All geek questions in one place

WordPress Spam on? Action = Register URL

Like everyone else, we run into spam issues on our WordPress site. Every month we get a significant amount of traffic, and we are faced with some strange problem. We use the Really Simple Captcha plugin with contact format 7, and it works great for the most part (it reduces almost all spam), except when every day still passes. The form we are in is the departure contact form that appears when you hover over the link in the header. This is mainly on every page of the site.

In the email we receive from the view, we have the URL that the message displays below. The only thing that combines all successful spam messages is that "? Action = register" is added to the URLs they send. If I go to the link that it sends and adds that at the end of the URL, the form and CAPTCHA are still working (i.e. if I find CAPTCHA wrong, it blocks me). So it's weird.

I know that "? Action = register" is usually added to wp-login.php so that users can register on the site. I also know that there is a plugin ( https://wordpress.org/plugins/custom-registration-link/ ) that will fix it to a certain extent, but the plugin is very outdated and also just change the registration link (not necessary to prevent spam).

We have registered on our website, since we manually enter users, if we need me to know a couple of patches that I can use to solve this problem (redirect people when $ _GET ['action'] is installed, for example), but he does not answer why this will happen. How could there be any vulnerability only with a GET variable?

+5
source share
1 answer

There are many methods to combat spammers, none of them are 100% effective. Some of them are easy, but can present accessibility issues if you are concerned about this (all Europeans should be). Some of them are quite complicated and can still lead to false positives, blocking legitimate users. You can implement a combination of methods, but a large number of approaches can slow down the loading of pages.

The easiest way is to use an existing plugin, but if you can write a reasonable code and are ready to insert time, I think it would be nice to try different methods to hush up and mix spammers. One remarkably effective method if you have a site with special interests is simply to require registration owners to correctly answer a question that your target audience can easily answer but cannot be Googled. Questions will sometimes need to be changed and changed, because there are spammers who receive spam, which are part of the percentage for spam, who are especially happy with the solution to these puzzles. Once they do, they show off in front of their cohorts, then each spammer finds out the answer.

The links below may be useful to you.

https://wordpress.org/support/topic/anti-spam-registrations
http://w3guy.com/wordpress-plugin-combat-stop-spam-bot-registration/

EDIT is another solution. you can prevent users who click the url directly by following htaccess.

RewriteCond %{REQUEST_URI} "^/wp-login.php$" [NC] RewriteCond %{QUERY_STRING} "action=register" [NC] RewriteCond %{HTTP_REFERER} "!^http://([^.]+.)?domain.com/.*$" RewriteRule (.*) "/wp-login.php?" [L,R]

I think this may help you.

-3
source

Source: https://habr.com/ru/post/1211806/

More articles:


All Articles