If you host multiple WordPress sites, you already know spam comments are relentless. cPFence includes advanced security layers by default—including IPDB protection—but spam bots can still slip through when websites use proxies like Cloudflare, effectively bypassing IP-based blocking.
Today, we’re excited to share a powerful one-click solution that can be applied cluster-wide using WP-AutoShield bulk tools. This solution eliminates WordPress comment spam across your entire server instantly and effectively with just one click—without the hassle of complex configurations.
Why Typical Anti-Spam Solutions Fail
Spam bots don’t read your posts or load your pages. Instead, they send direct POST requests to WordPress’s comment handler (wp-comments-post.php), injecting spam links effortlessly. Traditional methods—such as CAPTCHAs, IP blacklists, or honeypots—don’t fully prevent this direct, automated access.
How to Use cPFence Bulk Tools to Solve This
You can use the bulk install plugin feature, or if you have WP-AutoShield’s latest update (3.3.60+), you can now use our new Forced Plugin Installation feature to instantly force daily deployment of proven anti-spam plugins, such as the highly effective Forget Spam Comment, across every WordPress site on your server.
Here’s how it works:
- Direct access to
wp-comments-post.phpis blocked unless the request includes a special query string. - A lightweight JavaScript snippet automatically generates this query string when genuine users scroll down a page.
- Bots, unable to mimic real human browsing, are completely denied.
Activate Across All Sites with a Single Click
To implement this powerful solution immediately:
- Navigate to Tools & Utilities → WP-AutoShield Bulk Tools → Bulk Install WordPress Plugin or ZIP in your cPFence WebUI.
- Enter the plugin slug:
forget-spam-comment. - Click Verify Slug.
- Click Bulk Install Plugin.
For permanent, automated enforcement, simply add plugin slugs into /var/log/cpfenceav/wp-plugin-bundle.txt. WP-AutoShield takes care of daily installation and updates. (This feature is off by default; set autoshield_force_plugin_bundle in WebUI → System Settings to “on”.)
No manual configurations. No complex setups. Spam eliminated instantly, across every site you host.
Immediate Benefits for Hosting Providers
Your customers see a dramatic reduction in spam comments instantly, lessening their moderation burden and improving site performance. Even sites using Cloudflare proxies benefit fully, ensuring robust protection without additional effort.
See it in Action – Free
Experience the simplicity and effectiveness yourself. Start your free cPFence trial for one month today—no obligations, no payment required:
Don’t use cPFence? You can still manually install this plugin on your WordPress sites to eliminate spam.
Hi!
I can’t find the “autoshield_force_plugin_bundle” in WebUI → System Settings, as mentioned above.
CU… Sven
Hi Sven,
You need to go to “Adjust cPFence Settings (Single Server)” and then click on “Load Current Settings”.
More info:
https://my.cpfence.app/knowledgebase/2/Configuring-cPFence.html