• Resolved jetdv

    (@jetdv)


    I installed Ultimate Member to cut down on the spam users/messages and it has helped. I have been able to reject all of them before they approved via e-mail which has eliminated all spam messages. However, I’m still getting several new spam registrants and the common feature seems to be that the first name and the last name and the user name are all the same.

    Is there a way to require that the first and last names be different or could the plugin look for cases such as this? Here’s an example:

    http://www.jetdv.com/wp-content/uploads/2021/02/SpamUser.png

    Using the standard register form with all fields set to required:

    http://www.jetdv.com/wp-content/uploads/2021/02/UMRegister.png

    I have considered adding Google reCAPTCHA but would like to remove one more hoop for new users to jump through.

Viewing 15 replies - 1 through 15 (of 18 total)
  • @jetdv

    Add this php code to your theme’s function.php
    and replace 384 with your registration form id number.

    add_action( 'um_submit_form_errors_hook_', 'my_submit_form_errors_hook', 10, 1 );
    
    function my_submit_form_errors_hook( $args ) {
    
    	if( $args['form_id'] == "384" && $args['first_name'] == $args['last_name'] ) {
    		UM()->form()->add_error( 'last_name', __( 'Please change last name which is equal to first name.', 'ultimate-member' ));
    	}
    }

    Yes but customising the function.php file of a theme is not recommended.

    https://premium.wpmudev.org/blog/why-you-shouldnt-use-functions-php/

    @jonnie45

    Yes you are right,
    create a child theme and use the child theme function.php

    https://wordpress.org/plugins/child-theme-configurator/

    Thread Starter jetdv

    (@jetdv)

    @missveronicatv
    Thanks. https://github.com/ultimatemember/ultimatemember/issues/691 sounds like exactly what I’m looking for to be added. I was hoping it would be a built-in option and maybe it will be some day.

    I just started my wordpress site two weeks ago and have already learned a ton! I had heard about child themes – now I guess I need to LEARN about them so I can add this code. Thanks so much!

    Thread Starter jetdv

    (@jetdv)

    @missveronicatv
    Ok, I downloaded the tool and created a child template. I had to reset a few things but I got the looks back to where they should be. Then I went to the function.php and added the code to the child as shown here:
    http://www.jetdv.com/wp-content/uploads/2021/02/phpCodeAdded.png

    I’m assuming I selected the ID correctly from here?
    http://www.jetdv.com/wp-content/uploads/2021/02/phpID.png

    Then I went to a new browser and tested but it went ahead and allowed it to be the same.

    • This reply was modified 1 year, 7 months ago by jetdv.

    Did you make the child theme active?

    Thread Starter jetdv

    (@jetdv)

    Get the form id from the UM registration form shortcode parameter

    Example [ultimatemember form_id=”384″]

    • This reply was modified 1 year, 7 months ago by missveronica.
    • This reply was modified 1 year, 7 months ago by missveronica.
    • This reply was modified 1 year, 7 months ago by missveronica.
    Thread Starter jetdv

    (@jetdv)

    @missveronicatv THANKS!!! The real number was 105 under Ultimate Member -> Forms. It worked this time! Really appreciate your help.

    Thread Starter jetdv

    (@jetdv)

    In my entire life, I’ve only known one person that, in reality, had the same first and last name and that was after they married someone who had the same last name as their first name.

    @jetdv
    Very good.

    I will add a spammers log,
    which you can view from a WP page via a shortcode,
    with date/time, the entered names, email and IP
    for follow up like adding spam IP’s to your Wordfence firewall IP block list

    https://wordpress.org/plugins/wordfence/

    • This reply was modified 1 year, 7 months ago by missveronica.

    @jetdv

    I run and develop a site with over 30,000 users, I code it myself in PHP (its not a WP site).

    A long time ago I added the duplicate name check in my code. It has only done a FALSE negative a few times over the last ten years (to the best of my knowledge – ie based on user getting in touch and explaining they cannot sign up).

    In both cases it seemed that either the terms “first name” and “second name” were not understood ( the site is used internationally but we only cater for 5 languages so many users have to deal with a language that is not their mother tongue )….OR…..they were being a bit lazy and used their first name twice or maybe other.

    In both cases the issue was resolved via the “contact us” page.

    I prefer not to add a note on the signup page “dont enter same name twice” that might alert the people who write the spam bots.

    The new breed of bots use names like “JKEOjfrjdfiirpe rfkekigotek” – thats a pain – its not easy to reliably spot random characters in a way that is safe in all languages – humans are really good at spotting random characters but to do it safely algorithmicaly is not so easy.

    https://stackoverflow.com/questions/1164186/how-to-check-if-a-string-looks-randomized-or-human-generated-and-pronouncable

    You always have to think of the one poor person who through no fault of their own cannot sign up and gets increasingly frustrated and fed up.

    Its a tough balance.

    Thread Starter jetdv

    (@jetdv)

    @jonnie45 So are you suggesting that it not display an error but, instead, do what? Nothing? Maybe just go back to the home page? Maybe just refresh the registration page?

    Was hoping that the spam bots would just try and go away if it simply didn’t work no matter if there was an error message.

    The one person I knew had a first name of Gay. She ended up marrying Mr. Gay. And so her name really was Gay Gay. I believe in that case they could get around the issue by adding their middle initial or something of that nature.

    I don’t have a perfect solution. I do not think it is realistic to think that people who write spam bots never visit a site in person to work out their strategy, why would they work in the dark?

    If they are serious about their game they will take a look in person from time to time, don’t forget larger sites are sometimes targeted specifically not randomly

    Its unlikely there will be an ideal solution, the people who write spam bots are probably as smart as the people writing the protection code, its chess.

    * On a similar note if you are concerned about confidentiality should you ever offer a message on a sign-up page to say “sorry someone is already registered with that email address”? If you want to find out if your “faithful” partner is visiting dating / swinger sites or other types of site – you could just visit loads of local dating / swinger sites and try and sign up with your partners email.

    Error messages displayed on website pages give information away – sometimes its good information and helpful – other times you are revealing vulnerability or potentially betraying confidences.

    How do you advise someone who has genuinely forgotten that they are already signed up with you the reason there is a problem without betraying confidences to interested parties who know them, know their email and want to check them out?

    Its not completely rare – I sometimes receive emails from people already signed up saying they cannot sign up.

    The best “secure” solution is to send them an email to the email-address they registered with saying “sorry you tried to sign up with us today but you already have an account with us” – of course that only solves irritation and frustration the other end when they next decide to check email – if they are eyeballing their browser with increasing irritation and their email client is not open then you have an annoyed user.

    • This reply was modified 1 year, 7 months ago by jonnie45.
    • This reply was modified 1 year, 7 months ago by jonnie45.
Viewing 15 replies - 1 through 15 (of 18 total)
  • The topic ‘Force First Last Name to be different’ is closed to new replies.