(Updated, see below)
In short: I know moving from Drupal to WordPress would increase the amount of spam I was attracting, but I didn’t know-know it. Now I know. Holy cow, that was a lot of spam.
Y’all probably didn’t see any of it, because Akismet was doing what it was supposed to do and kept it out of the comments. But Akismet doesn’t stop spam accounts from registering, and in the short time I’ve been up my database has grown significantly just from storing all those fake user IDs and links to knockoff shoe websites.
(And… life insurance plans? Seriously, folks?)
Anyway, I had to take drastic measures. I’ve installed a plugin that not only stops comment spam as it happens, but is also supposed to prevent spambots from automatically registering accounts. It also went through my database, identified which of the user accounts were spam accounts (hint: it was most of them) and remove them from my database.
It’s the last step that has me worried, though. It needed to be done, but I’m worried about false positives. There is a chance that if you were one of the few real people who created an account on this site it deleted you. I don’t think it happened, but it’s possible. If it did happen to you, I apologize. If you find yourself being blocked from creating a new account, let me know and I’ll try to help.
Anyway. Hopefully this makes the problem more manageable in the future. You’ll note I didn’t say “hopefully this solves the problem…”
Umm, ok. So in the course of actually registering a security plugin I’d already installed, it went ahead and enabled two-factor authentication on my site. Which seems like… um… overkill, to be quite frank, but when I try to turn it off the plugin starts shouting at me about security and how I’m being irresponsible, and how I should have gone to medical school and held down a real job instead of whatever it is I’m doing now.
It looks like y’all can choose to skip over it, so I’m leaving it up for now, because I’m being successfully bullied by a freaking plugin.