There are many measures that can be undertaken for preventing malicious and spam activities from affecting your WordPress website, they are mentioned below:
Make sure that you have updated WordPress to the latest version. Every new WordPress update comprises of many new patches, security fixes and new features. At times, anti-spam measures are also added to the core in order to block spam.
Install Active Akismet
Usually a lot of spam comes into your website through comments. Akismet is a WordPress plugin that analyses every comment in your website and checks it with a huge database of spam patterns. After analyzing the comments, Akismet automatically filters out the spam without affecting the users on your website. A key is required for using the Akismet plugin; you can get this key from the official Akismet website.
Install Visual Verification
If spam keeps getting in your website, you will have to make use of a CAPTCHA plugin. You can download plugins like captcha, reCAPTCHA, Really Simple Captcha, Match Captcha etc.
Restrict Comment Privileges To Registered Users
The aim of most of the spammers is to post as many pages and website links as possible. If it gets difficult for the spammers to add their comments to your website, they will ignore your website and move on to some other site. This can be done by restricting the comment privileges only for the registered users; this adds an additional layer of security to your comment section. You can find this option in Settings > Discussion > Other comment settings. All you have to do is check the box that says ‘Users must be registered and logged in to comment’ and save the changes.