Spam protection usually causes a lot of troubles to any website, no matter it based on WordPress, Joomla!, Magento or some other forum platform. Applying security measurements partially guarantees that the website will not be hacked. Of course wordpress spam protection is not just about the installation of a particular plugin, but it also keeping the application and its extensions always up-to-date.
WordPress Spam protection suggestions
A good WordPress spam protection includes several points to cover. Here are mine:
- Make sure website and its plugins are updated.
- Pay attention to wp-admin section section and either protect it with password or restrict the access to specifics IPs.
- Protect any active forms, no matter comments or posts, with captcha feature.
- Remove the plugins you do not need. I personally think that 5-6 plugins are enough for any WordPress. Building a website with 50+ plugins might be a very bad idea, because it is almost impossible to check and test each plugin for possible vulnerabilities.
- Your access passwords such as FTP or the wp-admin panel password are strong. Using your pet’s name as password is not a good option.
In this tutorial I will explain how to protect the forms on your website with captcha plugin. The process is actually easy, but I will provide detailed instructions to be sure the protection is applied successfully and no automated script will be able to post spam-like comments or register additional users.
How to install security plugins
Now let’s login to wp-admin section of your website and click Plugins button located on the left column of the panel. On the next screen click Add New and then type Captcha by BestWebSoft in the search field titled Search Plugins. The next step is install activate the plugins. Note this is randomly selected plugin that I tested and recommend as good one.
When the plugin is installed, click Settings as shown here and make sure that captcha is enabled for all possible forms.
Of course there are some paid options, but in this tutorial we will work with the free ones. At the bottom of the page you will find option to disable capctha for the registered users. I personally would recommend keeping it enabled. If the computer of the user is infected with virus, then the form will protect your website from spam comments. At the same page you will also find captcha adjustment options.
Advanced spam protection
As the basic options are set, we can proceed with the Advanced ones shown on this screen shot:
The image packages are selected by default and it is fine to leave them this way. You will see image enlargement option which can be checked for better user experience. The other option allows you to define captcha code entering time frame and notices upon typing incorrect code.
The other two sections allow you to whitelist particular IP address and add custom style for the main captcha class. If you are sure your computer is not infected with any virus, then you may whitelist your local IP address and skip captcha. The other option that allows you to insert a custom code is also interesting. Using it you can change the layout of the captcha class making it better looking.