Screenshot by David Gewirtz/ZDNET
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
Spammers found ways in and flooded my database.
Claude and Codex became my emergency coding team.
The 4,700-line fix added stronger defenses and cleanup tools.
About a month ago, my main website was on the receiving end of a new attack. Spammers were using the username field as a message carrier, stuffing it with a fake domain and crypto bait such as "check balance," "withdraw funds," "BTC transfer" and "action required." WordPress then helpfully forwarded that payload to me in thousands of "new user registration" emails.
Also: Apple rushed to squash 29 bugs because AI is supercharging hackers - update ASAP
At that time, my server was using a commercially purchased security product that was supposed to protect my WordPress website from registration spam. That product clearly wasn't up to the task.
I'm the developer of a WordPress security plugin that is designed to help users restrict access to their websites. Since the registration spam security product I had been paying for wasn't working, I decided to build a spam security capability into my existing plugin.
... continue reading