The only way to prevent contact form spam is to not have a contact form. That doesn't work for most people, so the best we can do is reduce the amount of spam that is allowed to be submitted without making it too hard for real contacts.
From a general security perspective, you want to reduce the number of bots and bad actors from reaching your site. A good security plugin like WordFence will help reduce unwanted visitors. I've had good success with using Contact Form 7 and the Contact Form 7 Honeypot plugins, and with Gravity Forms (it has its own Honeypot feature).
A honeypot is a dummy field in the contact form that human visitors will not see, but bots will detect as a contact form field. If this field has any content when it is submitted, the mail is not generated.
This will not remove all spam, as there are people who are paid pennies per email sent to fill forms manually, but it will reduce spam significantly.
Hope this helps.
What kinds of WP security issues are you having?
When you say that you want to protect your site from spammers, do you mean that you're getting a lot of spam comments or contact form spam? In which case, have you set up the Akismet plugin properly (i.e. registered on the Akismet site and set up the API key)?
If you're having issues with brute-force login attempts, you can use the (free) Limit Login Attempts plugin. For a much more comprehensive security plugin offering a ton of features try the premium version of WordFence ($59/year).
I'd also contact your hosting provider to see what tools they offer. One of the reasons that we strongly recommend clients put their site on a managed hosting solution is that most providers offer continuous monitoring and clean-up for things like malware insertion, nefarious php object injection attempts, and the like.
You could create a .htaccess file in the wp-admin folder and create a .htpasswd file, you will have to create a password for a specific user and load this information into the .htpasswd file. Then point the .htaccess AuthUserFile to the location of the .htpasswd file and also add AuthType, AuthName and Require valid-user
A good resource of information is here:-http://www.htaccesstools.com/articles/password-protection/
Hi, as a non-expert,i struggle with this too. I have a portfolio approach that I am happy to add to as i continue to learn. Here are the measures I have in place at the moment:
1. I have changed my login id from Admin to something non-obvious
2. I have a very strong password (l/c, u/c, numerals, symbols)
3. I use WordPress Akismet to deal with spam comments
4. I use WordFence to protect the site as a whole
5. I have recently switched host to a highly recommended WordPress hosting specialist (they don't host other tech, so I believe their claim to be better at WP than some competitors who don't specialise). I have not done enough due diligence to tell you they are right for you, but if you want to make your own checks, I use https://trafficplanethosting.com and am happy with the switch - very helpful help desk team and solid service. Email is their weak spot, but it is adequate.
Good WP plugin to reduce spammers to your blog comments:
Love Wordfence (free), but most of all, make your passwords LOOOOOOOOOOOOONG. Use a phrase like 'I hate long, 36-character passwords!' [make your own!] Brute force algorithms will hack through a short password in no time, and the hackers have bots that spend their life trying variations of passwords. And increase lockout times to their longest setting (60 days).
Akismet for comment spam.
For general security, I highly recommend Sucuri. #sucuri
Often, a good place to start when it comes to website security is your hosting environment. Today, there are a number of options available to you, and while hosts offer security to a certain level, it's important to understand where their responsibility ends and yours begins.
My recommendation would be to move away from wordpress simply because you have to keep on top of all the plugin updates and platform updates. If you missed a few updates on a particular plugin you may run into security issues and a simple plugin can break the site if it is not updated correctly. But if you can't move away from Wordpress, then you may want to try to get this plugin for security.
JMS Technology Group, LLC
I've actually written a blog post on this that explains securing a WordPress site: http://jvmediadesign.com/blog/business/truth-about-wordpress-security/
Also for comment spam, sign up for an account with Disqus.com and then install the Disqus plugin on your site. We use that for many of our clients and it really cuts down on the spam comments.
Easy. Download the WordFence and WordPress Zero Spam plugins. Problem solved.
Depending on your website, you may want to consider moving to Wix, Weebly or Squarespace as they host the website and protext you from spamming.
Some wordpress plugins may contain malware which may result in your website being blocked by Google. I suggest monitoring the reputation of the plugins used and if they are not reputable, get rid of. As a web developer, this is one of the reasons we steer away from using Wordpress altogether.
