Claude and Codex stopped WordPress spam in 2 days — 4700 lines of code against bots
Spam bots flooded the WordPress site's database — standard plugins couldn't handle it. A developer stopped the attack in two days: Claude conducted a…
AI-processed from ZDNet AI; edited by Hamidun News
In 48 hours, a developer wrote 4,700 lines of code with the help of Claude and Codex and completely stopped a massive spam attack that had overwhelmed his WordPress site's database.
What Happened to the Site
Spam bots were creating fake accounts at an industrial scale — the WordPress site's database couldn't handle the load. Standard plugins and built-in platform tools proved useless: the attack continued, with each new wave of registrations overloading the server and slowing things down for real users.
The standard scenario would be to hire a security specialist or spend weeks figuring it out yourself. The developer chose a different path: two AI tools and 48 hours of intensive work.
How Claude and Codex Divided the Tasks
Each tool performed its own function — this division of labor proved to be key.
Claude from Anthropic took on the role of security analyst: it studied the site's architecture, identified vulnerable points in the registration process, explained the attack mechanism, and formulated requirements for a protective solution. Essentially, it acted as a "thinking partner" — answering questions like "where is the weakness" and "what should the defense look like."
Codex from OpenAI served as the implementation tool: it received technical requirements and generated working code. Writing 4,700 lines in 48 hours solo is practically impossible — especially while simultaneously diagnosing an attack in real time.
Key facts of the case:
- 4,700 lines of code — the total volume of the new protective solution
- 2 days — from task specification to production deployment
- Claude — vulnerability audit and defense architecture design
- Codex — code generation based on technical requirements
- Result — new protective layer deployed, attack stopped
Why the "Analysis + Code Generation" Pattern Works
The case demonstrates an effective scheme for using multiple AI tools together: one model acts as architect and analyst, the other as executor. Each is deployed where it truly excels.
WordPress is one of the most attacked CMS platforms in the world. Spam registrations remain a common attack vector: they overwhelm databases, create thousands of junk accounts, and often serve as a foothold for more serious threats. Before AI tools arrived, custom protection against such attacks required either deep security expertise or a budget to hire a professional.
The Claude and Codex combination allows one developer to handle tasks that previously required a team or lengthy study. AI doesn't replace the specialist here — it scales their capabilities: a security-engineer-level task gets solved in two days of intensive work instead of weeks.
For independent developers and website owners, this changes a lot: responding to security incidents can now be done faster and with fewer resources than before. The barrier to entry for custom security development drops significantly.
What This Means
The WordPress attack case shows that dividing roles between AI tools — Claude as vulnerability analyst, Codex as code generator — works in real combat conditions. Two days and two AI assistants solved a problem that previously would have required weeks of work or hiring a security professional.
Want to stop reading about AI and start using it?
AI News is a curated feed of AI/tech news. Hamidun Academy teaches you to use AI systematically in your work.
The AI world, distilled — once a week
Seven stories that actually mattered, hand-picked. No noise, no reposts, no press releases.
Done! Check your inbox for a confirmation.