Original article excerpt
Server-side extracted preview paragraphs from the original source.
Spam accounts overwhelmed my database. Claude found the weaknesses, Codex wrote the fixes, and I deployed a new defense.
About a month ago, my main website was on the receiving end of a new attack. Spammers were using the username field as a message carrier, stuffing it with a fake domain and crypto bait such as "check balance," "withdraw funds," "BTC transfer" and "action required." WordPress then helpfully forwarded that payload to me in thousands of "new user registration" emails.
Also: Apple rushed to squash 29 bugs because AI is supercharging hackers - update ASAP
At that time, my server was using a commercially purchased security product that was supposed to protect my WordPress website from registration spam. That product clearly wasn't up to the task.
I'm the developer of a WordPress security plugin that is designed to help users restrict access to their websites. Since the registration spam security product I had been paying for wasn't working, I decided to build a spam security capability into my existing plugin.
I quickly grabbed copies of my Gmail screen with a few hundred spam emails listed, fed those emails into Codex, and asked it to write a mitigation routine I could live deploy at speed within my existing tool. Once Codex finished, I deployed the enhanced plugin to users and to my own website.
The problem went from active attack to completely hushed in under an hour. That was at the beginning of June. Then, last week, the attacks came roaring back like a lion.