1. Spam: You could probably use a captcha to slow-down spammers. There's probably a plug-in for that. I use an anti-spam plug-in, although the name eludes me. 2: Hackers: To prevent log-in attempts from hackers (in-person or by bot) as well as other hacking attempts, use a security plug-in like Wordfence. Once I had Wordfence installed I was able to see the number of hack attempts that occurred on my sites. 3: Where to Get Plug-ins: Make sure you get your plug-ins from the official Wordpress site: https://en-ca.wordpress.org/plugins/ For the anti-spam one - just look for one that has lots of downloads and high star rating.
I think you should try this and configure it properly..
Hi! You have to use the plugin, which is integrated with safety, trusted software, and have with stringent security protocols on behalf. As well as your form should contain "Captcha" button.
Try to change your forms and I advise you to try absolutely FREE forms plugin integrated with CRM for the WordPress http://crm-plugin.org. The is Swiss software with hosting in Switzerland, we have absolutely other security protection and law, I use myself and very happy, no claims related to unpleasant spam. And do not allow comments if you don' t really need them and don' t allow users to register directly on WordPress. Write your feedback, will happy to help.
You can use wp security plugin to protect your website. Checkout https://wordpress.org/plugins/gotmls/ I think it will work for you.
WordPress pro, having this list to refer to can be helpful as you set about implementing security strategies on your sites.
Keep WordPress up-to-date. Something so simple can have a big impact on site security. Whenever you login to the dashboard and see that “Update available” banner, click it and update your site. If you’re worried about something breaking, make a backup before installing it. The important thing is that you do it, and with regularity. Information about any security holes that were fixed from the previous version are now available to the public, which means an out of date site is all the more vulnerable.
Keep plugins and themes up-to-date. Just as you update the WordPress Core regularly, you should also update plugins and themes. Each plugin and theme installed on your site is like a backdoor into your site’s admin. Unless properly secured (vetted thoroughly, updated regularly, etc), plugins and themes are like an open door to your personal info.
Delete any plugins or themes you’re not using. Along the same line of thinking as what’s listed above, getting rid of any plugins or themes you don’t need will reduce the likelihood of being hacked. If you’re not using them, you’re not going to want to update them, so it’s a much better idea to delete them. Read: Deactivating plugins isn’t enough; you must actually click “Delete.”
Only download plugins and themes from well-known sources. When you can, downloading plugins and themes from WordPress.org is actually your best bet since they will have been thoroughly scanned before being admissible to the Theme Directory or Plugin Directory. If you want a premium theme or plugin, only download them from reputable sources like Themeforest or from a highly respected developer’s website.
Change file permissions. Avoid configuring directories with 777 permissions. You should opt for 755 or 750, instead, according to WordPress.org. While you’re at it, set files to 640 or 644 and wp-config.php to 600.
Don’t use “admin” as a username. If you’ve already installed WordPress using “admin” as your username or something else very simple, you can change it by inputing an SQL query in PHPMyAdmin or by following the instructions laid out in our latest post on the subject.
Change your password often (and make it good). Random strings of letters and numbers are best. If you don’t feel like coming up with something manually, you can use a password generator to accomplish the task like Norton Password Generator or Strong Password Generator.
WordPress is an open source platform, and it is a very popular CMS used for website building. WordPress website security creates the huge importance for the website owner.
If you are serious about to secure your WordPress website, I would like to share some best tips that help to secure your website.
1. Take Backups Regularly
2. Keep Your Website Updated
3. Optimize WP File Permissions
4. Use 2-Factor Authentication
5. Hide Admin Panel
6. Get Plugins From Known Resources Only
7. Limit Login Attempts
8. Never Download Premium Plugins Without Paying Anything
9. Go For HTTPS
10. Use Security Plugins
These are some valuable tips that provide proper security of your WordPress Website. Some of these tips are easy to implement and also performed manually in mere minutes. For the others, require to download the particular plugin.
I hope this details will help you.