• Resolved thekendog


    I have the same issue as here:


    I have a CPT that doesn’t support comments. I have comments turned off everywhere in the plugin and I’ve also disabled comments through the REST API and XML-RPC. I’ve had two spam comments sneak through though. They look like this in the server access logs.

    [18/Jan/2023:13:54:27 -0500] "POST /wp-comments-post.php HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36" "-"

    How did they get through?

    • This topic was modified 1 year, 4 months ago by thekendog.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support Abid Hasan


    Hi @thekendog ,

    Hope you’re doing good today.
    Since you’ve configured your settings correctly from plugin, this is very strange that you’re facing this issue on your end.

    We need to deeply investigate this issue on your website. Could you please come our support channel from here: https://wpdeveloper.com/support/new-ticket/

    We will deeply investigate this and get back to you.
    Also for future reference of this topic, I will share my findings in this topic here as per WordPress Org forum rules.

    Thank you!

    Plugin Support Abid Hasan


    Hi there,

    ​Our dev team lead has deeply investigated this issue on your website and performed various tests. Our dev team didn’t find any issue with our plugin on your website and we can assure you that the XML-RPC and REST-API are perfectly working from Disable Comments and blocking unauthorize requests from outside.

    ​By the way, one thing I noticed on your website is that you have a form on your website but didn’t have any reCaptcha for this. I’m assuming the spammer are breaching your website through this form.

    ​Can you please add reCaptcha on your forms and let me know how it goes afterward?
    ​Thank you!

    • This reply was modified 1 year, 4 months ago by Yui. Reason: link dropped
    Thread Starter thekendog


    Please do not post the URL to my website on here.

    We are using an alternate method to reCaptcha to prevent spam as reCaptcha is a bad user experience.  It also wouldn’t explain how somebody posted comments as that is a contact form.

    Hopefully it was just a one off bug or something.

    Plugin Support Abid Hasan


    We’re sorry for that @thekendog . I will contact with the moderator and try to remove the link from my previous comment.

    Regarding the spam comment – We’ve actually deeply investigated and didn’t find any clue. But we will keep it exploring and if we find any clue, we will definitely let you know and fix it don’t worry.

    Thank you for understanding!

    Plugin Support Abid Hasan


    @thekendog , your link has been removed from my previous comment. Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Comment Spam Sneaking Through on CPT’ is closed to new replies.