JP User Registration Blacklist Wordpress Plugin - Rating, Reviews, Demo & Download
Plugin Description
Update: 6/2015
Changed e-mail token and math problem confirmation logic. Previously, everything happened all at once, and the user would get prompted mutliple times for the math problem.
Now, the user must answer the math problem first, before the e-mail token is sent. Once the math problem is correctly answered within the session, it isn’t asked again. The user must now enter the correct token, which results in successful registration.
SPECIAL THANKS TO OLEG M. FOR HELPING ME IDENTIFY, FIX, AND TEST THE ERROR!!
Update: 5/2015
Added E-mail confirmation token. Prevents registration until user enters a token sent via e-mail.
Features:
- Prevent users from registering, if their IP or e-mail address is listed in the “Comments” blacklist (Settings..Discussion)
- E-mails user a 4-digit token, and requires the user to enter the token in order to register.
- Users must solve a simple math problem (Add two one-digit numbers).
- Places user IP address in “Website” field.
This is a super-simple user registration spam countermeasure. I searched for a plugin that was SIMPLE and EFFECTIVE. I looked at quite a few plugins that promised the desired effect, but were either cumbersome, or included too many unneeded or unwanted features. Likewise, there are some very simple plugins that are less-than-effective.
This plugin is VERY simple:
If the user’s IP or e-mail address is listed in the “Discussion” comments blacklist, it prevents the user from registering. This functionality should really be built in to WordPress, so, you’re welcome.
When the user registers, they are presented with a simple math problem – adding a 3-digit number to a 1-digit number. 99% of the “user reg spam” is based on bots being able to attack the basic WordPress registration form. By adding even a simple math problem, most bots will fail, removing your site as a target of opportunity. Criminals go after what’s easy – if you make it slightly more difficult for them, they will go after someone else.
Once the user solves the math problem, they are sent a 4 digit token via e-mail, and must enter that token to continue registration.
Finally, knowing the location from where your users register allows you to more effectively evaluate and block the source. This plugin adds the user’s IP address (at the time of registration) to the “Website” field.
Go to http://whois.arin.net to find out who they are. If you decide to block the IP, add the IP address, part of the IP address, or e-mail domain to the “Discussion” comments blacklist, and ANY user registrations from an IP address matching that pattern will be blocked.
Configuration
To Configure the Plugin:
NOTE: NO CONFIGURATION IS REQUIRED. This plugin is fully-functional using the default values.
In the Plugins page, click “Settings” underneath the “JP User Registration Blacklist” plugin.
-
Seed: This value determines how the answer to the math problem is masked. Periodically change this, to keep the spammers and criminals at bay. The initial value is randomly-generated.
-
Failed Math Response: Error message displayed to the user, if they fail to correctly solve the math problem.
-
Rejected IP or E-mail: Error message displayed to the user, if their IP or e-mail is blocked. Keep this simple and generic, to keep them from knowing why they are being blocked.
-
Form field name for math problem: This field name contains the user’s answer to the math problem. Periodically change this, to keep the bots away. The initial value is randomly-generated.
To Block an IP address
- In the WordPress Dashboard, go to “Settings…Discuss”
- To block all or part of an IP address, add it on its own line to “Comments Blacklist”
- To block all or part of an e-mail address, add it on its own line to “Comments Blacklist”
- Click “Save”
(For more details, see Examples)
Screenshots
-
#6/19/2014: Spammer, caught live!#
-
#I don’t think “Tanesha Kessler” lives in Romania#
-
#BLOCK the whole network#
-
This is what the user sees during registration. Note the math problem in line 3.
-
This is what the user sees if registration fails. Note that the red text in the upper-left is NOT displayed
-
Once successfully registered, the user’s IP address appears in the website field. Note that the red text is NOT displayed.
-
Admin options screen