WordPress Defense System from Automated Spammy Posts

anjanesh

I'm moving an old WordPress non-profit site from an unmanaged Hostinger account to OpalStack to be managed by me. Because it was unmanaged for a very long time there were a number of spammy posts which probably got hacked into like these : (When I looked in the dashboard there were some spammy posts to be published soon)

https://myOldWordPressSite.com/anjeonhage-parimaeci-gyeongheom-onrain-kajino-geime-hyeogsinjeogin-byeonhwa/
https://myOldWordPressSite.com/bl450d-jumpin-jalapenos-slot-engine-foot-sharkninja/
https://myOldWordPressSite.com/tr-bahiscilerin-en-beendii-makineler-rokubet/
https://myOldWordPressSite.com/a16z-generative-ai/

I am most probably going to revamp this to OctoberCMS which is Laravel based but until then we would still show the WordPress site. What measures can be done to prevent spammy posts hacks ? The admin username and password was not leaked, so it seems but I fear some outdated plugin could've created this security hole ? The WordPress site was created in 2016 initially but am unsure of the WordPress version updates so far.

Is there any plugin to prevent this automation ?

sean

anjanesh

Keep WordPress and all of the themes and plugins that you use updated at all times.
Use strong passwords for your WordPress user accounts, your WordPress database, and your shell accounts.
Use a security plugin (Wordfence etc) to manage threats in realtime.

anjanesh

Is there some free mechanism to detect spam posts by post_title and post_content ?

I got some code that does a spam check with the use of OpenRouter API via openai/gpt-4o but I exhausted $20 in credits quickly with RATE_LIMIT_DELAY = 0.5.

cursor.execute("SELECT ID, post_title, post_content FROM bgv_posts WHERE ID >= 31128 AND ID <=163430 ORDER BY ID")

I have some 1,32,302 more rows to check.