If you don’t have a WordPress Captcha plugin on your PBN sites, they are usually a honeypot for comment spam and contact form spam. This is for a combination of factors, including:
- High metric domains (like those in your PBN) are popular with automated spammers.
- If you’re not using Link Silencer or similar plugins to protect against backlink tools, then your PBN domains will show up in the backlinks to your money sites and competitors will also try and get a link from the same site by leaving a comment.
- Comments are usually left open on PBN sites, because it’s the default setting in WordPress.
- Contact forms are common on most PBN sites – and again, higher metric domains are typically targeted by automated tools to submit contact forms.
These comment and contact form spam messages can cause multiple issues for your site, including:
- Filling the WordPress database with spam comments that slow down your site
- Fill your account’s disk space until the site can no longer automatically update
- Sending large volumes of spam emails to yourself, damaging the reputation of that domain and its IP with email service providers
- Fill your email’s spam box with junk from these comment approvals
This is why you need a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) like the one below, on your WordPress forms.
In the past, there were really two options:
- A really bad/simple CAPTCHA like most of the WordPress plugins that generate a simple math problem that can be easily detected and bypassed by the automated spamming tools.
- Using Google’s reCAPTCHA and sharing that data with Google, which requires creating an Google account, identifying that site with Google and sharing visitor data with Google.
There’s now a third option, called hCaptcha. hCaptcha is a service that pays site owners for the Captcha puzzles solved by their visitors, and offers a similar Captcha experience to Google’s reCaptcha. Cloudflare recently swapped all of their Captcha tests to hCaptcha, which was when I discovered it.
They have a WordPress plugin that makes it very easy to use their system to protect most of the common parts of your WordPress site including:
- Comment sections – this eliminates most comment spam as they need to complete a Captcha to submit the form
- WordPress Login – this drastically reduces brute force login attempts, as they must solve a Captcha for each login attempt
- Contact Form 7 and Ninja Forms – again, unless they complete a Captcha, they can’t submit the form
You should create a unique Site ID in hCaptcha for each site that you add, because that key is publicly visible on the site – but you can keep all of your sites in the one account and earn from Captcha solves, while drastically reducing the amount of comment spam, contact form spam and brute force login attempts.
I have been using it for a month now and highly recommend hCaptcha for all PBN owners to make your site safer and more secure.