Comment on Reviewing The Growmap Anti SpamBot Plugin (G.A.S.P.) Update by Paul G..
Hi,
Thanks for commenting. What you say is right, but it’s practically impossible to prevent the spammers reaching you. We also use CloudFlare which detects spambots and prevents them to some degree, but there’s not preventing all of them.
Thanks,
Paul.
Paul G. Also Commented
Reviewing The Growmap Anti SpamBot Plugin (G.A.S.P.) Update
Hi Gail,
Thanks for dropping in. I don’t actually use Andy’s GASP plugin, I redeveloped it from scratch and integrated it into our WordPress Simple Firewall Plugin (http://wordpress.org/plugins/wp-simple-firewall/)
To date, I haven’t had a single bot spam comment and I haven’t needed to update the algorithm since I first released it. It’s really very robust and it’ll be some time, if at all, that the spambots can get past what I’ve implemented there.
The difference is that it’s based more on the server-side, within no more impact on the visitor than the basic GASP.
Check it out and let me know what you think!
Cheers,
Paul.
Reviewing The Growmap Anti SpamBot Plugin (G.A.S.P.) Update
Hi Russell,
We’re always on the look-out for new and improved options for the plugins we use and recommend. Until now, we’ve had great success with the GASP plugin.
I’ll check out the Stop Spammers plugin. I’m currently working on adding GASP comment checking to the WordPress Simple Firewall, with some further additions of my own (in part what I laid out here). I’ll also see what techniques I can borrow from this one that you recommend and hopefully have something that works and is sustainable going forward.
Fingers crossed.
Thanks for the plugin recommendation Russell, and for commenting!
Cheers,
Paul.
Recent Comments by Paul G.
Security: Hide The WordPress Login and Admin Pages (wp-login.php)
Hey Rob,
Brilliant news… Glad it’s working so well for you!
Part 5: Ultimate Comment SPAM Killer – Shield WordPress Security Plugin
Why does WordPress need to do that? I’ve no idea… that’s the way the author of this particular code decided to implement this. 🙂
My approach is to take each “spam” word/pattern and I use “stripos()” on each item of the comment that needs to be checked.
The truth is that efficiency isn’t hugely important in this area because it’s only run when a comment is posted. I could probably optimize my approach too, but again, it’s not critical.
Further reading: http://lzone.de/articles/php-string-search.htm
Part 4: Login Protection – Shield WordPress Security Plugin
There’s nothing you can do about that unfortunately if the bots are cracking away at your page. Most bots would get blocked by the automatic blacklist if they’re repeatedly hitting you with this.
As to XML-RPC, we have a couple of options ranging from by-passing the login/user sessions systems to completely disabling it:
https://www.icontrolwp.com/2015/10/automatically-block-brute-force-amplification-attacks-against-wordpress-xmlrpc/
Further WordPress Admin Access Lockdown
Eileen, Lynn,
The automatic updates system is WordPress-controlled and run on a WordPress cron. The Security admin access shouldn’t affect this. If you have enabled automatic updates, but restricted the system using the admin access and you find it’s not working as it should, please let me know in the support forums.
To your first question, if you enable this Security Admin system and lock-down any features, then you must, as an administrator or not, authenticate with the Security Admin system before you can make changes to the zones that have been restricted.
Let me know if it’s still unclear and I’ll elaborate further on areas you need.
Thanks!
Part 5: Ultimate Comment SPAM Killer – Shield WordPress Security Plugin
This is something that you’ll have to test with your particular installation(s) and configuration. Aggressive page caching will probably affect this functionality, but that is the double-edged sword that is “caching”.
I’d be interested to hear what you find with your tests.
Thanks!
