All posts on my blog have open comments, no matter the age of the article. The comment form requires a name, URL, and comment in order to be submitted. I get notified of each comment via email through WordPress and all comments are held for moderation before approval.
Lately I’m getting the same comment spam being submitted as comments but there are a few anomalies:
- Each comment has more or less the same text. I’ve added that text as restricted text in my WordPress Discussion settings, but it still bypasses that filter.
- Each comment has no email address submitted. Somehow they’re bypassing the email field by (I’m assuming) targeting comments.php directly.
- Each comment has a different IP address, so I can’t even block by IP in .htaccess, since it’s always new.
Any idea how this can be combated? I’m using an anti-spam plugin that I pay for but I don’t see a way for it to combat this specific problem. Thanks for any help.
2
Answers
The bizarre thing about this problem is that these were not "comments" being posted that were getting through the spam filter, they were "trackbacks" and "pingbacks". Usually tracks/pings are identified as such, but for some reason these were different. They looked like comments.
I don't need to be notified about trackbacks so I used the WordPress dashboard to disable all trackbacks/pingbacks on older posts. You can do this by doing the following:
I'll monitor to see if the trackback comments are continuing to get through, but I believe this should fix this problem.
These two plugins could help you
https://akismet.com/wordpress/
https://www.wordfence.com/
Also try using cloudflare to mitigate bot traffic