Hi @thekendog ,
Hope you’re doing good today.
Since you’ve configured your settings correctly from plugin, this is very strange that you’re facing this issue on your end.
We need to deeply investigate this issue on your website. Could you please come our support channel from here: https://wpdeveloper.com/support/new-ticket/
We will deeply investigate this and get back to you.
Also for future reference of this topic, I will share my findings in this topic here as per WordPress Org forum rules.
Our dev team lead has deeply investigated this issue on your website and performed various tests. Our dev team didn’t find any issue with our plugin on your website and we can assure you that the XML-RPC and REST-API are perfectly working from Disable Comments and blocking unauthorize requests from outside.
By the way, one thing I noticed on your website is that you have a form on your website but didn’t have any reCaptcha for this. I’m assuming the spammer are breaching your website through this form.
Can you please add reCaptcha on your forms and let me know how it goes afterward?
This reply was modified 3 months, 3 weeks ago by Yui. Reason: link dropped
Please do not post the URL to my website on here.
We are using an alternate method to reCaptcha to prevent spam as reCaptcha is a bad user experience. It also wouldn’t explain how somebody posted comments as that is a contact form.
Hopefully it was just a one off bug or something.
We’re sorry for that @thekendog . I will contact with the moderator and try to remove the link from my previous comment.
Regarding the spam comment – We’ve actually deeply investigated and didn’t find any clue. But we will keep it exploring and if we find any clue, we will definitely let you know and fix it don’t worry.
Thank you for understanding!
@thekendog , your link has been removed from my previous comment. Thanks!