Can WP Ghost prevent spam messages through contact forms?

WP Ghost blocks automated comment spam bots by changing wp-comments-post.php and adding reCAPTCHA to forms. It also reduces CMS-targeted spam by hiding your WordPress identity. It does not filter contact form submissions. For contact form spam, use a dedicated anti-spam plugin alongside WP Ghost.

Can WP Ghost Prevent Spam Messages and Comment Spam?

Q: Will hiding wp-comments-post.php stop all comment spam?

It stops automated bots posting to the default path. It does not stop spam submitted through the actual form. Adding reCAPTCHA catches most remaining spam. An anti-spam plugin handles the rest.

Q: Does WP Ghost work with Akismet or Antispam Bee?

Yes. They analyze submission content, which is a different layer from WP Ghost's bot blocking. No overlap or conflict. WP Ghost blocks bots, anti-spam plugins filter content.

Q: Can WP Ghost stop spam on WooCommerce product reviews?

Yes. WooCommerce reviews use wp-comments-post.php. WP Ghost's path change and reCAPTCHA protection apply to WooCommerce reviews the same way as regular comments.

Q: Does WP Ghost modify WordPress core files?

No. The comment endpoint path change uses server rewrite rules, not modifications to the wp-comments-post.php file.

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

WP Ghost blocks automated comment spam bots and reduces spam from bots that target your site based on its CMS identity, but it does not filter contact form submissions. For automated WordPress comment spam, WP Ghost is effective. For contact form spam, you need a dedicated anti-spam plugin alongside WP Ghost.

What WP Ghost Does Against Spam

WP Ghost addresses spam at the bot level in several ways.

Blocks automated comment spam bots. WP Ghost changes the wp-comments-post.php path so bots posting directly to the default WordPress comment endpoint get a 404 error. This stops the highest-volume type of comment spam: automated scripts that fire POST requests at the default path without ever loading your page. WP Ghost also includes brute force protection on comment forms with Math reCAPTCHA, Google reCAPTCHA V2, or Google reCAPTCHA V3. Together, these features eliminate the majority of automated comment spam.

Reduces CMS-targeted spam. Some spammers identify your site as WordPress (and detect your plugins like Elementor, WooCommerce, or specific contact form plugins) and then target you with CMS-specific spam offers. WP Ghost’s path security and CMS simulation hide your WordPress identity and plugin names, which removes you from these targeting lists. Bots scanning for WordPress sites to spam simply skip you because they cannot confirm your CMS.

Blocks signup spam bots. WP Ghost’s brute force protection also covers the registration form with CAPTCHA, blocking automated bot registrations that lead to spam user accounts.

What WP Ghost Does Not Do

WP Ghost does not filter the content of form submissions. If a person (or a sophisticated bot) fills out your actual comment form or contact form and submits it through the page, WP Ghost does not analyze the message for spam content, check the sender against spam databases, or block the submission based on keywords. This is the job of a dedicated anti-spam plugin.

Contact form plugins like WPForms, Contact Form 7, Gravity Forms, and Ninja Forms have their own submission endpoints that are separate from WordPress’s wp-comments-post.php. Changing the comment post path does not affect contact form submissions. WP Ghost has no built-in feature to filter contact form spam.

Recommended Anti-Spam Setup

For comprehensive spam protection, use WP Ghost for the bot-level layer and a dedicated anti-spam plugin for the content-level layer. Antispam Bee, CleanTalk, or Akismet are solid choices for filtering comment and form spam based on content analysis and spam databases. These plugins complement WP Ghost without overlap: WP Ghost blocks the bots before they reach the forms, and the anti-spam plugin filters whatever gets through.

For WP Ghost’s comment spam protection settings, see the Prevent Comment Spam tutorial. For registration spam, see the Prevent Signup Spam tutorial.

Frequently Asked Questions

Will hiding wp-comments-post.php stop all comment spam?

It stops automated bots that post directly to the default file path. It does not stop spam submitted through the actual comment form on your page. Adding reCAPTCHA to the comment form in WP Ghost > Brute Force catches most of the remaining spam. For anything that still gets through, an anti-spam plugin that analyzes message content is the final layer.

Does WP Ghost work with Akismet or Antispam Bee?

Yes. These anti-spam plugins analyze submission content, which is a different layer from WP Ghost’s bot blocking. There is no feature overlap and no configuration conflict. WP Ghost blocks the bots, and the anti-spam plugin filters the content. See the compatible plugins list for details.

Can WP Ghost stop spam on WooCommerce product reviews?

WooCommerce product reviews use the same wp-comments-post.php endpoint as standard WordPress comments. WP Ghost’s path change and reCAPTCHA protection apply to WooCommerce reviews the same way they apply to regular comments.

Does WP Ghost modify WordPress core files?

No. WP Ghost uses rewrite rules and WordPress filters. No core files are modified. The comment endpoint path change is handled through server rewrite rules, not by modifying the actual wp-comments-post.php file.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.