Support » Fixing WordPress » How Best Stop Spammers?

  • I’ve got ‘new user approve’ and ‘wpbruiser’ and between them I keep out all spam.

    But the cost is I have to approve or delete all new users and they’re coming at the rate of some 20 per day and every day I have to go through the same ritual.

    Is that what all admins of wp sites are doing or am I missing a plug in?

    Looks to me like almost impossible to stop it – I mean, how could anyone know they’re not quite legitimate people asking for accounts?

    I ‘know’ they’re not simply because (1) there’s no reason for anyone wanting an account on my new unremarkable board and (2) all their usernames come with numbers, like ‘scisco43256’. So I’ve no hesitation in deleting them. But how could any software make that decision?

    Hope I’m wrong. And there is a way. A plugin I should have.

    ?

Viewing 8 replies - 1 through 8 (of 8 total)
  • Moderator t-p

    (@t-p)

    @abrogard

    It’s not just you and it’s not just WordPress.

    Every webmaster for every public website in the world has to deal with spam and security issues.

    It’s about refining on a case by case basis.

    You’ll keep learning about different anti-spam methods as well as finding a balance between security and user-friendliness (you’ll have no choice).

    Luckily, you should reach a point where you’ve got a pretty good handle on it and have the process automated as much as possible, but to some extent, you will always have some level of manual action on your part required.

    Welcome to running a website and good luck on your journey.

    I use Anti-spam | WordPress.org which has stopped 99.9% of all the comment spam before Akismet even sees it to process.

    Now then, I do have “Anyone can register” unchecked in General Settings because there is simply no reason for it. I am the only one writing posts on my blog.

    @markrh,

    Yup, the real trouble comes in when you do have some community aspect of the website, guest posts, forum, etc., and you do need to enable registration.

    The most frustrating thing is that 9/10 spambots that are registering accounts don’t even try to comment or post (or anything else that would normally get a spam account easily flagged), they just register and walk away. Then you have hundreds, if not thousands of fake user accounts that you have to clean up and avoid deleting real accounts.

    My theory as to why they do this by the way, is to have dormant accounts that might more easily bypass filters. That is, many filters are more strict with new accounts, whereas an account that’s a year old for example might have less restrictions, and therefore they’ll have more success posting their garbage.

    Or, the spammer’s automation simply broke-down along the way and couldn’t complete the next steps after registration.

    Looks like the Anti-Spam author has a plugin that works on the registration/login pages using a similar method: Security-Protection | WordPress.org

    In my case, I just banned everyone except my IP address from accessing the wp-login.php file in my .htaccess file. The bots certainly try to access that page a lot.

    @markrh,

    Agree. If you’re the sole-user of your site, blocking all IPs, but your own from non-public areas is the easiest way to go.

    Thank you for all the suggestions and the links. I’ll be busy tracking it all down and updating my site…

    Agree. If you’re the sole-user of your site, blocking all IPs, but your own from non-public areas is the easiest way to go.

    Well that’s how it is but though I don’t want a hectic hundreds of people type thing I’d like to envisage a time when a few people visited and commented, participated…

    I often feel the desire to comment when I visit a good blog (or a bad one)…

    So it will be nice if I can get it all under control somehow.

    🙂

    p.s. but on second reading I think I’ve misread what you’ve said. I’ve read it as blocking every newcomer: no commenters. But that’s not exactly what you’ve said.

    These people are not leaving comments, for the most part, over 90%, they just try to register an account. Would what you’re suggesting work on that somehow?

    • This reply was modified 2 months, 1 week ago by  abrogard.

    What I’m suggesting ONLY blocks bots or those with malicious intent from the back-end of your site. No real users will be blocked from your site’s front-end or from commenting.

    However, since you don’t have any need for users to register, and note that there’s no reason for users to register in order to comment, simply adjusting the settings already available to you would be the easiest solution.

    1. Settings > General — Disable registration.

    2. Settings > Discussion — Make sure that registration isn’t required and otherwise adjust your settings as needed.

    3. https://wordpress.org/plugins/akismet/ with a free API should more than suffice to deal with comment spam.

    Good luck. 🙂

Viewing 8 replies - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.