Title: Security Issues? Automatic unknown subscribers Last modified: March 28, 2018 --- # Security Issues? Automatic unknown subscribers * [thomascj](https://wordpress.org/support/users/thomascj/) * (@thomascj) * [8 years, 1 month ago](https://wordpress.org/support/topic/security-issues-automatic-unknown-subscribers/) * We are MailPoet 2 users who are seeing continual unknown registrants (all from the same domain). We delete them, and they get re-added automatically. * Is it possible there’s some sort of security issue with this plugin? Viewing 7 replies - 1 through 7 (of 7 total) * [RVOLA](https://wordpress.org/support/users/rvola/) * (@rvola) * [8 years, 1 month ago](https://wordpress.org/support/topic/security-issues-automatic-unknown-subscribers/#post-10124679) * same problem for me too. 2 sites. * [Wysija](https://wordpress.org/support/users/wysija/) * (@wysija) * [8 years, 1 month ago](https://wordpress.org/support/topic/security-issues-automatic-unknown-subscribers/#post-10124957) * Hey, * Unfortunate to hear that you’ve been targeted by spammers. But this is the internet, and such attacks tend to happen for everyone. * One thing you can do, which other users found success with, is to enable ReCaptcha in your plugin’s settings. I’m sure you’ve ran into it elsewhere in your daily browser, but you can read more about it here: [https://www.google.com/recaptcha/intro/index.html](https://www.google.com/recaptcha/intro/index.html) * Doing so should add ReCaptcha to your subscription forms, blocking automated subscription attacks (which usually don’t solve captchas). * You can read more about this approach in our Knowledge base articles: For MP2 users: [https://docs.mailpoet.com/article/25-fake-signups-what-to-do](https://docs.mailpoet.com/article/25-fake-signups-what-to-do) For MP3 users: [https://beta.docs.mailpoet.com/article/219-fake-signups-what-to-do](https://beta.docs.mailpoet.com/article/219-fake-signups-what-to-do) * Best regards, MailPoet Team. * Thread Starter [thomascj](https://wordpress.org/support/users/thomascj/) * (@thomascj) * [8 years, 1 month ago](https://wordpress.org/support/topic/security-issues-automatic-unknown-subscribers/#post-10124979) * We could certainly try recaptcha.. but how is this even happening? We do not have open subscriptions, and no information about the list has ever been posted on our website. * [Wysija](https://wordpress.org/support/users/wysija/) * (@wysija) * [8 years, 1 month ago](https://wordpress.org/support/topic/security-issues-automatic-unknown-subscribers/#post-10125046) * Since you mentioned using MailPoet 2, that could suggest a different way of dealing with subscriptions than how MailPoet 3 deals with them. If you have a subscription form already created – that could potentially allow such behavior, even if it’s not shown anywhere. * If it is an option for you – you could upgrade to MailPoet 3. * Thread Starter [thomascj](https://wordpress.org/support/users/thomascj/) * (@thomascj) * [8 years, 1 month ago](https://wordpress.org/support/topic/security-issues-automatic-unknown-subscribers/#post-10125174) * That is actually the answer — there were some basic (unused) forms we didn’t even know about. I deleted them and suspect that will resolve it for us. * FWIW we do plan on upgrading to MP3, but have a communication being developed/ drafted now. Once we’ve finished that one we’ll be completing the upgrade to MP3. * [xspyrox](https://wordpress.org/support/users/xspyrox/) * (@xspyrox) * [8 years, 1 month ago](https://wordpress.org/support/topic/security-issues-automatic-unknown-subscribers/#post-10126951) * [@wysija](https://wordpress.org/support/users/wysija/) * I do have the same problem on my blog for the last few days. * The thing i analysed so far is, that those fake-signups aren’t coming from the Website-Interface. the attackers seem to be targeting the php-libraries directly or using the html-form in a way, a normal user couldn’t. Those fake-signups are assigned to no “list” on my wordpress-blog, normally when you signup, they get assigned to the list “newsletter”, even if they aren’t confirmed yet. * So, maybe you could put a simple option-field in the settings of Mailpoet (i’m using latest version 2) like “deny subscriptions without explicit subscription- list” and check/validate this within the library directly, shortly before sending subscription-mail? This would solve the problem for all of us and it is really really easy to implement. I read on other forums too that many users are having spammer-problems with Mailpoet 2 the last days. * Would be glad to hear that this might be a solution you can implement next days 🙂 - This reply was modified 8 years, 1 month ago by [xspyrox](https://wordpress.org/support/users/xspyrox/). * [Bloog](https://wordpress.org/support/users/bloog/) * (@bloog) * [8 years, 1 month ago](https://wordpress.org/support/topic/security-issues-automatic-unknown-subscribers/#post-10128872) * This issue is also being discussed at the WP forum for [MailPoet Newsletters (previous)](https://wordpress.org/support/topic/2-8-2-exploited-via-admin-ajax-php/) Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘Security Issues? Automatic unknown subscribers’ is closed to new replies. * ![](https://ps.w.org/mailpoet/assets/icon-256x256.png?rev=3284564) * [MailPoet - Newsletters, Email Marketing, and Automation](https://wordpress.org/plugins/mailpoet/) * [Frequently Asked Questions](https://wordpress.org/plugins/mailpoet/#faq) * [Support Threads](https://wordpress.org/support/plugin/mailpoet/) * [Active Topics](https://wordpress.org/support/plugin/mailpoet/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/mailpoet/unresolved/) * [Reviews](https://wordpress.org/support/plugin/mailpoet/reviews/) ## Tags * [mailpoet2](https://wordpress.org/support/topic-tag/mailpoet2/) * [solution](https://wordpress.org/support/topic-tag/solution/) * 7 replies * 5 participants * Last reply from: [Bloog](https://wordpress.org/support/users/bloog/) * Last activity: [8 years, 1 month ago](https://wordpress.org/support/topic/security-issues-automatic-unknown-subscribers/#post-10128872) * Status: not resolved