I do have a problem on my WordPress site. In the frontend there is a spam post (not a comment, a post) visible to everybody. I don't know where it comes from and all malware scans were negative so far. However, in order to solve this problem I will need to delete this post. But it can't be seen in the backend. As you can see on the given screenshot the posts area shows "all posts" with the number of …

The day before yesterday, I got an enormous amount of spam orders coming in by the minute. By the time I blocked the IP and email that the customer registered with, there had already been 3800 orders placed. All failed but the first 5. My email obviously got flooded with the failed order notifications however, they seem to be arriving in random order and I am wondering if there is a way to delete the emails in queue in WordPress. …

I am working on wordpress comment section. I understand that when we are posting some comments for example comments with many links, then WordPress storing this comment in to the database with unapproved status. As the result in the website admin comment section, we can see that these comments are coming as unapproved (red background color.). I want to know which function wordpress uses for this. And I want to use that function inside my custom code so that before …

I have a lot of spam comments being posted on my WordPress site. It is being posted using the wp-comments-post.php file. I can see from the logs: "POST /wp/wp-comments-post.php HTTP/1.0" 302 3744 "https://example.com/wp/link/" "Mozilla/5.0 (Windows NT 6.1; WOW64) I already have this in my .htaccess file: RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .wp-comments-post\.php* RewriteCond %{HTTP_REFERER} !.*example.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L] It does not seem to prevent it. Is there anything wrong in the above code?

I've been doing WP for over a decade now, and have fixed / remediated my share of hacks. However this one really has me stumped.. I have a site running on updated, patched, and pretty darn secure WordPress. For context, it used to NOT be so secure before I took over hosting it. It used an old theme, Experon Pro (this will come into play later) before I rebuilt it in 2020. Now to the hack -- The site has …

Some scum are trying to post spam comments about viagra/casinos to my site. I have comments disabled at Settings > Discussion Somehow they manage to send comments and pings to my site. I want to disable both. How? NOTE: This is my bulk edit form. No pings or comments dropdown.

This relates to my previous question: Internal search spam (UPD: I no longer use Ivory Search) The closest question I found: Block search keywords As I understood, I need to use pre_get_posts, but I don't exactly know where it should go (functions.php?) and how I can create a regex-based rule to exclude everything that has "www." in it and non-Latin or non-numeric symbols like emojis and Cyrillic letters. I have the results noindexed and blocked in robots.txt, but I'd like …

On my WordPress site I require registration with email confirmation to help filter out spam users. How do I delete users that haven't activated their accounts by email automatically? Is it possible to automatically delete users that are X days old? For example: if the user is 7 days old and not active, then the account should be automatically deleted. I'd like to check for this every day. Could someone please explain how to do this? I am using the …

I recently found hundreds of posts with post_type oembed_cache while looking into my database. Many of them appear to be spam. I can't for the life of me figure out how there are being injected into my database. Here is a picture from phpmyadmin LINK. Is anyone else having this issue? Can anyone offer any insight? How do I clean this up and more importantly how do I prevent it from happening?

This form is receiving a lot of spams and I would like some advice on what I can do to prevent it. I should not use any plugins nor any Captcha. function innerpages_form($atts, $content = null) { session_start(); // Attributes extract( shortcode_atts( array( 'title' => '', ), $atts ) ); // Code //global $wp_session; return ' <div class="sell-fast-form"> <form action="/sell-now/" method="post" id="myForm"> <h2 style="color:#f15a29">Need To Sell Your House Fast?</h2><br> <h2>Property Address</h2> <input type="text" class="Property_Address" name="Property_Address" id="addr" placeholder="Property Address" value="" required …

Wordpress comments exists in 4 states: 0 not approved 1 approved Trashed Spam When a user makes a comment it will end up in the 0 not approved folder, or if it's a spam comment directly to the spam folder. Is it possible to send every single comment to the spam folder?

A spam email is being sent from my default email([email protected]) to all the subscriber. What may have caused this and how could I prevent this from happening again?

This is my first post, I tried searching for similar problems, didn't find any that would fit my situation. Anyway. Recently my cousins website got hacked, I decided to take a look and try to fix it as an exercise. I have little to none experience with web dev, so I hope to get some helpful feedback here. Whenever I type the URL in the address bar (or search for it on search engines) I get redirected to some blog …

I noticed today that a spammer is posting comments on my website using the admin-ajax.php file. Does this mean that my website is hacked? If it is not hacked, how can I prevent that person from posting spam comments using this file? Thanks.

I keep getting spammed by the same user, well different name and site listed but always the same email, IP, and comment. the email is [email protected], the IP is 31.184.238.9, and the message is long and always the same. I want to do 2 things: How can I block this person from commenting? I have over a hundred pending from them, is there a way to mark them all as spam?

Every once in a while, I see an email like this: Someone (hopefully you) has used this email to register at My Website Username: ********* Password: ********* Thanks My Website I login to my site, and sure enough, my admin email has changed to the one mentioned in the email. I freaked out the first time I saw it. I thought someone was trying to take over my site or put spam or ads on it or something. However, since …

The company I work for has an enterprise Wordpress site that was acquired from a different company. I don't know if there was a past hack or if it's just accumulated spam or what, but the wp_redirection_404 table has grown to roughly 7GB. I tried grepping the table for Viagra, Versace, Nike, etc. and got pages of results for each. It's obviously full of junk. It doesn't appear to be doing anything. In fact, when downloading it locally to work …

I have 20,000 fake subscribers I'd like to get rid of. The admin panel only lets you delete 200 at a time. How can I bulk delete all Wordpress subscribers via MySQL?

I am working on a moderation tool. One of the actions I want my moderators to be able to achieve is setting a user account as spam. I know how to do so via the UI as admin but how do I do the same via code?

My Wordpress site has recently been hacked and I followed the steps described here to clear it: https://wordpress.org/support/article/faq-my-site-was-hacked/ The whole site redirected to a spam website. Now I can access it and the backend again. But still there is one single page which is still redirecting to the spam site and I cannot figure out why. The odd thing is as soon as I am logged in to Wordpress I can access the page. As soon as I am logged …