How I stopped a massive WordPress spam attack with 4,700 lines of code in two days - thanks to Codex and Claude

https://www.zdnet.com/a/img/resize/e3d5171be0d944b88b32c86eafec87489b31a654/2026/07/01/1b2df4e8-fc82-447a-a4d1-3fa747700f62/img-9859.jpg?auto=webp&fit=crop&height=675&width=1200

Follow ZDNET: Add us as a preferred source on Google.


ZDNET's key takeaways

  • Spammers found ways in and flooded my database.
  • Claude and Codex became my emergency coding team.
  • The 4,700-line fix added stronger defenses and cleanup tools.

About a month ago, my main website was on the receiving end of a new attack. Spammers were using the username field as a message carrier, stuffing it with a fake domain and crypto bait such as "check balance," "withdraw funds," "BTC transfer" and "action required." WordPress then helpfully forwarded that payload to me in thousands of "new user registration" emails.

Also: Apple rushed to squash 29 bugs because AI is supercharging hackers - update ASAP

At that time, my server was using a commercially purchased security product that was supposed to protect my WordPress website from registration spam. That product clearly wasn't up to the task.

I'm the developer of a...

Copyright of this story solely belongs to zdnet.com. To see the full text click HERE

Read more

https://images.ft.com/v3/image/raw/https%3A%2F%2Fd1e00ek4ebabms.cloudfront.net%2Fproduction%2F4c28b833-a16d-4c41-96d6-7ad613e436e2.jpg?source=next-article&fit=scale-down&quality=highest&wi...

Letter: the US says Anthropic “agreed to proactively detect and address security risks” of Fable 5 and Mythos 5; a source says Anthropic developed a “safeguard”

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.