Posts/pages are stored in the wp_posts table. So you could get into the table and delete records. But, not recommended, unless you really know what you are doing with the tables. My procedure would be to re-install WP (from the Update page; reinstall WP), then delete any non-WP (the ‘Twenty*’ ones) themes, and remove all … Read more
Your site is almost definitely compromised. Doing your own cleanup may not be worth the time and effort because reinfection is likely if you miss a single infected file. At this point I recommend to my clients that they get professional help. You may be able to get more details from a site scan by … Read more
It is better to use ‘comment_post’ action for this purpose, it is fired when the comment is saved in database: add_action(‘comment_post’, ‘my_comment_post_callback’, 10, 3); function my_comment_post_callback($comment_id, $comment_approved, $commentdata) { if (strpos($commentdata[‘comment_content’], ‘dog’) !== false) { $post_url = get_permalink($commentdata[‘comment_post_ID’]); wp_delete_comment($comment_id, true); wp_redirect($post_url); exit; } }
It seems Contact Form 7 allows you to specify the recipient via a select dropdown. This means that the recipient e-mail address is stored in the form and sent to the server, which then just reads it. Unless the server then verifies the recipient address was one of the options you specified, this can be … Read more
If your on a company intranet it might be easier/more secure to just whitelist a few IP’s and deny access to everything else, you can do that with apache config or .htaccess. Otherwise you will have to get people to login and then you can use a plugin like “Members Only”, there are several of … Read more
You can include this code by creating a new custom plugin which help you to stop this when you deactivate the plugin. wp_schedule_event(time(), ‘daily’, ‘my_dailyClearOut’); function my_clearOldUsers() { global $wpdb; $query = $wpdb->prepare(“SELECT ID FROM $wpdb->users WHERE datediff(now(), user_registered) > 7”); if ($oldUsers = $wpdb->get_results($query, ARRAY_N)) { foreach ($oldUsers as $user_id) { wp_delete_user($user_id[0]); } } … Read more
I’d try open the spam post in your browser and find the post ID. This will be in a rel=”shortlink” tag in the HTML header: <link rel=”shortlink” href=”https://example.com/?p=123″ /> or as a class page-id-123 or similar on the body tag: <body class=”page-template-default page page-id-123 logged-in admin-bar no-customize-support”> edit that ID into your normal edit post … Read more
In vanilla WordPress the only difference is that trashed comments get deleted automatically after (customizable) time span. Adding plugins to the picture – it might make difference to what/how specific plugin learns from incoming spam.
Hi @Nick Loman: There is not one command, but several. Be care though to back up your database before running this because there’s a tiny chance something in your database differs from mine, especially after a .1 upgrade beyond 3.0 and thus it may not work perfectly and you’ll have to restore. DELETE FROM wp_usermeta … Read more
They were probably automatically created by spam bots. You can disable user registration by going to the Settings > General page and unchecking the Anyone Can Register box. You’ll still be able to manually create users, but users won’t be able to register themselves automatically. If you want to allow users to register, but still … Read more