WordPress comment spamming

Monday, March 29th, 2021 - General

Lately, we’ve been having a lot of issues with WordPress comment spamming – and the emails it generates – resulting in a degrading of the email reputation of our servers.

It seems that a lot of users either don’t pay attention to the WordPress comments or moderation messages that come into their website, use an invalid, fake, or now non-existent email address as their WordPress admin email address.

Investigating this found that almost all affected WordPress sites – either were unaware that WordPress comments were enabled or did not need WordPress comments.

Because of all of this – we have decided to add functionality on the server level to disable WordPress comments completely. With this function, we can re-enable WordPress comments on your web hosting account if you absolutely need them.

However, if you need to use WordPress comments you will have to enable some level of anti-spam/anti-spambot measures – usually in the form of captcha (the prove you’re a human images). Google has a Re-captcha service that that is commonly used. Akismet is another service that is commonly reference. There are numerous WordPress plugins available that can help with this. If you must use WordPress comments on your website you will need to have an anti-spam/anti-spambot measure in place that is effective.

Additionally, if you need WordPress comments, then the email address that comment moderation messages are sent to will have to be valid. Ideally, this would be a local @yourdomain.com email address and not an off-server email address. Comment spam messages that are sent for moderation to an off-server email address have hindered our mail server’s reputation in the past.

If you have questions or any concerns about this – feel free to open a ticket with us.