Support » Requests and Feedback » Please update your installation enable captcha and use your htaccess file

  • Keepsake


    I am not a wordpress user but I thought I would comment here to report an issue that some of your community may not be aware of.
    I noticed a few threads here already talking about similar things.

    My site has received intermittent “comment spam” attempts over the last few months, in most cases it tracks back to a poorly configured wordpress installation. The owners of the sites are usually unaware of the issue and completely innocent but spammers are sending a lot of probes ,comments etc via wordpress intallations. Its popularity makes it a target.

    On a few occasions the sites administration area was wide open to me when I traced the referal link back to a site.

    The sites vunerable to this seem to have a few things in common, an open un-moderated comment system and no captcha enabled for comments, printing or sending pages by e-mail.

    Captcha prevents spam , not only spam comments on your site but the piggybacking of links and the automated spamming of other sites. Spammers uses security flaws in the input fields. Poorly configured servers and installations can allow the execution of php scripts which allow spammers to send comments. emails etc to other sites or individuals.
    Use your htaccess file and captcha to stop/reduce the probability of this occuring.
    I realize your community isn’t doing the spamming but the way the spammers are working it makes it look like the requests and probes are comming from your sites.

    I am not criticizing wordpress or your community , I just thought it was an issue that may need to be investigated as its frequency has increased recently.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Ipstenu (Mika Epstein)


    Lead Plugin Wrangler

    Why not use a captcha plugin:

    FWIW, I don’t use it at all and I have about 1 spam a month, between akismit and script blockers (which are invisible to my users). I’m of the opinion that captcha annoys posters and isn’t effective enough to argue it’s use everywhere, and I know I’m not alone 🙂 So a plugin is a better route for those of us who do AND don’t want it!

    I agree about .htaccess, but that’s general server security and not just WordPress.



    I wasn’t talking about you getting spam but your installation being used by spam bots to spam other websites.

    The post was in response to activity in my logs and other peoples from a large number of wordpress sites trying to access comment and submission forms.

    I was just giving a heads up to your community before people start blocking referers from wordpress sites.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Please update your installation enable captcha and use your htaccess file’ is closed to new replies.