How To Stop Comment Spam On Your WordPress Media Attachment Pages

Learn how to prevent spammers posting comments on your WordPress media file attachment pages …

How To Stop Comment Spam On Your WordPress Media Attachment Pages

How To Stop Comment Spam On Your WordPress Media Attachment Pages Are you getting comment spam on your WordPress media attachment pages?

This step-by-step tutorial will show you how to delete comment spam from your media attachments and how to prevent this from happening in the future.

Spammers can be quite devious when it comes to finding new ways to spam your site. Recently, while doing some administration work, I received an automated email notification message from one of my sites that a spam comment had been posted on a media file attachment page …

WordPress comment notification email

(WordPress comment notification email)

My first thought was “How did spammers get to my media files?”

After logging into the site, clicking on the ‘Comments’ menu and verifying that the spam comment had indeed been posted on a media file attachment page, my second thought was … “Oh no! I’ve uploaded a bunch of media files to this site, so I need to shut down hundreds of pages that spammers can target!” …

WordPress Comments section

(WordPress Comments section)

I then checked some of the media file attachments pages on the site and saw that the “comments” section was enabled …

Media file attachment page - Comments enabled

(Media file attachment page – Comments enabled)

This was a new site that I had quickly set up and hadn’t finished fully configuring. To prevent further comment spam from being posted on the site through its media attachment pages, I now had to disable the ‘Discussions’ feature for all existing media items.

The tutorial below will show you how to delete comment spam posted to existing media file attachment pages and how to prevent new comment spam from being posted to these pages in the future

How To Delete Comment Spam On Existing Media File Attachment Pages

Normally, the best way to prevent comment spam is to configure your discussion settings as shown in the tutorial below:

How To Configure Your WordPress Discussion Settings

Also, unless certain plugins or features installed on your site require you to upload and use images from the WordPress Media Library, we recommend storing and serving all media used on your website from a media storage and delivery service like Amazon S3.

How To Delete Comment Spam On Existing Media File Attachment Pages Manually

To delete comment spam from existing media file attachment pages, log into your WordPress admin, go to the main menu in your dashboard and select Media > Library …

WordPress Menu: Media > Library

(WordPress Menu: Media > Library)

This brings you to the Media Library screen.

Media Library Grid View

The screenshot below shows items uploaded to your media library displayed as a grid.

To disable comments on media files in the grid view, click on a media element …

WordPress Media Library - Grid Layout

(WordPress Media Library – Grid Layout)

This brings you to the Attachment Details screen. Click on the ‘View attachment page’ link …

Attachment Details - View attachment page

(Attachment Details – View attachment page)

We need to turn comments off on this page. To do this, click on ‘Edit Media’ in your WordPress admin toolbar …

WordPress admin toolbar - Edit Media

(WordPress admin toolbar – Edit Media)

In the Edit Media screen, scroll down to the ‘Discussion’ section and untick the ‘Allow comments’ checkbox to disable comments for that media element’s page …

Edit Media - Discussions

(Edit Media – Discussions)

If you can’t see the Discussion section, scroll to the top of your page and click on the Screen Options tab …

Screen Options tab

(Screen Options tab)

Make sure that the ‘Discussion’ checkbox is enabled in the ‘Boxes’ section …

Screen Options - Boxes > Discussion

(Screen Options – Boxes > Discussion)

After disabling the ‘Allow comments’ checkbox, click Update to save your new settings …

Comments disabled. Update to save your settings

(Comments disabled. Update to save your settings)

Make sure that your media file has been updated. Comments are now disabled for your media attachment page.

Media file updated

(Media file updated)

Note: If you have sharing features enabled for your media files through a plugin, you may also want to consider disabling sharing options on you media attachments pages (unless you need to leave these turned on) …

Consider disabling sharing features on media attachment pages

(Consider disabling sharing features on media attachment pages)

If using a plugin like Jetpack, for example, you can configure your sharing options to make sure that buttons don’t appear in places where they are not useful or required …

Jetpack Sharing Options

(Jetpack Sharing Options)

Media Library List View

A quicker way to edit your media files attachment pages is to display your media library in ‘List’ view. This way, you can go to the Edit Media screen directly by clicking on the ‘Edit’ link in the Quick Edit menu …

Media Library - Quick Edit > Edit

(Media Library – Quick Edit > Edit)

In the Edit Media screen, disable the ‘Allow comments’ checkbox in the Discussion section to disable comments, then resave the page to update your settings …

Edit Media screen - Disable comments in Discussion section

(Edit Media screen – Disable comments in Discussion section)

What If You Have Too Many Media Elements In Your Media Library … ?

If you have too many media elements uploaded to the WordPress Media Library, then disabling comments for each item manually can become a long and painful task …

What if you have too many media elements to update manually?

(What if you have too many media elements to update manually?)

In this case, we recommend using a plugin.

There are a number of plugins available for WordPress that allow you to disable comments on your site. Let’s take a look at one of these …

Disable Comments

WordPress plugin - Disable Comments

(WordPress plugin – Disable Comments)

Disable Comments is a free WordPress plugin that allows site administrators to disable comments globally on any post type (posts, pages, media attachments, etc.)

It also removes all comment-related fields from edit and quick-edit screens, the WordPress Dashboard, Widgets, the Admin Menu, and the Admin Bar. On multisite installations, it can be used to disable comments on your entire network.

Note: Don’t use this plugin if you want to selectively disable comments on individual posts. This plugin should be used if you don’t want comments at all on your site (or on certain post types), as the plugin settings cannot be overridden for individual posts.

To install the plugin, go to Plugins > Add Plugins and type in “disable comments” in the ‘Keyword’ field …

Plugins > Add Plugins

(Plugins > Add Plugins)

To use the ‘Disable Comments’ plugin, locate the item and click on the ‘Install Now’ button …

Add Plugins > Install Now

(Add Plugins > Install Now)

Click on ‘Activate’ …

Add Plugins > Activate

(Add Plugins > Activate)

After the plugin has been installed and activated, visit the configuration page to configure the plugin’s settings …

Plugin activated

(Plugin activated)

You can also access the plugin settings screen by going to Settings > Disable Comments.

Select the option that best suits your needs (e.g. disable comments throughout your site or only on selected post types – in this case ‘Media’) and click ‘Save Changes’ to update your settings …

Disable Comments screen

(Disable Comments screen)

After configuring and saving your settings, it’s time to check that everything is working as it should.

Go back to your Media Library section by selecting Media > Library from the main menu …

WordPress Menu - Media > Library

(WordPress Menu – Media > Library)

Select a media element that has not been updated yet, and right-click on ‘Edit’ to open the attachment page in a new browser tab …

Media Library - Edit

(Media Library – Edit)

The ‘Discussion’ and ‘Comments’ features should be disabled on the page …

Discussion feature disabled in media attachment page

(Discussion feature disabled in media attachment page)

These features should also have been disabled in the Screen Options tab …

Discussion feature disabled in Screen Options tab

(Discussion feature disabled in Screen Options tab)

And if you visit the media attachment page itself, you should not see the Comments field displayed (No Comments field = No Comment Spam!) …

No Comments field = No Comment Spam!

(No Comment!)

Hopefully, this tutorial has helped you with stopping or preventing comment spam from being posted on your WordPress media attachment pages.

How To Stop Comment Spam On Your WordPress Media Attachment Pages

How To Add Google reCaptcha Security Captchas To WordPress Forms

Learn how to add Google reCaptcha verification to WordPress forms …

How To Add Google reCaptcha Security Captchas To WordPress Forms We are all familiar with filling in forms online using captchas to prove that we are humans and not robots.

Google offers a free service to protect your website from spam and abuse called reCAPTCHA.

According to Google …

reCAPTCHA uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease.

reCAPTCHA offers more than just spam protection. Every time our CAPTCHAs are solved, that human effort helps digitize text, annotate images, and build machine learning datasets. This in turn helps preserve books, improve maps, and solve hard AI problems.contact form

Source: Google reCaptcha

If your WordPress site is getting spammed, you may want to look at adding captcha verification to your forms.

Captchas can be used to protect all WordPress forms on your site, including:

Login forms
Registration forms
Comment forms
Contact forms
Password reset forms
etc.

In this tutorial, we’ll show you how to add Google reCaptcha verification to forms on your WordPress site.

How To Add Google reCaptcha Security Captchas To WordPress Forms

If you plan to add security captchas to forms on your site without touching code, you will probably want to use WordPress plugins to do this (we’ll look at some plugins that let you easily add captchas to forms on your site later in this tutorial).

Before plugins can display security captchas to your site visitors and users, you will need to register your site with Google’s reCaptcha service and get unique keys that will connect your plugin with the service.

Let’s walk you step-by-step through this process …

First, make sure that you have a Google account and that you’re logged into any of your services (e.g. Gmail, Google AdWords, Google Analytics, etc.), then go to https://www.google.com/recaptcha …

Google reCaptcha

(Google reCaptcha)

Click on the ‘Get reCAPTCHA’ button …

Get reCAPTCH

(Get reCAPTCHA)

This will bring up a screen where you can manage your reCAPTCHA keys. This screen will list all the domains you have registered to use the reCaptcha service …

reCAPTCHA API keys management screen

(reCAPTCHA API keys management screen)

In the ‘Register a new site’ section, do the following:

(1) Enter the name of your site or a label that will help you identify the domain you are registering with the service.

(2) Choose the type of reCAPTCHA you want to add to your forms. Typically, for login forms and contact forms using plugins you will use the reCAPTCHA v2 verification type …

reCAPTCHA v2

(reCAPTCHA v2)

Using reCAPTCHA v2 verification will either pass the user immediately (with No CAPTCHA) or require them to validate if they are human or not with additional catcha security challenges.

(3) Enter your domain into the Domains field (e.g. yourdomain.com) …

(4) Access the terms of service checkbox

(5) Click the ‘Register’ button …

(Register a new site to use reCaptcha)

A screen will come up displaying code snippets. Typically, for most applications, all you need are the two keys shown below – (1) Site key and (2) Secret key …

reCaptcha keys

(reCaptcha keys)

Do not share these keys with anyone else, especially your Secret key.

Copy and paste your reCaptcha keys into a plain text file. You will need these to connect your site with Google’s reCaptcha service …

Copy and paste your keys into a plain text file

(Copy and paste your keys into a plain text file)

After installing your reCaptcha plugin, go to the plugin settings section and paste the keys into the corresponding Site Key and Secret Key fields, then save to update your plugin’s settings and authenticate the service …

Enter your keys into your WordPress plugin's settings

(Enter your keys into your WordPress plugin’s settings)

Your forms should now display to visitors with the reCaptcha verification feature added …

A contact form with reCaptcha verification added

(A contact form with reCaptcha verification added)

WordPress reCaptcha Plugins

There are a number of reCaptcha plugins you can use with WordPress to protect your forms from spam entries.

You can search for these plugins by going to Plugins > Add New in your WordPress dashboard and typing “captcha” into the keyword search field (if you need help, see our tutorial on installing WordPress plugins) …

WordPress captcha plugins

(WordPress captcha plugins)

Note: Not all captcha plugins use the Google reCaptcha service. We recommend going through some of the plugins above and installing whichever one best fits your needs.

Congratulations! Now you know how to add Google reCaptcha security captchas to forms in your WordPress site.

***

"These tutorials have so much information and are easy to understand. If you use WordPress or plan to in the future these will help you with everything you need to know." - Valisa (Mesa, Arizona)

***

How To Set Up Website Downtime Monitoring For Your WordPress Site

Learn how to set up downtime monitoring alerts for your WordPress site and receive automatic notifications if your website or blog becomes unresponsive or is down …

How To Set Up Website Downtime Monitoring For Your WordPress Site If your business depends on your website being available and accessible to online users 24×7, then you need to make sure that people can visit your site and access your content any time of day or night.

Unless you are constantly checking your website, however, it’s hard to know if your website is up and running or if visitors can access your content 24×7.

This is where downtime monitoring is useful. A downtime monitoring service regularly checks your website to see if everything is ok. If it’s not, it immediately lets you know there’s a problem.

How To Set Up Website Downtime Monitoring For Your WordPress Site

In this tutorial, you will learn how to set up downtime monitoring alerts for your WordPress site and get automatic notifications if your website or blog becomes unresponsive or is down.

What Causes Website Downtime?

There are a number of factors that can cause website downtime.

For example:

Issues with plugins (see our WordPress Plugin Troubleshooting Guide).
An unusual spike in traffic (and not enough bandwidth).
A problem with your hosting provider (e.g. a server configuration issue or hardware failure).
Expired domain registration (see our Domain Names: A Primer For Beginners).
Not performing regular website maintenance (see our WordPress Maintenance tutorials).
Distributed denial-of-service (DDoS) attacks.
Unauthorized site access by a hacker (see our WordPress Security tutorials).

Why Is Downtime Monitoring Important?

Even the most reliable web hosting providers will normally only guarantee around 99% uptime. This means that in a one-year period, you can expect your site to be down for at least 3.5 hours if you are hosting with the best of the best.

This may not seem too bad if an outage happens when no one is visiting your site. But what if your site goes down just as you launch a new product or service or send out your monthly newsletter promoting a special limited offer?

Clearly, if your business relies on your website for leads, sales, subscribers, etc. and your website goes down, then you are losing money.

If your website is frequently unresponsive, your reputation and credibility will suffer, visitors will leave and may not come back, and your ranking in search engines will also be affected.

This is one of the reasons why it’s important to host your website with a reliable web hosting provider (for more details see our tutorial on how to set up web hosting for your WordPress site). Make sure you use a reliable web hosting service provider but don’t rely exclusively on your web host to monitor your website 24×7 for you.

There are a number of different tests that can be used to monitor site uptime (e.g. Ping Monitor tests, HTTP tests, DNS server monitoring, etc.) and some services will perform complex backend checks and monitor dozens of checkpoints simultaneously to confirm problems.

WordPress Downtime Monitoring Plugins

When we last checked, many website monitoring plugins in the WordPress plugin repository are no longer being maintained, possibly because of the resources required to continually check if sites are up.

One WordPress plugin that is regularly maintained and provides downtime monitoring is Jetpack.

Jetpack

(Jetpack by WordPress.com)

Jetpack is a powerful and useful WordPress toolkit plugin that gives you access to over 40 features, including web security and a free downtime monitoring service which automatically alerts you if your website goes down …

Jetpack Monitor sends you an alert if your site goes down!

(Jetpack Monitor sends you an alert if your site goes down!)

Jetpack Monitor also notifies you when your site is back up and lets you know how long it was down for …

Jetpack Monitor alerts you when your site is back up!

(Jetpack Monitor alerts you when your site is back up!)

Jetpack checks your site every five minutes from different locations around the world and sends your notifications by email and/or via mobile. You can also customize the email address where notifications are sent to.

To learn more about the Jetpack plugin, visit the Jetpack website, or see the tutorial below:

Jetpack Plugin – 40+ Useful Website Tools In One WordPress Plugin

iThemes

(iThemes)

iThemes provides downtime monitoring as part of its comprehensive suite of WordPress backup, maintenance, and security services.

iThemes Sync Pro, for example, offers a way to monitor WordPress uptime, downtime & overall performance for multiple WordPress websites from one dashboard and sends notification emails when sites go down, with a history of your overall WordPress performance.

For more details, go here: iThemes Sync

Downtime Monitoring Browser Extensions

Another category of downtime monitoring tools worth looking into for your WordPress site, are browser extensions.

If you use Chrome as your web browser, then check out the extension below.

Server Monitor

(Server Monitor – Chrome Browser extension)

Server Monitor is a free browser extension for Chrome that lets you monitor any number of URLs for connectivity and content you specify and displays a status icon for quick reference.

This extension lets you poll one or more URLs at a defined interval to check the status and content of the page. An icon is added to your browser which indicates the status of the websites being monitored using different colors (e.g. Green = ok, Red = site is unresponsive).

Additionally, the extension can display pop-up notifications when the status of a monitored URL changes.

After installing the extension on your browser, right-click on the gray sphere icon and click on ‘Manage extensions’ …

Server Monitor - Manage extensions

(Server Monitor – Manage extensions)

Click on ‘Extension options’ …

Click on 'Extension options'

(Click on ‘Extension options’)

This brings you to the ‘Settings’ screen where you can enable your notification settings (e.g. pop up notifications on unexpected responses, connection errors, and when the server is restored), specify the interval to run checks and set timeouts, and add the URLs you want to monitor.

Click ‘Save’ after adding URLs to update the extension’s settings …

Server Monitor settings

(Server Monitor settings)

The extension’s icon will be split into as many segments as you have added URLs and indicates the status of the websites being monitored using different colors (e.g. Green = ok, Red = site is unresponsive)

Server Monitor is now actively monitoring your websites

(Server Monitor is now actively monitoring your websites)

You can view the status of your sites and refresh the monitor any time by clicking on the browser icon.

For more details, go here: Server Monitor

Website Downtime Monitoring Services

Many online services offer downtime monitoring as part of their suite of web services for all website platforms. Most of these services are not free but some offer free trials.

Pingdom

(Pingdom)

Pingdom provides a range of website checking services, including speed and downtime monitoring. Pingdom performs a second check on every incident to filter out false positives and will immediately alert you if something is wrong with your website, whether this is related to your site being unresponsive, or a failed transaction.

Pingdom also offers configurable alerts and performance reports.

For more details, go here: Pingdom Uptime Monitoring

Uptime Robot

(Uptime Robot)

Uptime Robot monitors your website every 5 minutes (or more depending on your monitoring settings) and alerts you if your sites are down.

The service asks for your website headers and if the status code returns a signal that your site is not loading, it performs several more checks in the next 30 seconds to make sure that your site is down. If the tests confirm that your site is, it will then send you an alert.

Uptime Robot provides both free and pro plans.

For more details, go here: Uptime Robot

Site24x7

(Site24x7)

Site24x7 provides an all-in-one monitoring solution, including monitoring websites, servers, cloud services, networks, applications, users, and other web resources.

For more details, go here: Site24x7

The above list of resources is just enough to get you started. To find more downtime monitoring services, just search online for “uptime monitoring” or “downtime monitoring.”

Also, many website monitoring services provide Chrome users with browser extensions that allow you to monitor your site at a glance from your web browser.

For example, if you use Uptime Robot, you can find extensions for your Chrome browser for this service …

UptimeRobot Monitor - Chrome Browser Extension

(UptimeRobot Monitor – Chrome Browser Extension)

However you choose to monitor your website for downtime, the important thing is to have some form of detection system in place that can instantly alert you if your site becomes unresponsive so you can take action to resolve the problem and restore your business online.

As stated earlier, make sure you use a reliable web hosting service provider but don’t rely exclusively on your web host to monitor your website 24×7 for you.

We hope that you have found this tutorial useful.

How To Set Up Website Downtime Monitoring For Your WordPress Site

Image source: Pixabay

***

"This is AMAZING! I had learnt about how to use WordPress previously, but this covers absolutely everything and more!! Incredible value! Thank you!" - Monique, Warrior Forum

***