threatover Patrik Grobshäuser

COMMENT SPAM · WORDPRESS · CLEARED

WordPress spam comment cleanup.

When spam ends up on posts where commenting is disabled, the spammer isn’t using your comment form — they’re writing to the database directly. I clean it, find how they got in, and harden the comment system. Flat $279.

MECHANISM

If Akismet didn’t see it, Akismet can’t stop it.

Normal spam goes through the comment form, where Akismet and similar plugins can score it. Injected spam skips the form entirely — it’s either written into wp_comments via a vulnerable plugin or appended to post content via stolen credentials.

Both cases need cleanup at the database level. I remove the spam without touching legitimate comments, find the route the attacker used, and harden it so Akismet’s job becomes possible again.

SQL — find comments that bypassed moderation
01 SELECT comment_ID, comment_author, comment_date
02   FROM wp_comments
03  WHERE comment_approved = 1
04    AND comment_author_url LIKE '%http%'
05  ORDER BY comment_date DESC LIMIT 50;
06
07 // A burst of auto-approved comments with outbound URLs,
08 // during hours your site is normally quiet — investigate.

What I remove

Every comment, every post, every link.

  • TRIAGE

    Database scanned for comments that don’t match your moderation rules — auto-approved with links, posted in bursts, attached to closed-comment posts.

  • COMMENTS

    Injected comments removed in bulk. Legitimate comments preserved. Pingbacks reviewed.

  • POSTS

    Post content scanned for spam links injected directly into the body. Removed, originals kept.

  • DATABASE

    wp_commentmeta, wp_postmeta, and related tables audited for hidden persistence.

  • HARDENING

    Comment endpoints rate-limited. Akismet and Recent Comments plugins audited. Plugin vulnerabilities patched.

  • REPORT

    Plain-English forensic write-up, count of comments removed, what to do before re-opening comments.

Pricing

Cleanup

$279

flat, one-time, per site

Manual cleanup, entry-vector identification, written forensic report.

Start a cleanup

Monitoring

$29 / mo

per site, cancel any time

Continuous monitoring, hardening, one cleanup per year included.

Get protected

Part of threatover's broader security practice. Penetration testing, bug bounty consulting, triage, and security advisory.

See all services →

Email [email protected] or use the contact form.