Despite the number of measures we implement to detect and counter spam, emails still find a way through, clogging up mailboxes and giving domains a bad reputation.
It is possible to reduce spam sent from a WordPress site by implementing a few easy measures. Read on to find out some Tips For Protecting WordPress Websites Against Spam
Create the email account wordpress@ on your domain
By default, WordPress uses firstname.lastname@example.org as the “from” address when sending notifications. If you use one.com here is how to set up the account in your mail administration you will get a notification when WordPress has tried to send a message but was unable to deliver it. To make it easier for you to manage you can forward the emails to the primary email account on your domain, and create a filter to move messages to a specific folder.
If you suddenly get a large number of undelivered messages, this is an indication that your site is being used to send spam. If this occurs, look at what is generating the emails, for example, your contact form, and disable or protect that function.
Limit who can leave comments
On popular websites with a lot of visitors, most comments by far are spam. That’s why we recommend that you limit who can leave comments on your site.
In WordPress Admin under Settings > Discussion, you can change who can leave comments and when comments are being published. We recommend disabling comments from anonymous users.
Alternatively, you can disable comments completely and replace it with a discussion plugin like Disqus. Disqus has built-in anti-spam measures, so you don’t need to worry about it.
Activate the Akismet plugin
If you decide to allow comments from anonymous users, a good anti-spam plugin is indispensable. The Akismet plugin is installed by default on all WordPress installations and free for personal use. You only need to activate it, by getting an API key from Akismet.
Once activated, Akismet checks all comments for spam and allows only legitimate comments to appear in your moderation list.
Make sure user registration is turned off
We recommend keeping user registration turned off because it is almost always used for sending spam. Allowing user registration only makes sense if you have a website that is restricted to members only, or if users need to be logged in to be able to comment. If you are looking for a way to allow users to subscribe to updates on your blog, you can use a plugin for this.
Under Settings > General you can find the settings for Membership. Make sure the box for “Anyone can register” is unchecked.
Use CAPTCHA in forms
If you have a contact form on your site or allow user registration, it’s essential that you verify that the user filling in the form is human and not a spambot. The easiest way to do this is a to add a reCAPTCHA plugin to your WordPress site. CAPTCHA helps you to distinguish between humans and robots, by asking humans to perform an action that robots generally don’t understand.
Over the years, bots have become smarter, but luckily so has the CAPTCHA method. Nowadays, you only need to check a box to confirm you are human, instead of typing in a code or number. Only if your behavior is suspicious, you need to pass another test, for example selecting all images with cars of shop fronts in it for example.
Most form plugins already have a built-in reCAPTCHA function. The only thing you need to do to enable it is to get two API keys from Google. If you need assistance with any website needs then feel free to send us an email and our support professionals can implement these for you.
This article was written by Sam Hartford an IT professional and Web Designer.