Change comments Path with WP Ghost

Securing your WordPress website against spam is crucial today. The WP Ghost plugin provides various features designed to prevent comment and review spam, enhancing your site’s security.

In this tutorial, we’ll guide you through the process of changing the comments path and hiding it using the WP Ghost plugin.

What is the Comments Path in WordPress?

The Comments Path in WordPress refers to the URL or directory where the system stores and manages comments on your website. By default, WordPress uses the path /wp-comments-post.php to process and display comments.

This path is essential to the commenting system, allowing users to interact and leave comments and reviews on your posts, pages, and products.

e.g. https://domain.com/wp-comments-post.php

Why is it Essential to Secure Comments Path?

Securing the WordPress comments path is crucial for protecting the website from spammers and hacker bots.

By securing this path, you minimize the risk of potential vulnerabilities and attacks, particularly in your site’s comments section. WordPress websites are a common target for spam, bots, and malicious users.

Here are key reasons why securing the comments path is important:

• Protection against automated attacks: Malicious bots often target WordPress’s default comments path to flood your website with spam comments. Securing the comments path can deter these automated attacks.
• Obfuscation of vulnerabilities: Changing the comments path can make it more challenging for attackers to locate the review and commenting system. This adds a layer of security to hack-prevention attacks.
• Reducing comment spam: Many spam bots search for the default comment path. By customizing the path, you can reduce the volume of comment spam, making it easier to manage and maintain the quality of user-generated content on your site.
• Preventing unauthorized access: In some cases, attackers may try to gain unauthorized access to your website’s comment system. Modifying the comments path can prevent such attempts and safeguard sensitive user data.

To effectively secure the WordPress comments path, you can use security plugins like WP Ghost or implement manual changes to your website’s configuration.

How to Secure Comments Path with WP Ghost

Activate Safe Mode or Ghost Mode

Begin by activating Safe Mode or Ghost Mode to open the path customization process.

1. Access your WordPress dashboard after installing and activating the WP Ghost plugin.
2. Go to WP Ghost > Change Paths > Level of Security.
3. Select Safe Mode or Ghost Mode. Safe Mode provides basic protection, while Ghost Mode offers more advanced security features.

Change the Comments Path

With Safe Mode or Ghost Mode enabled, proceed to change the wp-comments-post.php path.

1. Go to WP Ghost > Change Paths > WP Core Security.
2. Next to the Custom comments Path you’ll see the predefined custom name for the wp-comments-post.php path.
3. Enter a different name like “discussion” or keep the predefined custom name.
4. Click Save Settings to apply the changes.

Note: Select a custom name that is not easily guessable to improve security.

Note! WP Ghost does not physically change the paths on your server. It uses rewrite rules to prevent any functionality errors.

Hide the Comments Path

After you customized the comments path and saved the changes, it’s time to hide the wp-comments-post.php path from hacker bots and prevent hacking and spamming.

1. Go to WP Ghost > Change Paths > WP Core Security.
2. Switch on Hide WordPress Common Files option to activate the Hide Common Files list option.
3. From the Hide Common Files list select the file wp-comments-post.php.
4. Click Save Settings to apply the changes.

Brute Force Protection on Comments Form

We recommend activating the Brute Force reCaptcha protection on all comment forms with WP Ghost for even more protection on comment forms.

1. Go to WP Ghost > Brute Force > Settings.
2. Switch on Use Brute Force Protection to activate the Brute Force protection.
3. Switch on Comment Form Protection to add reCaptcha on all comment forms from your website.
4. Click Save Settings to apply the changes.

This is how the Brute Force Google reCaptcha V2 from WP Ghost should load on the comments forms.

Run a Security Check

After saving your wp-content path changes, it’s important to run a security check to verify that the new wp-content path is hidden.

1. Go to WP Ghost > Security Check.
2. Click the Run Full Security Check button to initiate a new security scan.
3. The plugin will verify that the wp-comment-post.php path has been successfully changed.
4. If the path is hidden as intended, the security task will be marked as complete.

Conclusion

Using the WP Ghost plugin to change the comments path is a proactive step toward hack prevention on your WordPress site’s security. By customizing this path, you secure the standard route, making it impossible for potential hacker bots to identify vulnerabilities.

The WP Ghost plugin empowers you to fortify your website against potential threats. With its versatile security features, you can take control of your WordPress security and keep your online presence safe from various risks.

Troubleshooting

Comments Not Being Posted or Processed

If visitors are unable to leave comments after changing the comments path, follow these solutions:

Clear all cache

If you have a cache plugin or use server caching, clear all the cache, as the change of paths has significantly changed the website’s structure.

Run a Frontend Test

Ensure the server rewrite rules are correctly applied. Go to WP Ghost > Change Paths, click the Frontend Test button and follow the server configuration instructions, if any.

Test the Custom Path

Check the custom wp-comments-post.php path for typos and also add it manually in your browser to ensure it is accessible.

Update permalink settings

Go to your WordPress dashboard, navigate to Settings > Permalinks, and click Save Changes to refresh the permalinks. This action can sometimes help resolve issues related to URL structures.

Brute Force Protection Not Working on Comment Forms

If reCaptcha is not appearing on comment forms despite enabling Brute Force Protection, follow these steps:

Clear all cache

If you have a cache plugin or use server caching, clear all the cache, as the change of paths has significantly changed the website’s structure.

Verify Plugin Compatibility

Ensure WP Ghost is compatible with the theme or plugin generating your comment forms. Some custom comment plugins may bypass WP Ghost’s settings. In this case, you can use the Brute Force shortcode [ hmwp_bruteforce ] on the specific comment form to activate WP Ghost reCaptcha.

Enable the Brute Force Option

Go to WP Ghost > Brute Force > Settings. Ensure both Use Brute Force Protection and Comment Form Protection are enabled. Confirm that reCaptcha keys are correctly configured in the Brute Force settings.

Spam Still Appearing Despite Comments Changes

If spam comments are still being posted even after securing the comments path, follow these steps:

Update the Comments Path Security

If the custom path is predictable, change it to a less guessable name again. Ensure the Brute Force protection is active on all comment forms.

If you have custom comment forms, make sure the Brute Force protection is active on those comment forms, too.

Enable Geo-blocking

Use WP Ghost > Firewall > Geo Security country-blocking features to prevent spam from specific regions.

Use extra Anti-spam Plugin

Comments can be added by humans who complete all fields correctly, and WP Ghost will not stop them.

Dedicated Anti-Spam plugins are built with a database that checks the comment message and can rate it as potential spam in WordPress.