If spam comments are still being posted even after securing the comments path, follow these steps:
Update the Comments Path Security
If the custom path is predictable, change it to a less guessable name again. Ensure the Brute Force protection is active on all comment forms.
If you have custom comment forms, make sure the Brute Force protection is active on those comment forms, too.
Enable Geo-blocking
Use WP Ghost > Firewall > Geo Security country-blocking features to prevent spam from specific regions.
Use extra Anti-spam Plugin
Comments can be added by humans who complete all fields correctly, and WP Ghost will not stop them.
Dedicated Anti-Spam plugins are built with a database that checks the comment message and can rate it as potential spam in WordPress.