• theawesomeladiesproject

    (@theawesomeladiesproject)


    At some point in the middle of last year, my website had the misfortune of being added to some kind of bot attack list by an extremely persistent group of malicious actors. They weren’t particularly good at whatever it was they were trying to do, but honestly, sometimes that’s even worse, since the annoyance just remains present – not quite too much to really do something about it.

    But it festers. And then, it starts to pop up in weird, frustrating places – putting us over the email cap on our overpriced CRM, making it much more difficult to glean anything from all of our analytics, having some people leak through the countermeasures and bother people over DM.

    I poked around a bit, but it feels like every time I learn more about how to do something in WordPress, I am led down a path that leads to either a clunky and free solution, or one that is ridiculously overpriced.

    Things I tried or used to ameliorate the situation:

    • Captcha
    • Captcha v2
    • Captcha Xtreme
    • Changing the registration flow on the site to require more stringent e-mail verification – this one was very funny, because now the spammers were all stuck in Pending registration instead.
    • Adding a challenge question to the registration form
    • Contacting the multiple software vendors we pay for services for plugin or code adjustments, and, of course, being told – “Good luck with that! Not our problem!”
    • Manually approving new accounts – trust me, absolutely do not do this if you are having a similar problem

    I blocked a few particularly egregious IP addresses once I dug into the logs on my site, but that was like throwing a few grains of sand on a rushing river and expecting it change course. I finally caved and decided to close off my site to a few specific countries with the Caucasus Mountains in them.

    That clearly made them upset, because a few days ago, someone seemed to step on the gas pedal. What was once a trickle of fake registrations over the course of a day suddenly became one new spam registration or registration attempt almost every minute – no longer originating from any particular Oblast, but being routed through compromised machines all over the world.

    My analytics were now totally unusable, my email log was a complete mess, and my website’s resources were being unnecessarily strained.

    In the 48 hours since activating and correctly configuring the plugin for our environment, we have had zero spam registrations. Zero. 0. That’s none. I’m honestly still stunned.

    The website and dashboard the developers have built to use the plugin is perhaps a bit spartan, but is extremely usable and works very well. The packages for subscription are fairly priced for any level of business, unlike the overwhelming majority of other SaaS plugins.

    Trust the absolute flood of positive reviews.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Unfair not to be able to give additional stars’ is closed to new replies.