29 pointsStarting to get into this DEV thingI'm new here
Jason
Member
—
26th May 2011 (12 months ago)
hi,
i realize anti-splog is solely for stopping spam blog creation. i don't see a plugin which would prevent spam user creation.
from what i see on the forums, it's a very widespread issue. in anti-splog, i see the option to rename the signup file, but i can't find any documentation of which file(s) to edit to "Replace any hardcoded links to wp-signup.php." i'm using the daily theme. i searched within files and wasn't able to find any links. i'm still in the rookie class though.
i've gotten several of the higher rated captcha plugins available from wordpress, each has its benefits, but nothing seems work completely for what i want. i simply want a bot-catcher on my signup page, i don't care if it's cats or text. seems simple enough. "wpmu super captcha" was the closest to actually meeting the challenge, but it still displays the random-character captcha that comes preloaded, even though i've completely re-worked it to include only my words (my words show up properly, as well as the randomness occasionally). also, it fails to load on about every 5th page load, first 4 times (approx) are fine. i know it's "wpmu" not "wpmu dev" so i don't expect you guys to troubleshoot it.
i really think that a plugin specifically created to stop spam user registration would be very widely appreciated.
any one have other thoughts? as i said, i'm still new to this, so i could be missing something. :)
i realize anti-splog is solely for stopping spam blog creation. i don't see a plugin which would prevent spam user creation.
from what i see on the forums, it's a very widespread issue. in anti-splog, i see the option to rename the signup file, but i can't find any documentation of which file(s) to edit to "Replace any hardcoded links to wp-signup.php." i'm using the daily theme. i searched within files and wasn't able to find any links. i'm still in the rookie class though.
i've gotten several of the higher rated captcha plugins available from wordpress, each has its benefits, but nothing seems work completely for what i want. i simply want a bot-catcher on my signup page, i don't care if it's cats or text. seems simple enough. "wpmu super captcha" was the closest to actually meeting the challenge, but it still displays the random-character captcha that comes preloaded, even though i've completely re-worked it to include only my words (my words show up properly, as well as the randomness occasionally). also, it fails to load on about every 5th page load, first 4 times (approx) are fine. i know it's "wpmu" not "wpmu dev" so i don't expect you guys to troubleshoot it.
i really think that a plugin specifically created to stop spam user registration would be very widely appreciated.
any one have other thoughts? as i said, i'm still new to this, so i could be missing something. :)
to accommodate anti-splog signup file renaming, i deactivated buddypress and enabled the renaming feature. when i hit the button to sign up on the live site, i get "The signup page location has been changed." url shows: http://yeselcampo.com/wp-signup.php -- even in browsers i haven't used in weeks.
"To use this you may need to make some slight edits to your main theme's template files. Replace any hardcoded links to wp-signup.php with this function: <?php ust_wpsignup_url(); ?> Within post or page content you can insert the [ust_wpsignup_url] shortcode, usually in the href of a link. See the install.txt file for more detailed documentation on this function."
i realize it says "may need to make some slight edits" but if my page link is broken, with the url still pointing to the original location, wouldn't that say that there's a hardcoded link in there? also, these are the only instructions for that portion of anti-splog, there's no install.txt in the zip file as it says there is and within the installation instructions on the plugin's page, it's not very detailed (step 10).
Spam users are generally not an issue on multisite, as they can't post anything. I don't get many spam user registrations, just blogs.
Note Antisplogs signup protections (captcha, cats, etc) also protect user singups so your already there. Spam users can be an issue in BP though as they can spam the activity stream and stuff like that. Antisplog does scan the activity stream.
well, thanks Aaron, i'd have to assume you were replying to my first comment. my last post was specifically about anti-splog moving the file but the link to the file's broken.
main problem: spam user registration, 10 per day and the site isn't up yet.
solution: anti-splog - rename signup file
new problem: link in theme is not pointing to the new location of signup file.
just need to know where to make the change for the link.
and yes, i would search within the files too, as i did, which led me to create this thread.
i found a few references to wp-signup.php within wp-includes folder, which i didn't think would be the correct place, since if it truly was correct, then the instructions would surely say which specific files to change, since ms-*.php files within wp-includes have gotta be standard install files and should be edited with caution, at least it seems to me. i made some test changes, the link/button to sign up within the theme remains pointing to the default location.
for instance ... in ms-functions.php:
function signup_nonce_check( $result ) {
if ( !strpos( $_SERVER[ 'PHP_SELF' ], 'wp-signup.php' ) )
i realize it says "may need to make some slight edits" but if my page link is broken, with the url still pointing to the original location, wouldn't that say that there's a hardcoded link in there? also, these are the only instructions for that portion of anti-splog, there's no install.txt in the zip file as it says there is and within the installation instructions on the plugin's page, it's not very detailed (step 10).
