Something is generating spam pages on my site
You probably downloaded a theme or plugin that added a “backdoor.” Otto has a good post on the subject: How to find a backdoor in a hacked WordPress
You probably downloaded a theme or plugin that added a “backdoor.” Otto has a good post on the subject: How to find a backdoor in a hacked WordPress
Put this in a network activated plugin. add_filter(‘pings_open’,’__return_false’); No more incoming pings.
Adjust the amount of visible comments in the Screen Options:
Those characters you quoted here are Han (used by Chinese language), as they matched by the unicode character property \p{Han}. You can perform a regular expression search in a plugin like so: <?php /** * Plugin Name: Drop comments by chars * Description: Delete comments which includes unicode characters of Han, Hangul and Cyrillic. * … Read more
Have you tried clicking Wordfence’s button, ‘Repair all Repairable Files’? It may be able to replace all the plugin and WP core files with the correct repository versions. You are right that if you back up, wipe the site, and reload the backup, you’re not accomplishing anything. That said, you need some kind of backup, … Read more
Sabre is great plugin, it allows me to block dozens of spam user registration per week. It has also many useful features to control the style and captcha’s complexity.
First of all, report whoever is doing it. You obviously could block anything with a query-string that contains screw-you, but that’ll only help in this case. Maybe Drop any requests with HTTP/1.0 (browser don’t use it, and “good” bots like google don’t either, but if you need to provide access to special tools, you might … Read more
Use these three plugins in combination: Cookies for Comments Simple Trackback Validation Akismet Ditch the captcha and math plugins, they’re pretty much useless. The combination of these three is enough for most anybody, without having to put any problems back on the user.
One surprisingly useful solution to foil most spam-bots is to use a honeypot. Put an extra entry field into your comment forms, and then hide it with css. Normal users won’t fill it in because they won’t ever even see it. Based on that, you can safely assume that anytime an entry is made with … Read more