My website uses Wordpress and we use a plugin called profile builder for registering new users who can access some more pages than non-registered ones. We have e-mail confirmation feature and do not auto-generate passwords. Lately we are seeing a lot of spam user ids being created. They never access the site. I wanted to know what possible benefit they might be getting by registering on our site and if we should delete off such ids. Is there any way to prevent it from happening.
In my experience, comment spammers generally sign up for the sole purpose of posting comments that ostensibly contain generic comments about the post (such mundane remarks as "wow this is really interesting"), but the real purpose is for them to post links to their websites in the hope of boosting their search engine ranking. If they're registering but not returning it could be some bot that's trying to perform automatic registrations in the hope that it can go on to automatically post comment spam.
To prevent it from happening, you could try adding a Captcha to your registration process, if that plugin will allow it.
If you find yourself getting comment spam then there's always the askismet plugin.
You have to install stop spammers plugin. If you didn't like it then you can choose one of these, Sabre, Growmap, wangguard. :)
Related
I have a question about multi-vendor e-commerce portal.
Sellers offer particular offer for a time-being. For each offers, a new webpages are created, they are listed in site-map and crawled by Google.
My client doesn't want to show those pages once the offer is expired. So how to setup an auto-expiration of those web-pages? I am looking for the methods for asp.net technology. Can I achieve it using HTTP header, or do I need to do something with database and server query?
Once those pages are expired, then should I remove from sitemap? How does that affect in Google's indexation? Are those pages show up under 404 errors in Google Search Console? If yes, then after a few months, there will be a long list under 404 errors.
I think so that it's a valid concern for all e-commerce store who provide such offers.
What I would recommend is to create a single page for your offer and post all your offers on that page which would redirect to that particular page and once the offer has expired then remove it from that main offer page and to some extent it would resolve your indexing issue too.
Hope so that it would help you out.
If you still have any concern please feel free to ask.
One of the methods to do this, is to add an expiration date for each web-page and expire those pages after that date.
I want to call Facebook's Graph API from the client to READ public posts on a page using a permanent Page Access Token. I'm curious if this is safe (or how to make it safe). From everything I've read and tried, an access token is required to perform this operation and none of Facebook's other functionality will suit my needs (see background below).
https://developers.facebook.com/docs/javascript/reference/FB.api/ suggests that it is safe to expose Page Access Tokens to the client, but I'm suspicious they're lying to me.
Background:
I'm working with a group that wants to display some posts from their Facebook feed on their WordPress website. They don't want to display all posts, but rather filter them based on a hashtag. I don't know a ton about WordPress, but I'm guessing I can't implement custom back-end API calls on a WordPress site. Please suggest any alternative solutions that you might have!
Access Token are like house keys, you NEVER leave them in front of the door. Which means, you should NEVER hardcode any Access Token. No matter if it is an App, Page or User Token. The docs do not state anywhere that it is ok to expose tokens, they just state how you can use a Page Token on that page in your question - but you cannot just hardcode it on the client.
Vulnerabilities: Without extra permissions, this would be more like a privacy issue, because you can get a lot more info with a Page Token (as the Page owner) than with a simple App Token.
Of course it is possible to do that kind of backend-calls with wordpress. And it would be the far better way, i think.
First you can use the WP-Cron to time your Facebook-Calls. You could create a Cron-Job every hour or so.
WP Developer Scheduling WP Cron Events
Wordpress Codex wp_cron Function Reference
Kinsta Knowledgebase Wordpress Cron Job Tutorial
If you work first time with the WP-Cron have one thing in mind: WP-Cron depends on Site-Activity to be run. So if there is no Traffic on the Wordpress-Site, no Cron-Jobs are run. Here is a link how to add WP-Cron to your systems cron, so your API-Call will be called every time you intend to:
WP Developer Hooking WPCron into System Task Scheduler
The Cron-Job than can use the Wordpress HTTP API to do the call. You should check the Docs on the HTTP API and the wp_remote_request function in special.
Wordpress Codex HTTP API
WP Developer wp_remote_request Reference
Or you could install the Facebook SDK with your Theme/Plugin.
I'm not sure about the security impacts when using a Page Access Token on the Client, but it seems to me, that it would be a better way to do that kind of job.
I am working on a symfony 2 project where the user should be able to use payments via PayPal and Sofort.com.
Yet i have implemented paypal payments which i managed successfully.
But i am stuck with sofort.com. I have searched the web for tutorials but i can hardly find anything.
I've read through their API and integrated their PHP SDK. But i dont get how get on.Maybe someone here has worked with it, and can help me out what to do next.
That would be really cool
Can somebody help me point in the right direction with it? i would be really thankful.
You have to download the Sofort SDK from their website which is here.
Then in their example folder you'll find two files: example.sofortueberweisung.php and example.transaction.php.
The example.sofortueberweisung.php shows you how redirect the user with specific values to the payment page.
The example.transaction.php shows what to do in the notify action.
After the payment is completed the user will be send to the success link.
Sofort sends transaction data to the notify action which you can process.
If the user aborts the payment he or she will be forwarded to the abort link.
Its so super easy to implement it, i think imo its much easier then paypal.
Hope it helps people out.
You can try to use Omnipay library from ThePHPLeague, which provides a common interface to easily create a custom gateways. Also there is a symfony2 bundle which provides a wrapper for that library.
I am using Disqus, and I'm trying to find a way for commenters to receive notifications of replies to their comments (or new comments) without registering with disquis. If using native wordpress comments people can check the little box that says "receive notifications" and receive messages when there is a new comment. However, when using disqus people have to register to receive those notifications. Many commenters don't want to register for another service, so people aren't getting notified. Is there any way to make it easier for people to get notifications?
After researching and talking with disqus, this can not be done. As a free service they want to direct users back to their site to set up an account in order to get features such as comment replies. I've decided to go back to wordpress native comments.
I want to provide chat facility to my website visitors. This should be same as google chat (person to person communication). Are there any free tools available to integrate in the website? Or is there any way that we can use Google Chat's API and can integrate in our website?
Pls help me.
You can embed google chat into your web page, instructions here
I think a reasonable approach would involve opening an iframe that talks to a dynamic page. The dynamic page would be auto-refreshed by two or more clients and continously post to/read from a table that stores the ID of the session, timestamp, user name(or IP), and message for the chats. The ID of the session would correspond to the dynamic page ID and bob's your uncle.
I'm sure there are various implementations floating around, but I'd want to control this on my own. No user accounts required if you set it up correctly, thought finding other users may be an issue without accounts.
There are a lot of good embeddable chat widgets you can insert into a page fairly easily that do all the work for you.
I've tried out a few of the ones listed in the link above (mostly MeeboMe and Geesee) and don't have any major complaints. With that many choices you should be able to find one that meets your needs. Most don't even require a login.