Registration Bots | WordPress.org

Illumin
(@illumin)

13 years, 7 months ago

Hi,

I’ve been getting an increasing number of registrations from what appear to be bots, see below:
===
19:21:46 ->/wp-login.php?action=register
19:21:49 ->/wp-login.php?checkemail=registered
19:21:50 ->/wp-login.php
===
Within a matter of seconds they are registering, confirming registration, and logging in. Email doesn’t work that fast, so it’s not a real person clicking on a confirmation email. Bots, or hackers, should not be able to access “/wp-login.php?checkemail=registered” directly, right?

Viewing 3 replies - 1 through 3 (of 3 total)

Moderator James Huff
(@macmanx)

Volunteer Moderator

13 years, 7 months ago

Bots can access whatever they’re programmed to access. Try using this plugin to prevent the behavior:

http://wordpress.org/extend/plugins/bad-behavior/

If that’s not enough, add a CAPTCHA:

http://wordpress.org/extend/plugins/si-captcha-for-wordpress/

300
(@300)

13 years, 7 months ago

Unfortunately there’s also a Captcha bypass program available for a low price that makes Captcha systems useless.

Moderator James Huff
(@macmanx)

Volunteer Moderator

13 years, 7 months ago

Unfortunately there’s also a Captcha bypass program available for a low price that makes Captcha systems useless.

If we’re thinking of the same program, it’s only effective on weak captchas that don’t obstruct the characters. The plugin that I linked to has an adjustable difficulty which can obstruct the characters in varying degrees.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Registration Bots’ is closed to new replies.

In: Requests and Feedback
3 replies
3 participants
Last reply from: James Huff
Last activity: 13 years, 7 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics