Sources of Spam
For most websites using WordPress, you have several sources of SPAM that you need to be concerned about Comments, User Forms, Login Forms and Search Forms. These can be a source of SPAM and malicious code. Each need to be considered separately.
All in One WordPress Security (AIOWPS) – Settings for Comments
AIOWPS Has some tools to identify comment bots, blocking comments posted by bots, and NOT posted by a human at your website. It can also add a Captcha to a comment form.
Instead of the default Captcha screen, you can integrate Google Captcha for better performance and security. This is enabled on the Brute Force section, Login Captcha tab.
AIOWPS and Akismet – Comment SPAM
AIOWPS will block bots by IP address that Akismet identifies as having submitted SPAM comments. The two products work in synergy. Akismet identifies the spam. AIOWPS analyzes the source of the spam and blocks frequent spammers by IP Address.
User Forms – Formidable Forms Plugin
Each forms package has it’s own spam integration. We use Formidable Forms, which allows you to add reCaptcha to a form.
If you are using formidable forms, one option to consider enabling is “Load form styling” with a value of “Only on applicable pages”
AIOWPS checks login form and registration form for malicious code. Including adding captcha on the login form, custom login form and lost password form.
AIOWPS – Malicious Code
In addition to posting SPAM comments, bots can also cause havac by injecting malicious code into your website. This occurs at any point where the web server has to process user supplied information. This can occur at any input field or URL.
AIOWPS has several features to help prevent this. They are under the firewall tab. The options are, Proxy Comment Posting, Bad Query Strings and Advanced Character Strings. You can also enable 6G Firewall from perishablepress.com – to monitor URI requests for malicious code.