Blog comment posted on a site without a blog
-
Hi – I received a moderation request from WP for a blog comment that was posted to our site. We don’t have a blog. The poster commented on the Hello World blog post. It’s spam for some stock market trading software, and includes a URL.
Since they were able to post their spam and their link into our site via our non-public Hello World post, could someone or somebot also post malicious code that way – would Wordfence block that? From a security view, will it be sufficient for me to delete both the comment and the Hello World post? Thanks.
The page I need help with: [log in to see the link]
-
Shutting down commenting in WordPress can indeed be a bit tricky. Suggest you delete that blog post even if it’s not public, but before doing so get the URL of the post and add it to your “Immediately Block URLs” in Wordfence. This functionality used to be on the “Options” page but apologies I do not have new location memorized.
What you are experiencing is the typical cavalier approach to security that WordPress developers take, in that they have created numerous “standardized” attack vectors that every botter out there has on their list (for example, the Hello World post). Ridiculous, but such is life with WordPress. Enjoy.
Oh, and as to what to do, I wouldn’t worry too much, as suggested above just delete the post and comment, and be sure you’ve got Wordfence Premium running with the Firewall. MTN
- The topic ‘Blog comment posted on a site without a blog’ is closed to new replies.
