WordPress comment and contact form spam blocking using Cloudflare

bikegremlinbikegremlin ModeratorOGContent Writer

OK, we all know that Cloudflare is (another) big brother that smiles warmly upon us (for now) giving a lot of free goodies.

Being less than thrilled with Google reCAPTCHA, I decided to try doing the same using Cloudflare, for as long as it's free.

It boils down to creating a WAF rule:
Field: URI Path
Operator: contains
Value: wp-comments-post.php
Action: JS Challenge

So far so good.

All the details (how to configure and test it) are in the article:
Stopping WordPress comment spam with CloudFlare

It's a constant cat-and-mouse game, but so far so good (says a man falling from a 10-storey building :) ).

Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews

Comments

  • @bikegremlin said:
    It's a constant cat-and-mouse game, but so far so good (says a man falling from a 10-storey building :) ).

    It seems you can block 99% of spam with ANY captcha provider. The issue is the remaining 1% is real people who are getting paid to solve captchas whole day long. They cannot be blocked by ANY popular captcha/anti-spam providers.

    The solution seems to be dual captcha where you have a own captcha to block at least 0.99% of the remaining 1% along with a popular provider blocking the 99%.


    Note: All statistics numbers are made up.
    Note 2: Information obtained from sources on shady forums offering jobs solving captcha.

    If it’s not broken, keep fixing it until it is. Blink twice if you agree.

  • I would just disable comment. No spams at all. =)

  • bikegremlinbikegremlin ModeratorOGContent Writer

    @somik
    Cloudflare seems to be more effective than Google's reCAPTCHA. And it is a lot more stable compared to using a WordPress captcha plugin (the fewer plugins, the better). Also, it doesn't load anything until a "post comment" button is pressed, so it doesn't slow things down.

    @lll
    Comments are very helpful and useful on my websites. Both for readers and for me. Questions and additions & corrections is what they boil down to.

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • @bikegremlin said:
    @somik
    Cloudflare seems to be more effective than Google's reCAPTCHA. And it is a lot more stable compared to using a WordPress captcha plugin (the fewer plugins, the better). Also, it doesn't load anything until a "post comment" button is pressed, so it doesn't slow things down.

    I'll give it a try then. I was using google captcha v3 on one of my website but I still had to use my own captcha for the contact form to reduce the number of automated comments.

    If it’s not broken, keep fixing it until it is. Blink twice if you agree.

  • bikegremlinbikegremlin ModeratorOGContent Writer
    edited August 2023

    @somik said:

    @bikegremlin said:
    @somik
    Cloudflare seems to be more effective than Google's reCAPTCHA. And it is a lot more stable compared to using a WordPress captcha plugin (the fewer plugins, the better). Also, it doesn't load anything until a "post comment" button is pressed, so it doesn't slow things down.

    I'll give it a try then. I was using google captcha v3 on one of my website but I still had to use my own captcha for the contact form to reduce the number of automated comments.

    I gave myself the liberty to test your contact page (the note is clearly marked as a test).
    If this helps, I suppose you could make a Cloudflare WAF rule:

    Field: URI Path
    Operator: equals
    Value: /contact
    Action: JS Challenge

    Thanked by (1)FrankZ

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • @bikegremlin said:

    @somik said:

    @bikegremlin said:
    @somik
    Cloudflare seems to be more effective than Google's reCAPTCHA. And it is a lot more stable compared to using a WordPress captcha plugin (the fewer plugins, the better). Also, it doesn't load anything until a "post comment" button is pressed, so it doesn't slow things down.

    I'll give it a try then. I was using google captcha v3 on one of my website but I still had to use my own captcha for the contact form to reduce the number of automated comments.

    I gave myself the liberty to test your contact page (the note is clearly marked as a test).
    If this helps, I suppose you could make a Cloudflare WAF rule:

    Field: URI Path
    Operator: equals
    Value: /contact
    Action: JS Challenge

    Oh, I don't use cloud flare on this website. Need to see how to set it up I guess.

    Got any step by step for dummies for cloud flare?

    If it’s not broken, keep fixing it until it is. Blink twice if you agree.

  • bikegremlinbikegremlin ModeratorOGContent Writer

    @somik said:

    @bikegremlin said:

    @somik said:

    @bikegremlin said:
    @somik
    Cloudflare seems to be more effective than Google's reCAPTCHA. And it is a lot more stable compared to using a WordPress captcha plugin (the fewer plugins, the better). Also, it doesn't load anything until a "post comment" button is pressed, so it doesn't slow things down.

    I'll give it a try then. I was using google captcha v3 on one of my website but I still had to use my own captcha for the contact form to reduce the number of automated comments.

    I gave myself the liberty to test your contact page (the note is clearly marked as a test).
    If this helps, I suppose you could make a Cloudflare WAF rule:

    Field: URI Path
    Operator: equals
    Value: /contact
    Action: JS Challenge

    Oh, I don't use cloud flare on this website. Need to see how to set it up I guess.

    Got any step by step for dummies for cloud flare?

    Yup. :)

    The first "chapter" of the article I linked in the first post contains a list of other relevant CF articles (how to configure DNS, how to configure it for WordPress and similar).

    Thanked by (1)somik

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

Sign In or Register to comment.