Comment Spam

Hi @mischaellstein, thanks for your question.

The XML-RPC file is commonly tried by attackers and can be the source of spam comments, so if you did want to add a total blanket block, you could add the following code to your .htaccess file if you are certain no plugins you use (such as Jetpack or the WordPress app) require access:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

I would also try restricting XML-RPC by checking the “Disable XML-RPC authentication” checkbox in Wordfence > Login Security > Settings to prevent authentication attempts through that file.

We don’t currently extend our own reCAPTCHA beyond the WordPress and WooCommerce login/registration pages, although some anti-spam plugins do have the option to add reCAPTCHA to your comment forms if you determine they are coming directly through your site rather than XML-RPC.

Thanks,
Peter.

Hi Peter,

thanks for pasting the exact same answer you already posted as an answer to the question from another user – but did that answer my question? I do not understand that answer.

Regards,

Michael

Hi @mischaellstein,

Comment spam through XML-RPC is a common occurrence, so disabling it if you’re able to is always the best place to start. This has a common answer with set instructions, but we can’t guarantee unless told that those have already been seen, so are happy to include them on a case-by-case basis.

Have you found a Tools > Comment Spam tab reference in our documentation, or through an instructional post that prompted the original question? Wordfence doesn’t currently have this section although there are reCAPTCHA solutions out there that can be attached to your comment forms that should reduce spam coming through the actual pages of your site.

Thanks again,
Peter.