No spam protection(captcha) for a comment subscription form
Please, help me to fix the issue related to a comment subscription form. I am getting a lot of spam messages(comment subscription notifications) last weeks because bots with random emails are trying to subscribe on the comments. Ideally I want to have a captcha here. But seems I only have an option to disable subscription bar completely to avoid these spam subscriptions.
I also saw there is "Invisible spam protection" feature available but I am not sure it will work in comment subscriptions.
I'm really sorry but there is no option to add an antispam protection to this form yet. We're going to work on this, and make it available as soon as possible. Probably we'll add it in next version release.
Thanks Tom. I'll be waiting impatiently
Hey guys, I just saw the latest changelogs(5.1.6/5.1.7) and there is no fix for missing spam protection on a comments subscription form. Is it scheduled for a next release?
Hey guys, I just checked the changelog for v5.2.0 / v5.2.1 and there is no spam protection on a comment subscription form. Is it scheduled for an implementation at the nearest time(month-two)?
Thanks for letting me know - I'll try out the new functionality.
I checked my install and there is one interesting thing. When I created this issue I had wpDiscuz version 5.1.5. But this version already have WP nonces on comment subscriptions.
Does it mean that WP nonces don't work in our case?
The second important question: is there an ability to add a captcha field to the subscription form? Maybe some code hook or action? So not only to add a field but also have an ability to validate on a back-end?
Does it mean that WP nonces don't work in our case?
Could you please explain what you mean saying "don't work in our case?" How you've checked it?
is there an ability to add a captcha field to the subscription form? Maybe some code hook or action?
I'm sorry, but there are no any hooks yet. We'll take it into consideration for sure.
When I said "don't work in our case" I meant this doesn't prevent us from getting spam messages. Not sure how they did it, is it robots or human but since we enabled subscriptions bar on a comment form we are getting a spam again.
I am right that the only suggestion here is to disable subscriptions bar entirely?
this doesn't prevent us from getting spam messages
Please explain step by step. How you get an email notification? So if users subscribe to any post you get an email notification?
The problem is that anyone can submit any fake email address in a comment subscription form. That's wht we're getting hundreds of subscription confirmations from fake email addresses.
Answering your question: Not sure why I am getting all these messages but maybe because I am a post author so I can see all the activity on an article. Is there any options to control this?
There is my setup:
There is a possible explanation of how the did it:
Actually I have two questions:
- Can I stop to receive these subscription confirmations on email?
- Is there ability to request a captcha to be added on a comment subscription form?
Please note wpDiscuz doesn't send any email notifications to post author, admin etc. when someone subscribes to replies. Please deactivate all plugins except wpDiscuz) and check again.
We keep receiving emails saying specifically that they're a confirmation to comment subscription:
You just subscribed for new comments on our website. This means you will receive an email when new comments are posted according to subscription option you've chosen.
To activate, click confirm below. If you believe this is an error, ignore this message and we'll never bother you again. "
It is accompanied with confirm & cancel subscription links and a link to the post where the subscription took place. The problem is, we get a lot of these and many email addresses in them make no sense.
We've also tested this manually and subscribing to comments does send an email like this one to our email account.
Some time ago we deactivated comment subscription in wpDiscuz settings and the emails stopped arriving (we re-activated it after the initial feedback in this thread).
wpDiscuz is the only comment plugin that we use on our site.
Also, to be clear - I tested this myself, directly on the site.
I went into a random thread, I manually subscribed to comments with a separate email and, immediately - this email gets sent.
I've done that several times, just to be super sure - the email is always being sent.
Does that help clear things up?
I have an update here.
So we discovered that this issue is related to spam messages and happens only when someone enter invalid email address in a comments subscription form. Next, our Post SMTP plugin is trying to deliver email to a receiver but it's failed - that's why we are getting all these spam messages.
Since it's clear why we have this problem my last question here is can you please add a captcha to a comment subscriptions bar? This will help us to filter all these errors.
I found this thread because I am having the same problem. It got so bad with all the bad emails that G Suite (Gmail) disabled my account because of sending spam. Thankfully I got it enabled, but I need to stop this problem.
The database table for subscriptions had thousands of email addresses which were obviously from spam email addresses. I have cleaned up that table but in the process of doing so, I know I lost some valid emails because I was not going to manually go through thousands of emails to try and determine valid ones.
At the moment, I have had to disable the subscriptions so this problem stops.
When can we see captcha to avoid this problem in the future so we can use this useful feature?
Sure this is already added in the wpDiscuz 7 version. You can download and check it: