How to Configure WPBruiser and Stop Spam on Your WordPress Site

If you’ve been running your own WordPress site for any length of time, dealing with spam is probably high on your list of the most annoying things you have to worry about. Luckily, your not alone. The WordPress community has already come up with some great solutions for this problem. The WPBruiser plugin (formerly Goodbye CAPTCHA) is our favorite plugin for dealing with spam and boosting the security of your site. Once you have it installed, here’s how to navigate and configure the settings:

  • If you haven’t already, log in to your WordPress dashboard, and select “WPBruiser”>”Settings” from the left side-bar menu.
    (click to enlarge)

    (click to enlarge)

     

     

  • Settings Tab: This tab is where you can control the WPBruiser’s most general settings. Currently, we don’t see any reason to change these from the default settings show, so there’s not much on this page that you should need to worry about.
    (click to enlarge)

    (click to enlarge)

     

  • Security Tab: The security tab allows you to determine which IP address you’d like to block. An IP address is a specific number that’s issued to you by your internet service provider. Think of it like your WiFi’s phone number. We’d recommend clicking all the boxes on this page.  Automatically blocking an IP address that’s executing a brute force attacks on your site is always a good idea. It’s good to know, however, that this step won’t protect you entirely. Hackers have ways to disguise and hide their IP addresses, and would still be able to access your site from a public library or coffeeshop. We’d also recommend copy-and-pasting your own IP Address into the “Add to WhiteList” field. This will make sure that WPBruiser doesn’t think you’re ever trying to hack into your own site, and never sees a network you know is safe as a threat.

    (click to enlarge)

    (click to enlarge)

  • WordPress Tab:  For this tab, we’d recommend clicking all 4 boxes at the top which will provide additional protection agains your site’s admin pages. The rest of the settings can remain as is, keeping an eye out to avoid checking “Completely Disable XML-RPC” which will prevents WordPress from working on mobile apps.

    (click to enlarge)

    (click to enlarge)

  • Contact Forms Tab: If you’re getting spam from a contact form installed on your site, this tab is where you’d prevent that. Click the box to protect jetpack or any other contact form plugin you’re using.

    (click to enlarge)

    (click to enlarge)

  • Membership Tab: If your sites allows readers to become members and create a username and login, you can protect against spam signups here. If your site doesn’t have this capability here, go ahead and leave these boxes unchecked.

    (click to enlarge)

    (click to enlarge)

  • Others Tab: The others tab allows you to choose if you want other plugins already installed on your site to be protected as well. In this case, it gives me the option to extend coverage to my MailChimp plugin.

    (click to enlarge)

    (click to enlarge)

  • Notifications Tab: This tab allows you to determine under what circumstances WPBruiser will send you an email. You can choose to be notified every time an administrator logs into your site, or just when the plugin detects a “Brute Force Attack”. You can also edit where these emails are sent if the site owner and developer are different people.

    (click to enlarge)

    (click to enlarge)

  • Extensions Tab: This tab is where you can purchase and add premium extensions for other plugins you might have installed on your site. WPBruiser is a “freemium” plugin, which means that using it for more complex WordPress sites will start to cost you a little. Their paid extensions are under $10 for an unlimited license, which is pretty reasonable if something like WooCommerce is a central part of your site.

    (click to enlarge)

    (click to enlarge)

  • Reports Tab: WPBruiser allows you to see in real time when it’s protecting your site from Spam and brute force attacks. The reports tab offers a graph and detailed list of the times it prevented an attempted security breach and lists the IP addresses that made the attempt.
    (click to enlarge)

    (click to enlarge)

     

    Once you start making changes to your settings, don’t forget to click “Save Changes” at the bottom of every screen. While we’ve had success using WPBruiser on our sites, it’s definitely changed a lot since we installed it as Goodbye CAPTCHA. If you have tips on how you’ve used it successfully on your site, please tell us in the comments!


1 Response

Comments

Add a Comment

Your email address will not be published. Required fields are marked *