This one has me scratching my head.. As I mentioned a few weeks back, we archived a WordPress site for a client, moving 19.971 posts onto a seperate “archive” site.
The move itself went pretty smoothly, but one thing they noticed was that they were still getting tons of comment spam. After discussing the various options with them, they decided to simply disable comments since this site wasn’t being actively updated anymore. That made sense to us, so we simply enabled the “Automatically close comments on articles older than 14 days” option in the Discussion Settings screen.
After doing this, we checked the site, and sure enough, you couldn’t leave a comment on any of the old stories.
We thought that was the end of it. But about a week later, the client said that some comment spam was still getting through. Akismet was correctly flagging these comments, but we wanted to get down to the root of the issue.
The one thing I noticed is that each post still has “Allow comments” checked off under the Discussion section if you edit the posts. I don’t think that should make any difference, but I thought it was worth noting.
These spammers have somehow found a way to circumvent the commment form and automatically force comments onto the site, and honestly I’m a little puzzled by the whole thing.
I’ve searched around the web and haven’t been able to find any answers just yet, so I’m hoping someone out there might be able to shed some light on this.