Support » Plugin: Clean Login » Spam users – wp signup still working?

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Author Alberto Hornero

    (@hornero)

    Were is the Clean Login form included? the shared URL is the default login.

    jaroslawistok

    (@jaroslawistok)

    Yes, I think this should be lead to my https://rainbowsongs.org/login/ page

    Plugin Author Alberto Hornero

    (@hornero)

    IMHO you are doing it rightly, using both reCaptcha and the already-included anti-spam honeypot option. Nothing to add from my side.

    jaroslawistok

    (@jaroslawistok)

    I put it in the right thread as the other one is close:

    I had to reset my site completely new again because og infections ;(
    But now I get spam users, a lot

    Plugin AuthorAlberto Hornero (@hornero)
    2 hours, 47 minutes ago
    Wow, maybe Google re-captcha is not working well because of that.

    jaroslawistok (@jaroslawistok)
    1 hour, 46 minutes ago
    I think the user signuo somehow automatically without even visit my site.
    That is why I ask why this site

    https://rainbowsongs.org//wp-login.php?action=register. (no restriction for pass and so on)

    is available?

    Earlier I used another plugin (not that good as yours)
    and there was this standard site redirected.

    I am sure this will be used for registering.

    Plugin Author Alberto Hornero

    (@hornero)

    I don’t know how can I help you here cuz the spam is controlled by re-captcha, within your current configuration. Maybe is a good idea to contact them. Just note that if spammers are not bots but humans, there is no antispam filter that could deal with them.

    jaroslawistok

    (@jaroslawistok)

    You seem still not understand my concern.
    These are bots.Each few minutes:

    Username1978
    username1978@pepapo.com

    And standard site https://rainbowsongs.org//wp-login.php?action=register
    should not be reachable as there in no spam filter , nothing

    Bots are not going over hight restricted clean login page.
    I saw new update from you but with the same problem.

    In the old site I had a jetpack that maybe was blocked this.
    But I am not using this anymore as there are connection and other issues with.

    I would be be happy if you consider to implement a redirection option from standard registering wp site to clean login page 🙂
    maybe then I will not get a 100 registered users a day.
    Otherwise I realy don’t know how this bots register here when my site has 20-40 views a day.
    I use Worfence and hosting setting are also secure and so on.

    The other plugin I mentioned was Theme My Login but yours is much better 🙂

    Sorry for bothering you but I have to stop this flood of users ;(
    I don’t now how bots register, because I have a life monitoring and non of register signup sites will be visited ;(

    I just wanted use a trick to separate StandBy from Contributor users but it seems not to work.

    I have in general wo options New User Default Role: StandBy
    On my clean login page I have a contributor chosen a Contributor role.

    Bevor validating the role status shows None for a testuser.
    But after validating it jumps to StandBy, not to contributor as I expected.

    What I am doing wrong?

    Plugin Author Alberto Hornero

    (@hornero)

    Did you try disabling the plugin? Just to make sure it’s related to the plugin registration process itself.

    No, I didn’t but I will do.
    I am sure that this bots, which come in waves, use some other method.
    I don’t know which one. I only try to recognize which are bots and which not.
    That is why I had this Idea, via different roles given to new registered users, to differenciate them one from another. But after validating users via clean login they have than the same role, namely one which is set in wp general option.

    Today ware a little less bots but they com, I know ;(

    Since I added a function for redirecting from standard signup to claen login= No more wild subscriber 😉

    Maybe for next update?

    // Redirect Registration Page
    function my_registration_page_redirect()
    {
    global $pagenow;

    if ( ( strtolower($pagenow) == ‘wp-login.php’) && ( strtolower( $_GET[‘action’]) == ‘register’ ) ) {
    wp_redirect( home_url(‘/login/’));
    }
    }

    add_filter( ‘init’, ‘my_registration_page_redirect’ );

    Plugin Author Alberto Hornero

    (@hornero)

    Hi @jaroslawistok,

    I’m glad you finally solved it. BTW, did you try the same by disabling the dashboard access from the plugin? Please note that after that you can only access through wp-login.php

    dashboard access was always disabled, only this redirection helps 🙂

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Spam users – wp signup still working?’ is closed to new replies.