Servage Magazine

Information about YOUR hosting company – where we give you a clear picture of what we think and do!

Tips to protect your WordPress site from spam

Wednesday, February 3rd, 2021 by Helge

wp-lockWordPress is a very popular tool since it is one of the simplest and  most popular ways to create your own website or blog. Unfortunately,  WordPress sites can be exposed to spam bots that comment, create users and send lots of spam mail where your page is the sender. We have put together five tips to help you protect your WordPress site from these spam bots.

1. Limit who can comment on your posts

On popular websites with many visitors, most of the comments that come in are pure spam. We therefore recommend that you limit who can leave comments on your page. You do this under Settings> Discussion in the WordPress control panel. There you can also set that comments are published only after you have reviewed and approved them.

2. Reduce comment spam with the Akismet extension

If you have chosen to allow anonymous users to comment on your posts, you need a good antispam add-on. Akismet is usually included in all WordPress installations from the start (and is also free of charge), all that is required is that you activate it with an API key that you get from Akismet. Once you have activated the extension, it will check all comments for you and only approve those that are okay and legitimate.

3. Turn off the possibility for outsiders to register users

We recommend that you turn off the ability for outsiders to register new users on your site as that feature is most often used to send spam. You do this under Settings> General in the WordPress control panel where the box for “Anyone can register” next to “Membership” should then be unchecked.

The only time it can be good to allow registration of users is if your page is limited to members or if users need to be logged in to be able to comment on your posts.

4. Create the e-mail account

By default, WordPress uses the e-mail address as the sender address when you send e-mail from your website. If you create that email address yourself, you will see every time your WordPress page has tried to send emails that could not be delivered, which makes it easier to detect if your WordPress page is being spammed.

Should you suddenly receive lots of messages about failed e-mails from your WordPress page, you need to review which part of your website is generating spam (eg your contact form) and either deactivate or secure that piece.

5. Get rid of spam bots – use CAPTCHA in forms

If you have a contact form on your site (or allow user registration as we mentioned in the previous point), it is important that you verify that the user filling in the form is a human and not a spambot. The easiest way to do this is to add a reCAPTCHA plugin to your WordPress site. It helps you differentiate between humans and robots by asking humans to perform an action that robots generally do not understand.

Over the years, spambots have become smarter, but fortunately the reCAPTCHA method has also become so. Nowadays, you only need to check a box to confirm that you are a human and not a robot. The latest version of Google’s own reCAPTCHA solution does not even require this. Instead, the reCAPTCHA solution is in the background and studies the visitor’s patterns / events on the website to make an assessment of whether it is a real person or a cure.On THIS page, you find instructions how to install reCAPTCHA on your WordPress.

Tips to protect your WordPress site from spam, 4.5 out of 5 based on 4 ratings
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

No comments yet (leave a comment)

You are welcome to initiate a conversation about this blog entry.

Leave a comment

You must be logged in to post a comment.