Tips and Tricks HQ Support

Support site for Tips and Tricks HQ premium products

[Resolved] Validating Registration Information

by

Tips and Tricks HQ Support Portal Forums WP eMember WP eMember General Questions Validating Registration Information

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • January 3, 2024 at 5:18 pm #84998
    tsm
    Participant

    I have wp emember active on my site, and I’m getting lots of spam signups. To combat this, I enabled double opt-in with email confirmation, but I don’t love that users have to go through all that extra hassle.

    So here’s what I’m thinking: I want to run the info of each member that tries to sign up through Akismet (via their API) and only activate the account if it passes Akismet’s check. I’m expecting this to be a pretty big project, and I’m hoping you could point me in the right direction. I’m not looking for hand-holding, but I’m curious how you would approach something like this?

    Thanks very much for your time!

    January 4, 2024 at 6:27 pm #84999
    wzp
    Moderator

    Unfortunately, this issue has been “beaten to death,” over the years; and the advent of AI will only make it worse. IMHO the only way to secure a site is to put it behind a $1 paywall, in lieu of a free membership level. Even after PayPal takes its cut, you’ll still have a 20-something cents profit.

    January 5, 2024 at 10:28 am #85000
    tsm
    Participant

    When checking pending member emails and IPs manually, it seems like most of the spam signup we’ve gotten (thousands) would’ve been stopped by Akismet. I hear that bots are a major issue, and I hear that AI is about to make this a lot worse, but I’d still like to move forward with an Akismet integration for now. With that being said, do you have any advice from a technical standpoint?

    Also, thank you for your quick response and helping me set realistic expectations about this problem!

    January 5, 2024 at 7:11 pm #85001
    wzp
    Moderator

    With any anti-anything solution; the object is to make it too expensive for your adversary to bother you.

    eMember can block email addresses based on domains:

    eMember – Restricting registration to certain types of emails, ie. only .edu

    You can also block specific ranges of IP addresses:

    eMember – block registration by ip address

    You could also use our email address based 2FA addon, and force the spammers to create email addresses:

    SWPM Two-Factor Authentication Addon


    We never developed an SMS or Google Authenticator 2FA addon; because “we” would be charged for each authentication.

    But forcing them to spend money is a sure fire solution. $1 is not very much; and you can always incentivize the $1 purchase.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.