better instructions would be very helpful, i just need some guidance. this seems kinda far from simply activating the plugin with "little to no code to edit."
just need a quick hand to find which files need to be modified for anti-splog signup file renaming, using Daily theme, wp 3.1.2. see my last post for details. :)
This is not tested but it should do the trick to change the singup link. Please let us know how it goes. Please add the following to your theme functions.php or create a new plugin and add this to that.
thanks for taking another look at it. still can't get it to change from the default link location, button still links to the old wp-signup.php location.
anti-splog is definitely working, it's changing the location properly, as well as properly generating the error when the file is requested from the original location. i think changing the file location is an awesome work around against spam signups.
seems to me, if we can find which variables the daily theme is using for the link/button, then we can modify those to the correct variable. maybe? :)
i should have also mentioned that the daily theme has an entry to modify the location of the signup page, to a custom page. "Enter a custom page if you've created one for your login"
i tried adding the proper code in there, it appends the contents to the url, so it shows "http://domain.com/[ust_wpsignup_url]" or however i add it, when specifically entering "[ust_wpsignup_url]".
could this field be used to get around the issue of the sign up link/button not updating to reflect the new file location?
wow, guys, seriously, if this is a weird request, just say so.
"you may need to make some slight edits" -- if you can say "slight edits" you should be able to tell me which files need to be slightly edited. that's the whole reason your users stay with you, because everything's pretty much already done, except for "slight edits," which usually are just that.
why is this being ignored?
not cool to just leave me hanging for days on end, with no updates.
Not to be solicited, but you folks can check out CloudFlare. This hybrid CDN can help block some spams I think! In their system, they allow you to block spams and so on. By the way, I've no relation with CloudFlare! Oh, it's free to use CloudFlare, but you can also upgrade to their Pro account where several more cool features will be activated on upgrade! It's pretty easy to use it too. Just change domain name servers to point to CloudFlare's ones, and that's it! Takes around couple minutes to do so!
I did a proper test and I can't reproduce the issue you are describing. Did you by any chance move wp-login.php as well or add a hard link to wp-signup.php ? Can you please post a link to your site to help you better?
http://yesedna.com -- this domain isn't being used yet, so i've got it as a test.
i just did a basic install of wpmu, with the basic daily theme options, with anti-splog configured to move wp-signup.php to a new location every 24hrs. no other themes or plugins installed.
i should mention again: i'm fine with using the daily theme's option of specifying a custom login page, if there's a way to drop code in there to fix it. i just want it resolved.
well, that's the first time i see any reference to wp-login.php.
i added simply wp-login.php?action=register to the daily theme's option of specifying a custom login page.
it works!
not only does it fix the anti-splog file-relocating issue, it also works when anti-splog isn't enabled to even move the file. seems that this is a great fix which should be included in some instructions somewhere.
with that single line of code, it makes the sign up work with anti-splog file-relocating and also works whether anti-splog is installed or not. maybe a good idea to change the code of the theme to include the workaround?
i'd say more people need to be aware of this, it solves exactly what i've been trying to fix.
Thank you for your patience in making this work, Mohanjith!
Jason
Jason, I want to understand this too! So, you just need to add wp-login.php?action=register to where? This will work without anti-splog too? Any theme will work with this method?
so, i haven't tested it with other themes, but, it works with or without anti-splog in the Daily theme.
it's easier to make it work than i expected, since the Daily theme has an option to specify a "custom login page" (i'd kinda expect every theme to have it, but i haven't checked others). in that field, i added the following: wp-login.php?action=register
that takes the site's url and appends the above line at the end, making it http://yourdomain.com/wp-login.php?action=register -- to me, this works since it's saying it needs a login AND a register, it defaults to register (i could be wrong on exactly why it works).
through my research, i found wp-signup.php is something spam bots target, usually only in the default file location. anti-splog has an option to move the file every 24hrs to keep the bots guessing, but the link/button in the Daily theme is hardcoded somewhere to point to wp-signup.php. i liked the option of moving wp-signup.php (i never found any reference to wp-login.php until the post by Mohanjith), since i was getting about 10 spam users per day on a not-live-yet site. the "wp-login.php?action=register" fix solves the problem by routing the browser to the correct file location when using anti-splog file-moving, and lets the normal wp-signup.php get called when not using anti-splog.
before i got the code for wp-login.php, i reinstalled wp on my site, to start fresh, and had 2 spam users sign up within 12hrs. after making the change to point to the correct file location, i've had 0 spam users in over 24hrs.
again, this is proven strictly within the Daily theme. the typical disclaimers apply: your mileage may vary. also, i haven't seen any response from wpmudev, so i'm not 100% sure that it's a viable fix for everyone.
good luck, i'm happy i could help. hit me up if i can do anything else. :)
Responses (20)
Sales & Support Pro — 26th May 2011 (12 months ago) #
Hiya!
