Feature #3692
closedTighten registration security on commonsinabox.org
0%
Description
Hi Boone,
Can you please see if there are a few simple steps (CAPTCHAs, etc) that we can take to make the sign-up process on commonsinabox.org a bit more resistant to spammers?
Updated by Raymond Hoh almost 10 years ago
There is already a BP registration honeypot plugin running on cbox.org.
Here are some other suggestions:
Cookies For Comments + Cookies For Logins / BuddyPress:
https://wordpress.org/plugins/cookies-for-comments/
https://github.com/r-a-y/cookies-for-logins
This is a lightweight combo that is in use on the Commons. Try this first.
Hashcash.io: http://hashcash.io
This works by needing the user to click on an unlock button, which then requires the web browser to solve some mathematical sets and unlocks the form for submission afterwards. This is designed to slow down spammers and to prevent them from performing a brute force attack.
Test out the demo here:
http://wpdemo.hashcash.io/wp-login.php
The WP plugin for Hashcash.io supports BP's registration page:
https://wordpress.org/plugins/wp-hashcash/
Updated by Boone Gorges almost 10 years ago
- Status changed from Assigned to Resolved
Thanks for the suggestions, Ray! The cookie plugins are added in https://github.com/cuny-academic-commons/commonsinabox-org/commit/a41e7e082cb63af28fff8add605cc5c18deb88e0 and are live on the site. I've also hacked together CAPTCHA protection, which is replacing the humanity check https://github.com/cuny-academic-commons/commonsinabox-org/commit/80ed14f78867af034a042a8799525e09650ec98b
Going to mark this resolved. Please reopen if we continue to have problems (though if we do, it's likely that automated solutions won't help much).