Two posts in particular on here receive almost all the comment spam. I have changed them both to say “Do not post comments here, they will be spam-trapped” which should prevent mortals falling foul of the mechanisms attached to those two posts.
I tried an experiment the other day and made them password-protected. So the link the spammers use to get to those pages still works, but they cannot post anything. This has – for the time being – stopped much of the spam.
I expect in due course they will just pick another ppst and target that instead.
I seem to have created a spam trap, or, at least, most if it is falling into a black hole.
My preferred spam tool was a Captcha tool that made you rotate an image and only when it was lined up could you post a comment. That stopped working and would not any comments through so I had to disable it. As soon as I did so, Woosh! the comment spam starts reappearing.
Most of it gets created against one specific post, for some reason. Anyway, I had an idea. I created that post again and gave it a different permalink. A redirection from the old permalink to the new was automagically created by WordPress, although I have no idea how.
Now the copy of the page appears but the original version does not. However, the spam is being posted to the original page; presumably because they are going direct to the /id=nnn link rather than the permalink.
Rather than delete the page and risk the spammers picking a new one to post their spam to, I’ll just leave it there.
What I need now is a WordPress plugin that says “For any comment posted on this page, delete it and blacklist the IP address”. That would turn my spam black hole into a honeytrap.