WordPress.org

Forums

STOP SPAM! Confirmation Emails to All NEW Registrations (5 posts)

  1. Jim Hall
    Member
    Posted 1 year ago #

    Hello,

    First, you guys show us all a lot of love, and we appreciate every last one of you. TRULY!

    However, it seems painfully obvious that nobody here cares about stopping spammers from the core of WP. I get ONE legit subscriber for every ONE HUNDRED fake email accounts by spammers wanting to spam my comments.

    People have been BEGGING for this feature for SEVEN YEARS NOW:
    http://wordpress.org/support/topic/email-confirmation-on-registration

    The plugin "DM Confirm Email" is exactly what I want but it doesn't work on any of my 33 sites or any of their themes. So, it must be terribly bad code, and I don't need another security hole.

    This "Confirmation Email" functionality should block any user details from being entered in the database until they click the confirm account link. Perhaps after say 72 hours the account details are auto-deleted if not confirmed - ** AWESOMENESS **

    It just SEEMS like it should be a TOP PRIORITY but instead, isn't even anywhere in sight on the drawing board. It's become *almost impossible* to separate valuable customers from spam, which greatly reduces the usefulness of WordPress over Joomla, for me.

    VERY (unnecessarily) frustrating. Thanks for reading my rant :)

    Jim

  2. However, it seems painfully obvious that nobody here cares about stopping spammers from the core of WP.

    ...

    It just SEEMS like it should be a TOP PRIORITY but instead, isn't even anywhere in sight on the drawing board.

    100% correct and from the amount of anti-spam plugins it seems like SPAM control has always been relegated to the realm of... PLUGINS! :)

    http://wordpress.org/plugins/search.php?q=spam
    http://wordpress.org/plugins/search.php?q=registration+spam

    On a serious note yes that task has always been an add-on via a plugin.

    For comment spam the Akismet and Cookies for Comments has been a popular combination.

    http://wordpress.org/plugins/akismet/
    http://wordpress.org/plugins/cookies-for-comments/

    This one is pretty good too.

    http://wordpress.org/plugins/spam-destroyer/

    For registration spam the search link above may help you out. I personally do not permit anyone to register on my installations particularly if the only purpose is to limit comment spam.

    That's just not a good control. Never has been.

  3. Jim Hall
    Member
    Posted 1 year ago #

    Thank you for your fast reply. I would argue though that 99% of the spam registrations are using bots like scrapebox, xrummer, and others I won't promote here.

    Know your enemy, and their tools.

    These widely available programs are *very good* at [using] captcha solving services, so you can forget those plugins. They also auto-generate usernames and email addresses for registration purposes, and most of them primarily target WordPress, Joomla, Drupal, BlogEngine and Moveable Type. WordPress is #1 though - no doubt.

    For developers who may be reading I'll say it again for clarity:
    Know your enemy, and their tools.

    Askimet & Cookies for Comments are great at stopping comments where registration isn't required to comment. However, who doesn't require registration these days? Useless imho because legit users don't spam your comments (usually).

    What *would work* is requiring users to actually have a real email address (we can blacklist) and clicking of a confirmation link. Yes, there is automation software for that too, but its much harder to keep track of for the spammers, and easier to get their email addresses blacklisted where other useful plugins can take over like the "Stop Spammers" plugin.

    All the functionality to send a confirmation email at registration is mostly already built in. Just give us a box to tick that enables/disables confirmation emails in registration, and see how it's received by the WordPress base.

  4. These widely available programs are *very good* at [using] captcha solving services, so you can forget those plugins.

    I totally agree. CAPTCHAs are worthless and penalize your users.

    However, who doesn't require registration these days?

    Everyone? I mean, everyone who doesn't want to expose their WordPress installation to registration spam?

    If registration is only for comments then I urge you to just turn it off. It doesn't buy you anything at all.

    If you use registration for creating authors and potential contributors who will post then I get that and that makes sense. But if it's just for comments then why have people register?

    Just give us a box to tick that enables/disables confirmation emails in registration,

    Try this plugin (untested by me). It's dated but may still work fine on your installation.

    http://wordpress.org/plugins/disable-registration-email/

  5. donmhico
    Member
    Posted 1 year ago #

    Hello,

    Can you perhaps tell me what issue are you having with DM Confirm Email? And what version of the plugin did you used?

    The first version (1.0 - 1.1) was coded with Namespaces. But sadly many of wordpress sites are still using PHP < 5.3 so I removed the namespace. Please take note (using namespaces and removing will not be of any security flaw)

    But the latest version of the plugin 1.3 should work. Please try it and let me know if you have issue. I specifically create DM Confirm Email to help people that are looking to have the email confirmation feature that wordpress doesn't have built-in. I am planning to support the plugin and add more enhancement / features in the future.

    P.S. I'm the plugin author of DM Confirm Email

Topic Closed

This topic has been closed to new replies.

About this Topic