re a small business owner with a WordPress site — whether you sell flowers, cupcakes, consulting services, or literally anything that isn’t pharmaceuticals and gambling — go check your comment section right now.

Seriously. I’ll wait.

If you find thousands of spam comments hiding in there (and statistically, many of you will), don’t panic. Don’t spend hours manually deleting them. Don’t pay for expensive subscriptions. Just grab the free WordPress spam comment removal plugin from Injected.Website and let it do the work.

Your database will thank you. Your Google rankings will thank you. Your sanity will thank you.

Now if you’ll excuse me, I have some actual flower-related comments to respond to. And not a single one of them is trying to sell me Viagra. 🌸

ABOUT THE AUTHOR

Sarah runs Petals & Prose, an online flower shop she started from her kitchen table five years ago. When she’s not arranging bouquets or battling WordPress spam, she’s probably drinking too much tea and talking to her houseplants. She firmly believes that life is better with flowers — and without 23,000 casino ads in your comment section.

 

Similar Posts