jonnie45

Sorry – spotted answer elsewhere, the option has been moved out of page attributes and now appears under it’s own header – failed to see it as I was comparing with the v1.4 version and expected to find it in the same place.

@missveronica

Very good.

I will add a spammers log,
which you can view from a WP page via a shortcode,
with date/time, the entered names, email and IP
for follow up like adding spam IP’s to your Wordfence firewall IP block list

Do bear in mind just how many email IP addresses are shared and not unique to a particular user – IP number blocking is a blanket measure that may penalise many other innocent users. For instance some of the cheaper or free email providers use IP as a primary signal in spam blockers with dire consequences for people unfortunate enough to share their outgoing email IP with other customers of that provider – often they will not know this is the case and their rejections are due to other users.

• This reply was modified 4 years, 1 month ago by jonnie45.
• This reply was modified 4 years, 1 month ago by jonnie45.
• This reply was modified 4 years, 1 month ago by jonnie45.

I don’t have a perfect solution. I do not think it is realistic to think that people who write spam bots never visit a site in person to work out their strategy, why would they work in the dark?

If they are serious about their game they will take a look in person from time to time, don’t forget larger sites are sometimes targeted specifically not randomly

Its unlikely there will be an ideal solution, the people who write spam bots are probably as smart as the people writing the protection code, its chess.

* On a similar note if you are concerned about confidentiality should you ever offer a message on a sign-up page to say “sorry someone is already registered with that email address”? If you want to find out if your “faithful” partner is visiting dating / swinger sites or other types of site – you could just visit loads of local dating / swinger sites and try and sign up with your partners email.

Error messages displayed on website pages give information away – sometimes its good information and helpful – other times you are revealing vulnerability or potentially betraying confidences.

How do you advise someone who has genuinely forgotten that they are already signed up with you the reason there is a problem without betraying confidences to interested parties who know them, know their email and want to check them out?

Its not completely rare – I sometimes receive emails from people already signed up saying they cannot sign up.

The best “secure” solution is to send them an email to the email-address they registered with saying “sorry you tried to sign up with us today but you already have an account with us” – of course that only solves irritation and frustration the other end when they next decide to check email – if they are eyeballing their browser with increasing irritation and their email client is not open then you have an annoyed user.

• This reply was modified 4 years, 1 month ago by jonnie45.
• This reply was modified 4 years, 1 month ago by jonnie45.

@jetdv

I run and develop a site with over 30,000 users, I code it myself in PHP (its not a WP site).

A long time ago I added the duplicate name check in my code. It has only done a FALSE negative a few times over the last ten years (to the best of my knowledge – ie based on user getting in touch and explaining they cannot sign up).

In both cases it seemed that either the terms “first name” and “second name” were not understood ( the site is used internationally but we only cater for 5 languages so many users have to deal with a language that is not their mother tongue )….OR…..they were being a bit lazy and used their first name twice or maybe other.

In both cases the issue was resolved via the “contact us” page.

I prefer not to add a note on the signup page “dont enter same name twice” that might alert the people who write the spam bots.

The new breed of bots use names like “JKEOjfrjdfiirpe rfkekigotek” – thats a pain – its not easy to reliably spot random characters in a way that is safe in all languages – humans are really good at spotting random characters but to do it safely algorithmicaly is not so easy.

https://stackoverflow.com/questions/1164186/how-to-check-if-a-string-looks-randomized-or-human-generated-and-pronouncable

You always have to think of the one poor person who through no fault of their own cannot sign up and gets increasingly frustrated and fed up.

Its a tough balance.

Yes but customising the function.php file of a theme is not recommended.

https://premium.wpmudev.org/blog/why-you-shouldnt-use-functions-php/

Found my own answer!
I will post here, maybe it will be useful to someone else

https://docs.ultimatemember.com/article/177-restrict-content-on-a-page-post-to-logged-in-users

Put short codes around the content – in my case the short code for the members page.

[um_loggedin show_lock=yes] This text can only be seen by logged in users [/um_loggedin]

Great! I was hoping there was an easy way to do this – useful short codes.