Review my WordPress wp_comments table and find out the file size is containing 500MB++ for around 1 millions++ comments! Dig inside and find out around 900k++ comments was marked as ‘trackback‘ and it linked back to a spammer’s website. The worst is the this type of ‘trackback‘ comments are kept increasing every second!

Follow the below steps to fix it immediately.

1. Discussion Settings

Login Wordpress admin panel, Settings –>> Discussion –>> Default article settings, unchecked the second option

2. ping_status=’closed’

2.1 The existing articles are still open for attack, update all posts’ ping_status to closed

phpMyAdmin or MySQL consoles

UPDATE wp_posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'post';

UPDATE wp_posts SET ping_status='closed' WHERE post_status = 'publish' AND post_type = 'page';

2.2 Delete all the existing ‘trackback’ spam comments

phpMyAdmin or MySQL consoles

DELETE FROM  `wp_comments` WHERE  `comment_type` = 'trackback'

P.S WordPress should consider turning off this ‘pingback and trackback’ feature by default!

Stop this also – Spam comments on attachment
You might be interested in this- WordPress – How to stop spam comments on attachment.

References

  1. The Big Debate—WordPress Trackbacks And Pingbacks: Are They Dead?
  2. WordPress – Disable comments on attachments