After paying a modest amount to a developer for a basic website made in WordPress, I found out I got over twenty thousand fake registrations and spam comments. I tried a few plugins to try to stop them, but they kept coming. I disabled the registration all together, but that was not a permanent solution.
I had problems to delete the 23000 subscribers that accumulated in a few months. Despite WordPress is used by tens of millions of websites, I could not find a working solution to bulk delete the fake users. In the end I deleted them using SQL commands and I found out the numbers didn’t add up.
In the end, I deleted the database and I imported the original one. The good thing I’ve done was that I asked the developer to send me all the files and the database. Then I uploaded the files over ftp connection and imported the database using phpMyAdmin.
After deleting the database and importing the original database (to get rid of the fake users), I found out that although I had the proper credentials (database username and password), the website scripts could not connect to the database. After some digging, I identified that I had to go to MySQL Databases and add the user to the database. In fact, the user was already added (and that was confusing for me), but after I deleted the user from the database I realized I had to tick what privileges I want to give to that user when connecting to the database.
One of the things which was not done on the original database was to change the prefix of the tables into the database from wp_. This is considered a vulnerability issue. As soon as I had the website functional, the fake users kept appearing.
I used phpMyAdmin to rename the tables (Select Table, then click on Operations, Rename table to, Go). But the website could not connect to the database anymore, so I found out I need to change the variable names in a couple of tables. The instructions I followed were presented here
A plugin that appears to prevent the fake users registering is WP-SpamShield. In only one day, it reports it prevented almost a thousand fake users from registering!
Now I will have to figure out how can I split the whole website in three main categories of interest. Namely, electronics, chemistry and gardening. I wonder if it is a good idea to have all three into one website, but on the other hand, I could place the three main categories on the left side and then all the menus to be different, based on the main category.