Skip to:
Content
Pages
Categories
Search
Top
Bottom

Random signup slug generator to fight spam

  • Avatar of zageek
    zageek
    Participant

    @zageek

    Heres an idea I had. Why not create a plugin that generates random slugs for the sign up page, I would write it myself because I have an idea of how I want to implement it, but I don’t have the time.

    Any takers.

    I tried the approach of changing my signup slug to a new one and it worked for a while but suddenly the spammers are back again. I think they have figured out this trick and they possibly manually have someone go to the site and find the new slug, or they have found a way to bruteforce find it.

    If we can have a sign up slug that randomly changes to random strings its going to seriously irritate the spammers and make their job harder.

    I’m sure some users won’t want to use this because they will want a fixed slug for loggin in perhaps for search engines to find, but many users could get away with this and have a nice link for logging in.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Avatar of danbpfr
    danbpfr
    Participant

    @chouf1

    If you change the signup slug, ie. from to signup to regme, probably that this can be found easely by spammers. But if you change signup to bolimp or domybest or f_12gt_99xpm, probably not. And building a random letter word constructor to spam a wp install is probably too much also… As far as i know, the majority of wp users never look into the code. And robots like majority…

    Anyway, the signup table would still exist… and accessing a db is not impossible at all i presume. So the only thing to change is the table name, 6 x by day if necessary. And this is not simple at all.

    Happy coding !

    Avatar of Mike Pratt
    Mike Pratt
    Participant

    @mikepratt

    I have been running BP in Production since well before the 1st alpha release on the same url with the exact same registration slug AND requirements. Nothing is protecting on my site any more than a standard install – no captcha, etc. I can count on my hand the number of spam attempts to register. They are so few, I just delete them and use BanHammer once they try.

    How? We have a specific (albeit small) set of required registration fields to fillout. That’s all. I love siple and fast registration as much as the next guy but, unless you want to enforce email address verification and a bunch more, those are your real options.

    Changing the slug will work until it doesn’t …which won’t be very long. Consider how that spammer found you in the first place…with a bot – not by randomly coming across your site.. and just like in the matrix, the bots will find you again. :-)

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.