I'm playing around with a wordpress installation for a while now and face lots of spamming recently.
I looked through the support area regarding this issue and found some usefull stuff but still - I feel I do not quite understand how comments in WP work.
- I have an option to turn on/off comments globally and per posting.
- I can require commenters to be logged in before posting
Now, even if Cs are turned off and log-in is required anyway I do get comment spam. This fact seems to relate to the common suggestion to delete some files in the WP installation?
But if I do delete those files I would loose the ability to enable comments for certain posts - right?
Next step is: not to delete but rename those files and change some of the WP code accordingly?
If I got this right, then WP has no real security but just relies on the fact that If someone knows the url of the comments.php he is allowed to comment???