It was a few weeks ago that I wrote an article and did a video about WordPress form spam. The gist of the post was that form spam was a fact of life and that receiving 1-2 pieces of spam a day was something that should be considered normal for any site receiving a fair amount of traffic.
When WordPress Spam Becomes a Problem
For our clients, I really considered form spam a “problem” when it grows beyond those 2 pieces per day on average. With things like reCaptcha, honeypots, and firewalls in place, we have to accept the fact that such measures are only as good as the last known threat. If they are circumventing all these protection layers it’s most likely only a matter of time before they are stopped… the problem is that for every spambot out there, there are hundreds, thousands, or maybe millions of others.
“Just Delete It”, Said the Website Support Guy
I know clients have rolled their eyes when I told them to deal with it and simply delete these as they come into their inboxes. I never liked telling a client this either. It felt shallow/unhelpful, and my job is support, my job is to fix problems not necessarily explain them.
The Spam Problem Really Could be Much Worse
What clients didn’t know was that the system was working. Without protections we do have in place, the form spam issue would be so much worse!
Slow and Steady Goes the WordPress Form Spam Attack
Last week we had a website come under a much heavier spam attack. It wasn’t enough to affect the servers or even be seen as a DDoS attack by the firewall. It was coming in at about 50 to 100 pieces in 24 hours. That’s an average of one piece of spam every 12 -13 minutes. Not enough to be considered a bad attack, but certainly enough to be considered annoying as hell and definitely something to do deal with.
We ended up utilizing the Akismet service from WordPress to stop this attack. Akismet was first developed to help control blog comment spam on WordPress blogs but has grown to offer additional capabilities over the years, including compatibility with WordPress’s more popular form plugins.
Akismet is used by millions of websites around the world to control spam of many kinds. By filtering hundreds of millions of comments and form spam per day, they build an intelligence of where spam is coming from and what the characteristics of it are. With this knowledge, they are able to adaptively protect millions of websites from spam attacks like the one described above.
We have used Akismet before to control blog comment spam, but we are now using it to control form spam as well.
WordPress Spam Control for All Clients
Starting immediately all managed WordPress hosting clients and clients with website maintenance plans can take advantage of the Akismet service at no additional charge. We have already deployed this new service on several of our client’s websites including all Genius Stack clients. We will continue to roll this out to our clients and make it a standard part of all our hosting and maintenance plans moving forward.
The Immediate Result
We have already stopped thousands of pieces of spam from getting to our client’s inboxes and for those clients who complained about 1-2 pieces of spam a day… we have seen that drop to just about zero!