Thread: I need help stopping wordpress spam

I need some help and maybe you can offer some advice about my WordPress site.

I get a lot of spam from spambots and spam from people looking to register on my forum/blog for the obvious purpose of spamming on my site. I have a registration page with one of those CAPTCHA input items and I also have a form where they have to agree to conditions in order to proceed. But these things does not stop me from getting email from people "requesting a username".

I think all the things that I have put on my registration page does not matter if a "_POST" message is sent to the php through the URL address. Is this right? What can I do?

you should use Akismet plugin. also set comments to go under moderation before they are displayed on the posts.

Originally Posted by manik

you should use Akismet plugin. also set comments to go under moderation before they are displayed on the posts.

I am using a plutin called "pie-register" which lets me use several different input fields on my registration page. Should I ditch this plugin? Can I use Akismet instead or along with my current plugin?

Originally Posted by manik

also set comments to go under moderation before they are displayed on the posts.

I've used this alone before with great success, mind you they add up after a while and going through all the spam-comments is annoying, at least they don't show up on your site. Another good way is to ensure you have a CAPTCHA there for comment submissions.

After I started to use KeyCAPTCHA plugin for WordPress in my blog I had zero spam comments, switched off Akismet and moderation.

Happy!!!

yeah i would agree using Captcha with Akismet might be a better solution in this case.

I think I will take your suggestion and put a better "captcha" on the registration page. One comes with my plug-in but I know that somehow spammers can bypass this with some sort of direct call to my server. I would really like to know how they do this.

I am using a wordpress plug-in which offers extra fields on the Registration page but, although it presents these fields as being “required”, I have found that somehow people and bots can bypass this with some sort of direct call to the server. Does anyone have any idea how this is done so that I can learn how do defend against this?

I thought I would ask. In the meantime, I will look into this better captcha addition.

Originally Posted by manik

yeah i would agree using Captcha with Akismet might be a better solution in this case.

I strongly disadvise using Akismet. It is always lagging few steps behind spammers, is directly used by spammers blocking legit users.
I daresay Akismet is interested just to report/flag spam - the more, the better.
See this link: goo.gl/tmSsY

Let me say that if one spam bot cracks webserver it is easy to know by all other bots through Akismet

I am using a plug-in on my registration page called "pie-register" that allows me to have many different input types.

But I suspect that the captcha and other items that also come with this plug-in are just window dressing. I suspect that they will add information into a database and retrieve this information but I do not think they are to be taken seriously as a means of stopping spammers and spam bots.

It seems to me that somehow determined spammers and spambots can simply send the right URL command with the right triggers directly to the server and bypass my registration page all together. I want to know exactly what can be done in my php code to stop this. Can anyone suggest?

How Do I Fix This WordPress PlugIn Issue?
I am getting a ton of these automatic requests from “users” requesting username for my Wordpress forum.

h t t p : / / i 6 7 . p h o t o b u c k e t . c o m / a l b u m s / h 2 9 2 / A t h o n o / t h i s . j p g

I think these unwanted automatic requests are easily accomplished by this plug-in:

h t t p : / / i 6 7 . p h o t o b u c k e t . c o m / a l b u m s / h 2 9 2 / A t h o n o / p l u g - i n p l u g s u p . j p g

I had thought that maybe there was something wrong with my Registration page but now I know this probably is not the problem. As a test, I commented out the registration button on my php login page and even after doing, I still get a flood of unwanted automated requests to register.
In fact, I found the php code in the plugin that sends me this dreaded email address:

Code:

function send_approval_email($user_login, $user_email, $errors) {
 if (!$errors->get_error_code()) {
  /* check if already exists */
  $user_data = get_userdatabylogin($user_login);
        if (!empty($user_data)){
   $errors->add('registration_required' , __('User name already exists', $this->localizationDomain), 'message');
     } else {
   /* send email to admin for approval */
      $message  = sprintf(__('%1$s (%2$s) has requested a username at %3$s', $this->localizationDomain), $user_login, $user_email, get_option('blogname')) . "\r\n\r\n";
   $message .= get_option('siteurl') . "\r\n\r\n";
   $message .= sprintf(__('To approve or deny this user access to %s go to', $this->localizationDomain), get_option('blogname')) . "\r\n\r\n";
   $message .= get_option('siteurl') . "/wp-admin/users.php?page=".basename(__FILE__)."\r\n";
   // send the mail
   @wp_mail(get_option('admin_email'), sprintf(__('[%s] User Approval', $this->localizationDomain), get_option('blogname')), $message);
   // create the user
   $user_pass = wp_generate_password();
   $user_id = wp_create_user($user_login, $user_pass, $user_email);
   update_usermeta($user_id, 'pw_user_status', 'pending');
  }
 }
}

This function is mentioned in the php code as being associated with the register_post command:

Code:

 add_action('register_post', array(&$this, 'send_approval_email'), 10, 3);

So what the heck is a "register_post" command?
I do not like what this function, "send_approval_email" does.
I do not know how this "register_post" message is triggered. Apparently, it can be triggered directly to the server through a URL. THen all the captcha elements are useless as well as any agreements that the user needs to click on are also pointless. How can I add to this function variables that check to see if other items are clicked on in the other plugin?

Ive been having problems with this myself, the best way to stop this is to put all comments on manual approval, and, this is important, put a notice saying that all comments are manually approved, havent tried this myself yet but I think it will be effective to some extent.

Originally Posted by jcourtenay

Ive been having problems with this myself, the best way to stop this is to put all comments on manual approval, and, this is important, put a notice saying that all comments are manually approved, havent tried this myself yet but I think it will be effective to some extent.

Humm. I am not ready to give up on a more automated approach just yet. I know it IS done out there on other web sites.

I have had some difficulty getting my web site set up the way I want it. It uses WordPress and BBPress. The WordPress uses a few plug-ins. The Plug-Ins do not work the way I want them to do and, after some investigation, I have come to the conclusion that I have to resort to doing some PHP programming.

I am a software engineer as a profession and so PHP would not be much of a challenge for me to grasp. Does anyone here know PHP programming?
For now, what I would like to understand is this. How can PHP set a global variable that can be sent from one web page to another and be used to allow or disallow things? h t t p : / / w w w . p h p . n e t / m a n u a l / e n / l a n g u a g e . v a r i a b l e s . s c o p e . p h p shows scope of variables and there is mention of global variables. But I am not 100% sure that this will work in the context of wordpress plugIns. If you set a global variable in one plugIn, can I access it in another plugIN?

always one stop solution for spam Akismet plugin work better

Akismet plugin will do the trick.

Here are 10 ways stopping spam in Wordpress-
1. Install Akismet
2. reCAPTCHA
3. Ask your readers to do 1+1
4. Stop spam trackbacks
5. Make users login to comment
6. Ban spammers by IP
7. Ban spammers by IP, on a massive scale
8. Deny comment posting to no referrer requests
9. Stop content theives
10. Stop spammers stealing your images