Spam is always a problem and one that rarely goes away. We can only try our best!
You don't need to edit any files - anti-splog takes care of that thanks to the way WP works.
I think you'd do well to check out this thread which gives an excellent round up of a bunch of ways to protect your site from spam: http://premium.wpmudev.org/forums/topic/how-i-stopped-splogs-and-spam-and-a-suggestion-for-the-wpmu-dev-folks
Cheers,
Phil
Member — 26th May 2011 (12 months ago) #
thanks for the very quick response, Phil!
to accommodate anti-splog signup file renaming, i deactivated buddypress and enabled the renaming feature. when i hit the button to sign up on the live site, i get "The signup page location has been changed." url shows: http://yeselcampo.com/wp-signup.php -- even in browsers i haven't used in weeks.
"To use this you may need to make some slight edits to your main theme's template files. Replace any hardcoded links to wp-signup.php with this function: <?php ust_wpsignup_url(); ?> Within post or page content you can insert the [ust_wpsignup_url] shortcode, usually in the href of a link. See the install.txt file for more detailed documentation on this function."
i realize it says "may need to make some slight edits" but if my page link is broken, with the url still pointing to the original location, wouldn't that say that there's a hardcoded link in there? also, these are the only instructions for that portion of anti-splog, there's no install.txt in the zip file as it says there is and within the installation instructions on the plugin's page, it's not very detailed (step 10).
i'm kinda confused.
Jason
Lead Developer — 26th May 2011 (12 months ago) #
Spam users are generally not an issue on multisite, as they can't post anything. I don't get many spam user registrations, just blogs.
Note Antisplogs signup protections (captcha, cats, etc) also protect user singups so your already there. Spam users can be an issue in BP though as they can spam the activity stream and stuff like that. Antisplog does scan the activity stream.
Member — 26th May 2011 (12 months ago) #
well, thanks Aaron, i'd have to assume you were replying to my first comment. my last post was specifically about anti-splog moving the file but the link to the file's broken.
main problem: spam user registration, 10 per day and the site isn't up yet.
solution: anti-splog - rename signup file
new problem: link in theme is not pointing to the new location of signup file.
just need to know where to make the change for the link.
thanks again!
Jason
Lead Developer — 26th May 2011 (12 months ago) #
What theme? I would just search for wp-signup.php in my theme files.
Member — 26th May 2011 (12 months ago) #
and yes, i would search within the files too, as i did, which led me to create this thread.
i found a few references to wp-signup.php within wp-includes folder, which i didn't think would be the correct place, since if it truly was correct, then the instructions would surely say which specific files to change, since ms-*.php files within wp-includes have gotta be standard install files and should be edited with caution, at least it seems to me. i made some test changes, the link/button to sign up within the theme remains pointing to the default location.
for instance ... in ms-functions.php:
in ms-settings.php:
$destination = 'http://' . $current_site->domain . $current_site->path . 'wp-signup.php?new=' . str_replace( '.' . $current_site->domain, '', $domain );better instructions would be very helpful, i just need some guidance. this seems kinda far from simply activating the plugin with "little to no code to edit."
Member — 27th May 2011 (12 months ago) #
just need a quick hand to find which files need to be modified for anti-splog signup file renaming, using Daily theme, wp 3.1.2. see my last post for details. :)
thanks!
Jason
Developer — 29th May 2011 (12 months ago) #
This is not tested but it should do the trick to change the singup link. Please let us know how it goes. Please add the following to your theme functions.php or create a new plugin and add this to that.
If you have any issues please do let us know.
Member — 29th May 2011 (12 months ago) #
thanks for taking another look at it. still can't get it to change from the default link location, button still links to the old wp-signup.php location.
anti-splog is definitely working, it's changing the location properly, as well as properly generating the error when the file is requested from the original location. i think changing the file location is an awesome work around against spam signups.
seems to me, if we can find which variables the daily theme is using for the link/button, then we can modify those to the correct variable. maybe? :)
thanks again, whoever's reading this.
Jason
Member — 29th May 2011 (12 months ago) #
i should have also mentioned that the daily theme has an entry to modify the location of the signup page, to a custom page. "Enter a custom page if you've created one for your login"
i tried adding the proper code in there, it appends the contents to the url, so it shows "http://domain.com/[ust_wpsignup_url]" or however i add it, when specifically entering "[ust_wpsignup_url]".
could this field be used to get around the issue of the sign up link/button not updating to reflect the new file location?
