-
-
Notifications
You must be signed in to change notification settings - Fork 13
Home
Stop Spammers was created by Keith Graham, and further developed by Ryan Grieco, a handful of others, and myself (Bryan Hadaway).
Stop Spammers is an anti-spam WordPress plugin.
Stop Spammers can be downloaded from https://wordpress.org/plugins/stop-spammer-registrations-plugin/.
Stop Spammers was first released to WordPress users in 2010.
WordPress is aggressively targeted by spammers, and so the only way to protect a WordPress install is to take an equally aggressive approach.
Stop Spammers automatically attempts to check all front-end user submission forms like: registration, login, comment, and email contact forms and runs them through dozens of toggleable filters like: spam words, IP blacklists, customizable allow/block lists, and more.
With the basics out of the way, let’s dig in a little more and discuss deeper subjects like the philosophy and expectations of using an anti-spam/security plugin like Stop Spammers.
Stop Spammers is not a magic, cure-all bullet for your security and spam woes. It is just one of many optional layers available to you to harden your WordPress install against unwanted behavior. Examples of other layers:
- Choosing a security-conscious host or enlisting the help of a system admin if you’re self-hosting
- Installing WordPress manually, using best practices
- Never using “admin” as a username
- Using strong passwords (a good rule to go by is if you can remember your password, it’s not really a password — this is a proper password:
*JZf=}qsMi_w|ugYNHZDhD3jCVI^fj7z2T-A]D.5F&l(M(|f!x&KoE2Z~h.gP}i0) - Running your site’s DNS through Cloudflare
- Installing other security plugins (like Wordfence) alongside Stop Spammers
- Keeping themes, plugins, and WordPress itself up-to-date
These are just a handful of basic examples, but there are many other layers for you to discover and learn about.
While in many or even most cases, Stop Spammers can simply be installed in a “set and forget” manner and do its job just fine automatically, that’s not always the case. As the owner of your website, it’s your responsibility to make sure that everything is in working order and refine your settings as needed. This is especially important if you’re running a site that has membership or store functionality.
Any time you ever implement a new security measure to block the “bad guys,” you also run the risk of blocking legitimate users or even yourself! These are called false positives and this is a basic principle that’s not at all unique to Stop Spammers.
Additionally, the idea that you can block 100% of spam is false. As long as legitimate users can interact with your website, so too will illegitimate users. There is no measure in the world that you can take to stop 100% of spam; it's more about slowing it down to a manageable pace. Slow Spammers might have been a better name for the plugin.
Unfortunately, most of the bad reviews are due to misunderstanding these fundamental facts about spam and security.
Having the right attitude about the security of your website can save you a lot of stress.
I understand that it can be very scary, the idea that your site is under attack, but the most important lesson in all of security, is that you’re not actually under personal attack (at least it’s 99.999% likely that you’re not). A lot of users are startled by the stats of just how many spammers are constantly poking around their site.
But, it’s important to understand that your site was always under “attack,” it’s just that you didn’t have the tools to log those events before, so just know that there isn’t an increase in malicious behavior toward you or your site, but rather your awareness of it.
And again, it’s important to understand that they’re not specifically targeting you, but actually ALL public-facing websites, especially those built with WordPress, are constantly be sniffed out by spambots, searching for and attempting to exploit vulnerabilities.
The intention of this post is an attempt to better educate new users on what Stop Spammers is, and more importantly, what it isn’t. Security is a vastly advanced topic, and there’s really no way to easily summarize in just one video, tutorial, or even post all the bits you need to have a good understanding and healthy attitude about the topic, but hopefully this post will serve as enough of a starting point to avoid any major frustration.