ZDNet AI→ original

Claude and Codex stopped WordPress spam in 2 days — 4700 lines of code against bots

Spam bots flooded the WordPress site's database — standard plugins couldn't handle it. A developer stopped the attack in two days: Claude conducted a…

AI-processed from ZDNet AI; edited by Hamidun News
Claude and Codex stopped WordPress spam in 2 days — 4700 lines of code against bots
Source: ZDNet AI. Collage: Hamidun News.
◐ Listen to article

In 48 hours, a developer wrote 4,700 lines of code with the help of Claude and Codex and completely stopped a massive spam attack that had overwhelmed his WordPress site's database.

What Happened to the Site

Spam bots were creating fake accounts at an industrial scale — the WordPress site's database couldn't handle the load. Standard plugins and built-in platform tools proved useless: the attack continued, with each new wave of registrations overloading the server and slowing things down for real users.

The standard scenario would be to hire a security specialist or spend weeks figuring it out yourself. The developer chose a different path: two AI tools and 48 hours of intensive work.

How Claude and Codex Divided the Tasks

Each tool performed its own function — this division of labor proved to be key.

Claude from Anthropic took on the role of security analyst: it studied the site's architecture, identified vulnerable points in the registration process, explained the attack mechanism, and formulated requirements for a protective solution. Essentially, it acted as a "thinking partner" — answering questions like "where is the weakness" and "what should the defense look like."

Codex from OpenAI served as the implementation tool: it received technical requirements and generated working code. Writing 4,700 lines in 48 hours solo is practically impossible — especially while simultaneously diagnosing an attack in real time.

Key facts of the case:

  • 4,700 lines of code — the total volume of the new protective solution
  • 2 days — from task specification to production deployment
  • Claude — vulnerability audit and defense architecture design
  • Codex — code generation based on technical requirements
  • Result — new protective layer deployed, attack stopped

Why the "Analysis + Code Generation" Pattern Works

The case demonstrates an effective scheme for using multiple AI tools together: one model acts as architect and analyst, the other as executor. Each is deployed where it truly excels.

WordPress is one of the most attacked CMS platforms in the world. Spam registrations remain a common attack vector: they overwhelm databases, create thousands of junk accounts, and often serve as a foothold for more serious threats. Before AI tools arrived, custom protection against such attacks required either deep security expertise or a budget to hire a professional.

The Claude and Codex combination allows one developer to handle tasks that previously required a team or lengthy study. AI doesn't replace the specialist here — it scales their capabilities: a security-engineer-level task gets solved in two days of intensive work instead of weeks.

For independent developers and website owners, this changes a lot: responding to security incidents can now be done faster and with fewer resources than before. The barrier to entry for custom security development drops significantly.

What This Means

The WordPress attack case shows that dividing roles between AI tools — Claude as vulnerability analyst, Codex as code generator — works in real combat conditions. Two days and two AI assistants solved a problem that previously would have required weeks of work or hiring a security professional.

ZK
Hamidun News
AI news without noise. Daily editorial selection from 400+ sources. A product by Zhemal Khamidun, Head of AI at Alpina Digital.

Want to stop reading about AI and start using it?

AI News is a curated feed of AI/tech news. Hamidun Academy teaches you to use AI systematically in your work.

What do you think?
Loading comments…