Jason
Member — 1st June 2011 (11 months ago) #
not sure when this got marked "resolved," it's not. this seems simple to me, at least it's gotta be to a developer.
Member — 2nd June 2011 (11 months ago) #
wow, guys, seriously, if this is a weird request, just say so.
"you may need to make some slight edits" -- if you can say "slight edits" you should be able to tell me which files need to be slightly edited. that's the whole reason your users stay with you, because everything's pretty much already done, except for "slight edits," which usually are just that.
why is this being ignored?
not cool to just leave me hanging for days on end, with no updates.
Member — 2nd June 2011 (11 months ago) #
Not to be solicited, but you folks can check out CloudFlare. This hybrid CDN can help block some spams I think! In their system, they allow you to block spams and so on. By the way, I've no relation with CloudFlare! Oh, it's free to use CloudFlare, but you can also upgrade to their Pro account where several more cool features will be activated on upgrade! It's pretty easy to use it too. Just change domain name servers to point to CloudFlare's ones, and that's it! Takes around couple minutes to do so!
Developer — 2nd June 2011 (11 months ago) #
I did a proper test and I can't reproduce the issue you are describing. Did you by any chance move wp-login.php as well or add a hard link to wp-signup.php ? Can you please post a link to your site to help you better?
Member — 2nd June 2011 (11 months ago) #
i really appreciate your help, Mohanjith.
http://yesedna.com -- this domain isn't being used yet, so i've got it as a test.
i just did a basic install of wpmu, with the basic daily theme options, with anti-splog configured to move wp-signup.php to a new location every 24hrs. no other themes or plugins installed.
new file location as specified automatically in anti-splog:
http://yesedna.com/signup-3e7/
button (to sign up from homepage) links to default location:
http://yesedna.com/wp-signup.php
results when you click the button:
The signup page location has been changed.
the error about the location being changed is from anti-splog, so it's working.
is this really as easily corrected as i would guess it to be?
thanks again,
Jason
Member — 2nd June 2011 (11 months ago) #
i should mention again: i'm fine with using the daily theme's option of specifying a custom login page, if there's a way to drop code in there to fix it. i just want it resolved.
Developer — 2nd June 2011 (11 months ago) #
Did you try http://yesedna.com/wp-login.php?action=register ?
Member — 2nd June 2011 (11 months ago) #
well, that's the first time i see any reference to wp-login.php.
i added simply
wp-login.php?action=registerto the daily theme's option of specifying a custom login page.it works!
not only does it fix the anti-splog file-relocating issue, it also works when anti-splog isn't enabled to even move the file. seems that this is a great fix which should be included in some instructions somewhere.
with that single line of code, it makes the sign up work with anti-splog file-relocating and also works whether anti-splog is installed or not. maybe a good idea to change the code of the theme to include the workaround?
i'd say more people need to be aware of this, it solves exactly what i've been trying to fix.
Thank you for your patience in making this work, Mohanjith!
Jason
Member — 3rd June 2011 (11 months ago) #
Jason, I want to understand this too! So, you just need to add wp-login.php?action=register to where? This will work without anti-splog too? Any theme will work with this method?
Member — 3rd June 2011 (11 months ago) #
hey argh2,
so, i haven't tested it with other themes, but, it works with or without anti-splog in the Daily theme.
it's easier to make it work than i expected, since the Daily theme has an option to specify a "custom login page" (i'd kinda expect every theme to have it, but i haven't checked others). in that field, i added the following:
wp-login.php?action=registerthat takes the site's url and appends the above line at the end, making it
http://yourdomain.com/wp-login.php?action=register -- to me, this works since it's saying it needs a login AND a register, it defaults to register (i could be wrong on exactly why it works).
through my research, i found wp-signup.php is something spam bots target, usually only in the default file location. anti-splog has an option to move the file every 24hrs to keep the bots guessing, but the link/button in the Daily theme is hardcoded somewhere to point to wp-signup.php. i liked the option of moving wp-signup.php (i never found any reference to wp-login.php until the post by Mohanjith), since i was getting about 10 spam users per day on a not-live-yet site. the "wp-login.php?action=register" fix solves the problem by routing the browser to the correct file location when using anti-splog file-moving, and lets the normal wp-signup.php get called when not using anti-splog.
before i got the code for wp-login.php, i reinstalled wp on my site, to start fresh, and had 2 spam users sign up within 12hrs. after making the change to point to the correct file location, i've had 0 spam users in over 24hrs.
again, this is proven strictly within the Daily theme. the typical disclaimers apply: your mileage may vary. also, i haven't seen any response from wpmudev, so i'm not 100% sure that it's a viable fix for everyone.
good luck, i'm happy i could help. hit me up if i can do anything else. :)
Jason
Become a member