I am hoping someone can point me in the right direction with this one.
We are running a mildly busy WP/Buddypress site. We have an issue with members registering, and confirming their emails. Then something will go wrong with their email address. From then onward, ever activity, every message, everything that user does, generates a bounced mail. Multiply that by a few hundred thousand members, and that's a lot of bouncing mails filling up our inboxes.
At the moment, I am pointing those member emails to a black hole address, and messaging them in an attempt to get them to sort their emails out. But that is quite time consuming, and many users just carry on regardless.
We are about to add a real time email verification to the registration. This will help a bit. But it won't help for users who's emails hit problems after they have registered.
Whenever I've built systems sending out mails to users, I've always included a 'dead mail' function on user accounts, to deal with this very situation. I thought this was common practice, but maybe not.
I have already posted on the Buddypress forum, with no response. I've scoured the web looking for solutions, but can find nothing relevant.
If anyone has experience with this, or has some ideas about how best to handle this, your feedback would be greatly appreciated.
Many thanks :)
Related
I work for an advertising agency working with several clients who we are building and managing wordpress websites for. One issue that arises every time with a new install, is the issue with emails not sending/receiving. We usually solve this by installing an SMTP plugin and set it up using the clients Office 365 email account or whatever provider they have.
The problem is that this is a little time consuming, as well as some of our clients either don´t want to give away their account information/they don't know their account information/they change passwords and forms stop working.
We need a stable email solution that we can use on a wide spectrum of client pages, and that we hopefully don´t need to set up every time we make a new webpage. Does anyone have any solutions/suggestions for this?
Any help would be greatly appreciated.
Before I get into the recommendation, WordPress should use your servers default sendmail configuration so it’s possible something is misconfigured here as it should work out of the box.
But if you want something a little more bulletproof I recommend SendGrid.
One of the problems with all your sites using the same mail server is if one is blacklisted for something the others go down. With SendGrid, which is free for 10k send a month I think, you can issue an api key for each site and if one has an issue it you can easily identify it in SendGrid.
I have setup dozens of API Keys and the plug-in. It’s fast and simple and takes about 5 minutes in total. They have great delivery, detailed reports and are cheap even if you need a lot of sends.
You can Signup for an account and use the SendGrid plugin from the Wordpress repository.
I have a wordpress website, there i have a plugin which shows me when a login attempt has been made way to many times.
it shows me someone has been trying to login with the username:
{login}
failed 7 times.
What does this mean? should i be worried that someone is trying to hack the website.
Thanks in advance.
Kevin
It simply means someone or something (a bot/script) has attempted to log into your account. Seven times is not a lot, provided you're not using extremely stupid username- and password combinations; the chance of anyone being able to access your site should be small.
If the issue continues though, you may consider applying some form of two factor authentication, such as Google Authenticator, for which a plugin is available. Requiring such time-limited access-codes for each login should pretty much guarantee that nobody will be able to access your site (at least not without stealing your phone first...).
I'd like to register all of our staff to have gravatars. They are an unreliable bunch, so if I ask them to sign up for one it would take about 6 months to get to 50% completion.
I could use selenium to drive the website to sign everyone up, then simultaneously reconfigure the spam filter to collect all the confirmation emails, then go back over all of those emails and confirm the accounts. But that feels like a very dirty hack.
This question mentions a similar need, but there isn't an answer.
Does anyone know if there is a better way to sign up for a lot of gravatar accounts in one go?
Gravatar protects itself from spamming their registrations system by using email confirms.
Besides, you're breaking their TOS by trying to automate signups.
Best thing to do is take the management approach - this is more of a management issue than programming - and tell your staff they are required to get a Gravatar, or 1) they don't get their daily Gummy Bears, or 2) they're fired.
I want to prevent users from voting more than one time in my website, I used two methods to do that, but no one do that well !!
using cookie.
the problem : users can delete the cookie and return to vote again and again ..
using database table.
The problem : users shouldn't forced to register in my website !
So, How i can solve this problem ?
You have your two answers, you need to decide which is best. No option is going to be bulletproof. It's all about slowing them down, and what level of effectiveness is acceptable for you.
A cookie is generally the acceptable way to do this. Yes, cookies can be cleared, but if the desire to prevent duplicate voting is that important, than registration is the only effective way to prevent it. Any other mechanism could probably be beaten by those that want to. You could use something like Evercookie, but I don't generally think it's a good practice to do so. If you make your registration process simple, but effective, some users will do that.
An IP address is just as flawed as most redisential IPs are not statically assigned. Someone could reset their modem, and get a new IP address. Or worse, someone could reset their modem, get an IP address that has already visited the site, and be unable to vote. Another scenario is users behind NAT. If 200 people are sharing an IP with NAT, then only one of them will be able to vote.
You could get creative with the IP address though. Keep using the cookie, because that will be effective. If you start detecting multiple votes from the same IP address (because they cleared their cookies), display a CAPTCHA. If it isn't someone trying to abuse the system, then they still get the opportunity to vote. This will help defeat automated voting, and slow down users enough that abusing your voting system isn't worth their time. This as well, can be defeated, it's what level of effectiveness is acceptable to you. Even registration isn't purely 100% effective, but probably the most effective. What would stop someone from registering many times with different email addresses?
I dont think you have many options as you are not forcing users to register. You need to use session or cookies. As pointed out in comments you can also check the IP Address. But if intended audience uses dynamic IP address assigned by their ISP, then this solution also failed.
If possible you can ask user to registered with their facebook/google id, like stackoverflow is doing
There isn't an infallible way to accomplish what you want from a web application and specially without requiring users to register.
This site (Stack Overflow) does it right, by registration. IP is a really bad idea because all the folks behind a proxy/server can't vote. Most folks have mulitiple browsers, you don't even need to delete the voting cookie to vote again, just use another browser. As mentioned, OpenID is the lowest impact + highest security route. They can get around that via multiple accounts.
I was wondering if it is even possible to interact with other websites using my own.
Here is the scenario:
Lets say I have a Lockerz account, which is a place where you do daily tasks to earn points. Once a month you can redeem those points to get prizes such as an ipod, macbook, or other items. I know that sounds rediculous, but stay with me.
For someone to gain membership to this website they must be invited by a member. So I get your email address then log in to my account, then send you an invite from there.
What I want to do is create a website where a user enters their email into a textbox and presses a submit button. From there the program, behind the scenes, sends my login information, and the users email address to lockerz and sends the invite. All without ever leaving my site.
I have worked with ASP.NET with VB codebehind for a while now, so I understand the basics of that. I am just wondering if what i want to do is even possible. If so, can someone redirect me to a tutorial or guide of some kind that will give me a basic knowledge on this.
Thanks
You'll have to work down at the HTTP level, sending POST and GET requests.
Fortunately, .NET has the WebRequest and WebClient classes to help you.
WebClient would probably be your best starting point... But I would hang on a second.
Websites like this tend to employ some pretty intense fraud-protection. Banning, blocking or at least ignoring actions when multiple accounts use one IP, or otherwise do things in a predictable pattern.
WebClient isn't going to load up the JavaScript either so you might you can't access required parts of the page.
Either way, you don't need to do this on your webserver - I'd start off by writing it initial connect code locally as a simple script. It'll make testing it a lot faster.