WordPress has a notoriously bad relationship with comments. If a naive WordPress admin turns off the comment approval process on their site, they will be greeted with a wave of spam. But don’t worry, WordPress has some great spam filtering plugins, so once you install one of those you don’t have to deal with spam, right? Wrong.
The problem with spam filters is that as soon as they become used by a lot of sites, spammers go to work finding a way around them. And so while they may reduce the number of spam comments you receive, they will not rid your site of them. And the most effective filters involve adding a verification step to the commenting process (such as captcha). This is a nuisance for users, I don’t like making humans prove they are not robots.
Write your own damn filter. Normally I do not actively try to re-inventing the wheel, but in this scenario it makes sense. Spammers only try to circumvent filters that are used by many sites, so making a custom filter used only by a couple sites keeps you off their radar. Any competent spammer could easily reverse engineer my filter and figure out a way around it, but no one is going to do that just to spam my website.
If we were talking about a security, it would be a horrible idea to rely people not bothering to figure out how your protection works. But spam filtering has low enough stakes for this approach to be okay. The worse case scenario for a security breach is that sensitive information is stolen, your website is vandilized, your reputation is damaged and your site is used for ill-purposes by hackers. The worse case scenario for your spam filter being breached is that you have spam in your comments. For this reason, I recommend WordPress site maintainers implement their own spam filter like this. The chance of this getting onto spammer radars is very low and even if that does happen it will not be a big deal.