Spam comments

  • Resolved Lene

    (@lenesachs)


    3 months ago

    Hi Wordfence
    I keep getting spam comments from unknown sources, I can even see users commenting on the spam comments. I have the Wordfence free plan implemented, plus I have disable the XML-RPC authentication in the login security settings, but this hasn’t helped. It there an other way around blocking the entry to the backend? Can Wordfence stop this or it an additonal spam-filter needed?
    Best regards
    Lene

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)
  • generosus

    (@generosus)

    Hi @lenesachs,

    If you don’t mind, please allow me to help.

    I visited your site and noticed it does not have a contact form, only contact email addresses. So, my safe guess is you’re receiving spam via email, correct?

    If so, Wordfence does not provide a feature to block spam emails. However, you can manually block the offending IP addresses, User Agents, etc. associated with those spam emails. Since many spam emails are generated by harvesting bots, you may end up spending a lot of time blocking them.

    As an alternative then, I would like to suggest the following:

    1. Use one (or several) of the methods provided below (links).
    2. Install the 8G Firewall in your .htaccess file. Note: Make a back-up of your site first. We use it and haven’t had any major issues. I highly recommend reading the comments section of the 8G Firewall page for useful tips.
    3. Contact your host for additional countermeasures.

    If you found this helpful, kindly consider closing this topic as “Resolved.”

    Cheers!

    Note: I’m not affiliated with Wordfence. Simply offering goodwill support.

    ———————-

    10 Tips to Stop Email Harvesting
    How to Stop Getting Spam from my Website
    Best Practices for Email Obfuscation to Stop Email Scraping

    Thread Starter Lene

    (@lenesachs)

    Hi generosus
    Many thanks for your input and support.
    The spam comments are actually physically posted in the WPs Comment section and not via e-mail. Does it makes sense?
    Best regards

    generosus

    (@generosus)

    Hi @lenesachs,

    That’s very strange — especially without a contact form on your site. Can you share a screenshot or two?

    Meanwhile:

    1. I still recommend implementing the most-appropriate method(s) shared above. They will help you.
    2. Go to WP Menu > Settings > Discussion and select the most-appropriate filters (i.e., settings) for your case. Did you try that as well? So you know, we’re using hundreds of keys in the field titled, Disallowed Comment Keys, to block spam. You may want to try this as well. We obtained the list of blacklisted keys from this source (we added/deleted our own as well).
    3. Try the additional methods noted below (links).

    Implement the most-appropriate method(s) for you, clear all cache layers, then wait several days to see if that helps.

    Cheers!

    —————

    How to Stop WordPress Comment Spam
    4 Effective Ways to Stop WordPress Comment Spam

    Plugin Support wfpeter

    (@wfpeter)

    Hi @lenesachs,

    Comment and registration spam through XML-RPC is extremely common, so disabling it (if you’re able to) is always a good place to start. You’ve already prevented authentication in our Login Security settings, which is fine and normally something we’d recommend trying. I don’t think a CAPTCHA solution would necessarily help in this case if the comment fields aren’t available anywhere on your site.

    If you’re not using Jetpack or the WordPress app, try disabling access to XML-RPC altogether via your?.htaccess?file with:

    # Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

    Let us know if that helps!
    Peter.

    generosus

    (@generosus)

    Hi @lenesachs,

    Piggy-backing onto what @wfpeter shared, here’s a great article (and plugin) concerning XML-RPC. It offers extremely useful information.

    To verify your XML-RPC is disabled, try this website: https://xmlrpc.blog/

    Best wishes!

    Thread Starter Lene

    (@lenesachs)

    Hi Peter and Generous

    Thanks for feedback.
    Discussion should be closed down, as on the Discussion page I have enabled
    -comments from only allowing registered users to comment
    – On Comment Moderation
    – Reduce the Number of Links in the Comments

    In Wordfence
    Should the 2FA be installed, then I have ticket the XML-RPC authentication?

    And what about the reCAPTCHA?

    I tried to test the XML-RPC authentication on the site, which Generous provided, but test results are negative.

    Best regards

    Lene

    Hi @lenesachs,

    Without screenshots, it’s difficult to better assist you. So, here are my final recommendations:

    1. Go to WP Menu > Settings > Discussion and implement the most-appropriate settings for your website.
    2. Go to WP Menu > Wordfence > Login Security and implement both 2FA and reCAPTCHA for your website. These are the 2FA settings and reCAPTCHA settings our website is using.

    Once you implement the above, you should have minimal (if any) spam in your Comments section.

    If satisfied with the above, kindly consider closing this topic as “Resolved.”

    Cheers!

    Thread Starter Lene

    (@lenesachs)

    Hi Peter and @generosus

    The spam comments have stopped
    Thanks for your support and advice.
    Best regards

    Lene

Viewing 8 replies - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.

Tags