AbyssGuard is excellent Anti Comment Spam and Protection solution for WordPress! With AbyssGuard enabled no spam message will go through undetected. Even if your comments are disabled, it's still possible for the smarter bots to submit a spam message, which will be detected by AbyssGuard.
Another method of WordPress spamming is the Trackback. AbyssGuard will catch the trackbacks submitted to your blog and will analyze if they are real. The spam attempts will be blocked and recorded.
AbyssGuard can also stop dictionary attacks against your WordPress site. Hackers will often probe for your login and administration pages and will try to log in, often through dictionary attacks or sometimes even brute force. The dictionary attack is a technique that uses dictionary containing often hundreds and even millions of different words and combinations to be tried for username and password. Such blocked requests usually appear in the AbyssGuard Log page as multiple hits on your wp-login.php.
In order for the Comment Spam check to work you have to enable the Comment Checking option in your Settings.
AbyssGuard will also protect your WordPress from hack attempts. Many hackers are probing the internet for WordPress vulnerabilities, bugs in addons and security holes. AbyssGuard will detect and stop them. Note that blocking hack attempt doesn't necessarily mean that you are vulnerable to the given technique. But the hackers don't know that until they try.
For WordPress apart of the standard index.php include you should include AbyssGuard in the following files too:
- wp-comments-post.php
- wp-login.php
This will allow AbyssGuard to monitor everything that is happening with your WordPress and to prevent any spam and hack attempts.
For WordPress opened for registrations and with multiple people logging in it's probably best not to make the wp-login.php include as some people may get banned. This is measure mostly for private blogs targeted by bruteforce attacks.
In order for the Hack Prevention to work you have to enable the Core Protection option in your Settings.
AbyssGuard is also very handy as it doesn't require separate installation and rules for every different WordPress installation you may have. AbyssGuard works with centralized instance with common log and rules that is included on as many websites as you wish on the same server.
AbyssGuard is fully configurable according to your needs and in order to have full control on what gets through and what gets banned without any false positives.
All caught hack and spam attempts are recorded in the AbyssGuard Log for you to review them for your personal information and statistics. The spam messages will be recorded as well.
Note that upon upgrading your WordPress installation some files may be replaced with newer versions which will also replace the AbyssGuard includes and you may have to include it again. The minor updates shouldn't replace anything, but upgrading to major versions of the CMS will always require you to include AbyssGuard again.