After last week brought us a botnet hacking WordPress sites, it is no comfort to encounter another spammer. Fortunately, this one is pretty easy to avoid (at this point), and should not occur at all if you’ve done your due diligence.
The issue that has surfaced is a comment spammer on “Hello World” posts, even if they are not displayed or have been deleted. Until the blog post has been permanently deleted, the URL to the post will remain. Since every WordPress site comes boxed with the Hello World post, it is an easy target for spammers.
In order to delete the post permanently, enter the Posts tab on the side of your Admin navigation. If the post hasn’t been deleted, hover over the title for the “Trash” option. (Alternatively, click into the post as if to edit it, and click “Move to Trash” next to the Publish button.) At this point, the post is in the trash, but is NOT gone. WordPress offers the ability to access a site’s trash in case of a mistake. On the Posts main page, click “Trash” at the top of the list. There you can delete posts permanently by again hovering over their title. Deleting any post/page that you do not intend to use will keep your site clean and light, and, in this case, avoid the discovery of existing default URLs.