If you don’t want people filling website field, simply remove it from the form. Put this code in functions.php of your current theme: function wpse_remove_comment_url($fields) { unset($fields[‘url’]); return $fields; } add_filter(‘comment_form_default_fields’, ‘wpse_remove_comment_url’); It is more logical than showing the field and advising users against using it. UPDATE To not confuse users, and fool some bots, … Read more
Personally I highly recommend to not use IP blocks at .htaccess level. There are simply too many false positives possibilities for that to work reliably. I had encountered WP blogs (luckily wave of those seem to have faded) that just shut me out, accusing my IP of belonging to evil spamer… Static IP that belonged … Read more
One of our developer Mr. Ahsan Ullah found a very normal solution to that: He simply Refreshed the Permalink settings and it’s all set. From /wp-admin, going Settings » Permalinks, he clicked the Save Changes button. The permalink structure of the whole site was refreshed and the unwanted links were vanished from the site.
Are you saying you are getting a lot of ‘people’ signing up to your website? Here are two ways you could help reduce Spam (Has helped a lot for me): Keep an eye on your access_log within the server. If you see the same IP addresses accessing your website, block them. Require sign-ups to have … Read more
How to track down a phantom contact form?
It’s possible, but it’s unlikely that you succeed for comment spammers (and how do you separate them from legitimate proxy users?): $proxy = $_SERVER[‘HTTP_X_FORWARDED_FOR’];
First and most important question – did your host meant that you server is actively sending spam or is being used to relay spam? If former then you need to trace that down and cleanup (which takes someone competent looking at it, if you are not confident to do it yourself). After that my first … Read more
You might look into enabling the Akismet add-in (free at https://akismet.com/), which is pretty effective in blocking common comment spam. There are many comment spam blockers available as plugins; including my own ‘FormSpammerTrap’. All (including mine; found in the repository to reduce self-promotion) have various levels of success, you will need to try them to … Read more
Since it hasn’t been explicitly stated yet, I’ll state it. No one’s using your domain to send spam. They’re using spoofed sender data to generate an email that looks like it’s from your domain. It’s about as easy as putting a fake return address on a piece of postal mail, so no, there’s really no … Read more
Assuming that your site has not been compromised, and that there are not unknown admin-level user accounts, then this could just be a case of mail spoofing. (Where a person places your email address as the ‘from’, but the email is really being sent by an external process.) I’d change all credentials (hosting, FTP, admin-level … Read more