Support » Plugin: Subscribe2 » Scamming the signup

  • Resolved whybother2


    Thanks for your time. I love the widget(?) but am concerned about all the signups I am receiving. I know, I KNOW!
    Sounds crazy, but sometimes I get really wacky email addresses or usernames and it made me wonder just how difficult it would be to spam my signup list.
    I do use the opt in. I checked that to make sure it was being used. I even have the reminder email set up.
    It would appear to be an AWFUL lot of work to signup for blog posts when all you can DO is get blog posts.
    Now of course, if all those folks really did sign up, but if not 🙁
    I did not use my site name since I could not log in under my actual info. And wordpress just kept sending me passwords that did not work.
    my site is

Viewing 4 replies - 1 through 4 (of 4 total)
  • @whybother2,

    Web bots will indiscriminately enter information into forms so you will get false sign ups.

    You seem to be using an older version of Subscribe2. If you update to 9.0 there are some anti-spam measures in there and also any unconfirmed subscribers are automatically deleted after 28 days.

    Finally, you might want install some other plugins that block bots, for example Bad Behaviour.

    Hello Matthew,
    Thank you for your response. I have updated subscribe 2. I will investigate Bad Behaviour. Thanks again for your response. Enjoy your weekend and holidays.



    Hi Matthew

    I’ve also been getting odd email addresses. I have three questions:

    1. In the post above you mentioned “anti spam measures”. I can’t seem to find them. Could you advise where they are? I only see under “Miscellaneous” a box called “Barred domains” which doesn’t help me. Most of the spam addresses I get are using and many legitimate users use hotmail too. It would be more useful to be able to copy and paste these fake signups into a similar box.

    2. I did a test from a friend’s email address to subscribe. I actually do get this email:

    “xxx has received a request to subscribe for this email address. To complete your request please click on the link below:”
    Does the fact that the spam address was subscribed means that there is a real person who actually physically clicked the link, or are there spambots who can do this for spammers now?

    3. Is there a possiblity to integrate something like Captcha with this plug in? I found something called the Anti-Spam plug-in by Cleantalk. Unfortunately that only applies to commenting, not the initial e-mail notification sign up itself.

    Thanks a million, and Happy New Year!




    1/ Have a look at the source code of your website page containing the Subscribe2 form, you should find some hidden fields asking for a name and URI. These need to be empty for the form to work but bots usually fill such fields. Barring individual emails is not helpful in my opinion, you would endlessly be updating that text area.

    2/ Spammers don’t usually monitor for the email and click the link, the link is site specific provided you are using unique salts in the wp-config.php file so the email needs to be used to confirm the action.

    3/ Integrating a captcha plugin would require a lot of work either implementing it from scratch or finding a suitable captcha plugin that has an aPI to deploy their captcha form and then validate the response. As I don’t personally like captcha and won’t use it it is not something I am keen to begin supporting.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Scamming the signup’ is closed to new replies.