Spam usually causes a lot of troubles to any website, no matter it based on WordPress, Joomla!, Magento or some other forum platform. Applying security measurements partially guarantees that the website will not be hacked. Of course spam protection is not just about the installation of a particular plugin, but it also keeping the application and its extensions always up-to-date.
A good WordPress spam protection includes several points that need to be covered:
- Make sure website and its plugins are updated.
- The admin panel is either protected with additional password or IP based restriction.
- Any active forms, no matter they are comments, registration or contact are protected with captcha.
- The plugins you do not actually need are removed. I personally think that 5-6 plugins are enough for any WordPress. Building a website with 50+ plugins might be a very bad idea, because it is almost impossible to check and test each plugin for possible vulnerabilities.
- Your access passwords such as FTP or the wp-admin panel password are strong. Using your pet’s name as password is not a good option.
In this tutorial I will explain how to protect the forms on your website with captcha plugin. The process is actually easy, but I will provide detailed instructions to be sure the protection is applied successfully and no automated script will be able to post spam-like comments or register additional users.
Now let’s login to wp-admin section of your website and click Plugins button located on the left column of the panel. On the next screen click Add New and then type Captcha by BestWebSoft in the search field titled Search Plugins. The next step is install activate the plugins. Note this is randomly selected plugin that I tested and recommend as good one.
When the plugin is installed, click Settings as shown here and make sure that captcha is enabled for all possible forms.
Of course there are some paid options, but in this tutorial we will work with the free ones. At the bottom of the page you will find option to disable capctha for the registered users. I personally would recommend keeping it enabled. If the computer of the user is infected with virus, then the form will protect your website from spam comments. At the same page you will also find captcha adjustment options.
As the basic options are set, we can proceed with the Advanced ones shown on this screen shot:
The image packages are selected by default and it is fine to leave them this way. You will see image enlargement option which can be checked for better user experience. The other option allows you to define captcha code entering time frame and notices upon typing incorrect code.
The other two sections allow you to whitelist particular IP address and add custom style for the main captcha class. If you are sure your computer is not infected with any virus, then you may whitelist your local IP address and skip captcha. The other option that allows you to insert a custom code is also interesting. Using it you can change the layout of the captcha class making it better looking.