SPAM COMMENTS even when “only registered” can comment and reg disabled

  • Hello ! SPAM COMMENTS even when “only registered” can comment and registration disabled – How is it possible ? I still get comments from accounts that are not registered. I see many explanations everywhere but no, my websites have not been hacked, nobody has my database password, so how is it possible ? Thank you.

    • This topic was modified 9 months, 3 weeks ago by clitopwebsite.
Viewing 9 replies - 1 through 9 (of 9 total)

  • You can try these guidelines to prevent spam comments: https://www.malcare.com/blog/how-to-stop-wordpress-comments-spam/

    Thread Starter clitopwebsite

    (@clitopwebsite)

    Thank you but I didn’t ask what everybody already knows, I do not ask help to stop spam, I want to understand why they can still spam without being registered.

    • This reply was modified 9 months, 3 weeks ago by clitopwebsite.
    Moderator James Huff

    (@macmanx)

    You said twice above that the “Users must be registered and logged in to comment” setting is disabled (unchecked).

    I assume you’ve misspoke, but just to sure, it needs to be enabled (checked).

    If that setting is checked, and you’re still getting comments from email addresses who have no corresponding acocunt under your Dashboard’s Users section, carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

    Thread Starter clitopwebsite

    (@clitopwebsite)

    @macmanx OH SORRY ! Yes of course it’s checked (ticked).

    Thank you for the links again, but why someone cannot simply reply why bots can post comments when they are not registered ? Is it another wordpress “secret” ? ??

    And no, my websites are not hacked, I have never been hacked and will never be, so I am still wondering why bots can post, is it so complicated to just stop them if not registered ?

    • This reply was modified 9 months, 3 weeks ago by clitopwebsite.
    Moderator James Huff

    (@macmanx)

    If your site requires registration and login to comment, and the comments are not coming from registered and logged in users, then malware is a very strong suspect, hence the recommendation.

    How are you so certain that you haven’t been hacked?

    Thread Starter clitopwebsite

    (@clitopwebsite)

    @macmanx

    Thank you, I checked all my files with many tools to detect malwares / scripts and I do it once a month, so I am sure that I have never been hacked.

    So nobody at wordpress can explain why bots bypass “only registered users”

    Thanks again.

    Moderator James Huff

    (@macmanx)

    They can’t, that’s the point.

    In 20 years of doing this, it’s one of the more common signs of malware.

    Either current malware generating the comments, or past malware that left comments in the database attached to post IDs that didn’t yet exist (and now they do).

    Thread Starter clitopwebsite

    (@clitopwebsite)

    Thank you, but my host is saying that it often happens, and after checking again, I do not have any malware.

    Moderator James Huff

    (@macmanx)

    It definitely doesn’t happen often, and in 20 years over here it’s always been either current active malware or remaining damage from past already-removed malware (which of course wouldn’t show up in malware scans).

    I’m sorry that’s not the answer you wanted to hear though.

    If your host knows what it is, perhaps they can fix it for you.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘SPAM COMMENTS even when “only registered” can comment and reg disabled’ is closed to new replies.