This guide details the essential measures to protect your WordPress site against spam and automated malicious content.

Preamble

• A site without protection is an easy target for spambots (robots) that use comments to spread fraudulent links.
• Without protection, every form (contact, booking, voting) can be hijacked to send mass emails from your server.
• Spam degrades your user experience, harms the reputation of your domain (email blacklisting) and can saturate the resources of your hosting.

1. Master the comment system

By default, WordPress is configured to allow comments. To limit abuse, refer to the WordPress codex.

If you want to keep interactions, you can restrict comments to logged-in users only via the discussion settings page.

2. Use automatic protection tools

To block robots without harming the experience of your visitors, two main technologies exist: the captcha (visual test) and the honeypot (invisible trap for humans but detected by robots).

Solution included with Infomaniak

If you have installed WordPress via Infomaniak's automatic installation tool, the WP Armour – Honeypot Anti Spam extension is already activated. It natively protects the most common forms:

• WP Comments & WP Registration
• Contact Form 7, Elementor Forms, Divi Contact Form
• WooCommerce Reviews, BBPress, Gravity Forms

Recommended alternatives

• Akismet Anti-Spam: Developed by Automattic, it is a very effective reference, although paid for commercial sites.
• The Anti-Spam Sentinel: A complete extension and very well rated by the French-speaking community.
• Contact Form 7 Honeypot: A specific module if you only use the Contact Form 7 extension.

The role of the host

Beyond the security of your site, Infomaniak deploys protections at the server level. To learn more, refer to the article on combating malicious emails as well as the FAQ on the security tools provided.