First and most important question – did your host meant that you server is actively sending spam or is being used to relay spam? If former then you need to trace that down and cleanup (which takes someone competent looking at it, if you are not confident to do it yourself). After that my first … Read more
Hmm – if they have no role, it may be that they are coming in through some other way and adding that action will not help. What plugins do you have active ? also are you sharing a wp user database with another system?
Why don’t you set the Contributor role for your site users. Then when they write a new post it will have to be reviewed by an Administrator before it gets published. Have a look at this link also -> http://codex.wordpress.org/Roles_and_Capabilities
…is there any other plugin out there that will do EXACTLY this Not a plugin, but yes – this is the standard behavior of the comment moderation system in WordPress. BUT if ANY user visits bob.com and posts a comment containing the blocked email, website url or any other blocked material, then the IP of … Read more
You must hook the form using wpcf7_before_send_mail and add your PHP code to functions.php (since the script is already in your theme folder)? You won’t lose any of CF7’s abilities. function wpse_process_form( &WPCF7Object ){ #process your form here } add_action(‘wpcf7_before_send_mail’, ‘wpse_process_form’ );
From your error log they are sending a HTTP/1.1 request without the Host: portion of the request. From what I read, Apache replies with a 400 (bad request) error to this request, before handing over to mod_security. So, it doesn’t look like your rules will be processed. (Apache dealing with it before requiring to hand … Read more
Be sure that your emails don’t look like typical spam emails: don’t insert only a large image; check that the character-set is set correctly; don’t insert “IP-address only” links. Write your communication as you would write a normal email. Make it really easy to unsubscribe or opt-out. Otherwise, your users will unsubscribe by pressing the … Read more
You probably have alot of bots creating the fake usernames/pass. If you’re using Buddypress then you will get lots of bots. Try NoMoreCaptchas, it authenticates the user as a human or bot via a new type of technology called BioChronometrics. This is super fast for the user since it is completely passive authentication. It’s based … Read more
It’s possible that the random stuff is not in the database; your answer doesn’t make that clear. There could be some modified WP files that are inserting text in each displayed post. Recovering from a hacked system is time-consuming, but can be done. Short list: update WP/themes/plugins to latest versions. Check the htaccess file against … Read more
You might look into enabling the Akismet add-in (free at https://akismet.com/), which is pretty effective in blocking common comment spam. There are many comment spam blockers available as plugins; including my own ‘FormSpammerTrap’. All (including mine; found in the repository to reduce self-promotion) have various levels of success, you will need to try them to … Read more