WordPress comment and contact form spam blocking using Cloudflare

Comments

• somik OG

  August 2023

  @bikegremlin said:
  It's a constant cat-and-mouse game, but so far so good (says a man falling from a 10-storey building ).

  It seems you can block 99% of spam with ANY captcha provider. The issue is the remaining 1% is real people who are getting paid to solve captchas whole day long. They cannot be blocked by ANY popular captcha/anti-spam providers.

  The solution seems to be dual captcha where you have a own captcha to block at least 0.99% of the remaining 1% along with a popular provider blocking the 99%.

  ---

  Note: All statistics numbers are made up.
  Note 2: Information obtained from sources on shady forums offering jobs solving captcha.

  It’s OK if you disagree with me. I can’t force you to be right!
  IPv4: 32 bits of stress. IPv6: 128 bits of... well, more stress... Have anyone seen my subnet?
• lll

  August 2023

  I would just disable comment. No spams at all.
• bikegremlin ModeratorOGContent Writer

  August 2023

  @somik
  Cloudflare seems to be more effective than Google's reCAPTCHA. And it is a lot more stable compared to using a WordPress captcha plugin (the fewer plugins, the better). Also, it doesn't load anything until a "post comment" button is pressed, so it doesn't slow things down.

  @lll
  Comments are very helpful and useful on my websites. Both for readers and for me. Questions and additions & corrections is what they boil down to.

  🔧 BikeGremlin guides & resources
• somik OG

  August 2023

  @bikegremlin said:
  @somik
  Cloudflare seems to be more effective than Google's reCAPTCHA. And it is a lot more stable compared to using a WordPress captcha plugin (the fewer plugins, the better). Also, it doesn't load anything until a "post comment" button is pressed, so it doesn't slow things down.

  I'll give it a try then. I was using google captcha v3 on one of my website but I still had to use my own captcha for the contact form to reduce the number of automated comments.

  It’s OK if you disagree with me. I can’t force you to be right!
  IPv4: 32 bits of stress. IPv6: 128 bits of... well, more stress... Have anyone seen my subnet?
• bikegremlin ModeratorOGContent Writer

  August 2023 edited August 2023

  @somik said:

  @bikegremlin said:
  @somik
  Cloudflare seems to be more effective than Google's reCAPTCHA. And it is a lot more stable compared to using a WordPress captcha plugin (the fewer plugins, the better). Also, it doesn't load anything until a "post comment" button is pressed, so it doesn't slow things down.

  I'll give it a try then. I was using google captcha v3 on one of my website but I still had to use my own captcha for the contact form to reduce the number of automated comments.

  I gave myself the liberty to test your contact page (the note is clearly marked as a test).
  If this helps, I suppose you could make a Cloudflare WAF rule:

  Field: URI Path
  Operator: equals
  Value: /contact
  Action: JS Challenge

  Thanked by (1)FrankZ

  🔧 BikeGremlin guides & resources
• somik OG

  August 2023

  @bikegremlin said:

  @somik said:

  @bikegremlin said:
  @somik
  Cloudflare seems to be more effective than Google's reCAPTCHA. And it is a lot more stable compared to using a WordPress captcha plugin (the fewer plugins, the better). Also, it doesn't load anything until a "post comment" button is pressed, so it doesn't slow things down.

  I'll give it a try then. I was using google captcha v3 on one of my website but I still had to use my own captcha for the contact form to reduce the number of automated comments.

  I gave myself the liberty to test your contact page (the note is clearly marked as a test).
  If this helps, I suppose you could make a Cloudflare WAF rule:

  Field: URI Path
  Operator: equals
  Value: /contact
  Action: JS Challenge

  Oh, I don't use cloud flare on this website. Need to see how to set it up I guess.

  Got any step by step for dummies for cloud flare?

  It’s OK if you disagree with me. I can’t force you to be right!
  IPv4: 32 bits of stress. IPv6: 128 bits of... well, more stress... Have anyone seen my subnet?
• bikegremlin ModeratorOGContent Writer

  August 2023

  @somik said:

  @bikegremlin said:

  @somik said:

  @bikegremlin said:
  @somik
  Cloudflare seems to be more effective than Google's reCAPTCHA. And it is a lot more stable compared to using a WordPress captcha plugin (the fewer plugins, the better). Also, it doesn't load anything until a "post comment" button is pressed, so it doesn't slow things down.

  I'll give it a try then. I was using google captcha v3 on one of my website but I still had to use my own captcha for the contact form to reduce the number of automated comments.

  I gave myself the liberty to test your contact page (the note is clearly marked as a test).
  If this helps, I suppose you could make a Cloudflare WAF rule:

  Field: URI Path
  Operator: equals
  Value: /contact
  Action: JS Challenge

  Oh, I don't use cloud flare on this website. Need to see how to set it up I guess.

  Got any step by step for dummies for cloud flare?

  Yup.

  The first "chapter" of the article I linked in the first post contains a list of other relevant CF articles (how to configure DNS, how to configure it for WordPress and similar).

  Thanked by (1)somik

  🔧 BikeGremlin guides & resources