My client reached out to me that two of his clients got contacted through spam and he feels he wants to upgrade his site security.
The site has basic wordfence installed and is hosted through a reputable company.
How do I go about making it more secure?
All advice appreciated.


can you elaborate what he means by ‘two of his clients got contacted through spam’??

Agree with Rivkah. Also if he means he’s getting email, is the email address listed on the website? If so and it’s not encrypted, you can use something like Email Encoder – Protect Email Addresses and Phone Numbers Plugin —

I don’t know that exact plugin, but something like that

Just to clarify-he said that he had two clients that told him that someone reached out to them offering the same service.
They had reached out to him via his contact form.

ok that was an important clarification. which contact form plugin are you using?

Gravity forms for examples includes a honeypot and easy way to integrate captcha/recaptcha which reduces a lot of spam…but other form plugins have that too.

I’m not following – How would your client’s clients get contacted through his website? Where are their email addresses stored on his site?

He was using WP forms lite. It has a hidden recaptcha installed. (He said he doesn’t care that his submissions are not stored anywhere, the contact form is not so important and he tests it periodically to check that it does get sent to his email.)
I thought that these clients had reached out to him via his contact form and someone hacked it, (which is strange because the submissions are not stored anywhere) but now he is not sure the issue is from there. I told him to please check that his databases and email is secure.
(Lesson here-they make everything seem to be your issue!)
He does have a problem of receiving spam entries-I had once installed a plugin called cleantalk for a client and it took care of it. The only reason I am not sure this would help is because the sample entries he sent me do not look like the spams I have seen until now, with just a bunch of random letters, but a proper advertisement for something or the other.

It’s a good lesson to share :))

I’ve seen that type of spam, definitely worth trying the plugin!

i think it’s really handy to have the emails available to check within wordpress dashboard even just for you to test out what is coming, how much spam etc. btw i charge extra to work on spam issues if it’s already been a while since website been launched and things were good before.


@rivkah Totally agree. This particular client we made up that we will not be doing any maintenance on this site as it is a very temporary site and he will reach out to me if there are any issues and we will deal with it then.

got it :slight_smile: