Lately I've started seeing a lot of users on my website and the usernames/emails seem like spam. I do have captcha as well. What is going on?
kathleenfentonzry tiotelisco1977+fenton8995#outlook.com<br>
kristofertroywtq selfraledig1988+troy7366#outlook.com<br>
mindyrichifnngaeeqe bosspesepe1985+rich1855#outlook.com<br>
Please let me know if I can somehow prevent this.
Thanks
function custom_url_rewrite_outbound(&$path, &$options, $original_path) {
if (preg_match('|^admin(?![^/])(.*)|', $path, $matches)) {
$path = 'user'. $matches[1];
}
}
function custom_url_rewrite_inbound(&$result, $path, $path_language) {
if (preg_match('|^backend(?![^/])(.*)|', $path, $matches)) {
$result = 'member'. $matches[1];
}
if (preg_match('|^admin(?![^/])(.*)|', $path, $matches)) {
$result = '404'. $matches[1];
}
}
Include the above code in your settings.php file. This will replace the paths on your site that contain "user" with "member". This prevented the spam for me.
I use a module called Spambot (https://drupal.org/project/spambot) to prevent spam user registrations on my D6 site. It checks all new user registrations against the spam database at http://www.stopforumspam.com based on IP, Username, and Email. This has stopped 99.9% of the spam registrations I used to get.
We have sites that have the same issue where the captcha is getting beaten. I use Access rules to block certain email addresses that I assume are spam accounts. If that doesn't help the next thing we are using is Mollom to block to spam content. Mollom won't help with spam accounts but it will stop the site from being flooded with spam.
Add re-captcha on registration page!
Related
I'm trying to use the Wordpress API wp_get_current_user(), however it's always returning the 0 user, with empty data. I am on a fresh install of Wordpress and I have just created my own theme and added an API hook.
I see lots of guides/info on grabbing data using Nonce from a separate client/computer, but I'm just trying to get the $user from the same browser that should be already logged in via the wordpress admin interface. I've verified that my browser has cookies set. My understanding of verification is that wp_get_current_user() should be able to use these cookies to verify my user and return data. .
Just to show I am logged into wordpress
This is my functions.php
located under wp-content/themes/myapi/functions/
add_action('rest_api_init', function () {
register_rest_route( 'api', 'test',array(
'methods' => 'GET',
'callback' => 'logged_in_wp',
));
});
function logged_in_wp($request){
if ( is_user_logged_in() ) {
return new WP_Error( 'me', 'me', array( 'status' => 200 ) );
}
return new WP_Error( 'not-logged in WP', 'not-logged in WP', array( 'status' => 400 ) );
}
?>
I'm using the following URL to access the data
http://localhost:8080/?rest_route=/api/test
I'm expecting it to return a me,me,200, instead, i'm only seeing the not-logged-in 400 error.
so what is the difference between localhost:8080 and localhost:8080?rest_route=/api/test that wordpress cannot figure out that I am logged in?
So, I'm guessing since nobody is answering and based on the readings I've done. What I'm asking for is impossible. It seems it is a security response by wordpress. You will need to authenticate even if the user is logged into Wordpress on the same domain/browser.
What do you use to test your request?
Using postman, you can insert useful parameters which will help you on authentication. Hence if you want to logged in using the WordPress Rest api, you must insert information of the current user properly in the section Authorization (Chose basic authentication and inside, fill the username and the password of an existing account (in this case Admin) and try it again.
Here is what i did for an exemple:
Sample image for the authorization which will soon help to know about the current user login
next using
$user_id = username_exists($username);
$user = get_user_meta($user_id);
$response['code'] = 200;
using "get_user_meta(wp_get_current_user()->ID, 'nickname', true);"
you can now determine the current user been logged.
Here in this sample if you make good use of the above information, you can create a good function "logged_in_wp()".
Here is my result on postman
I hope this will help you by the way
My Wordpress site registration email gets into the spam folder.
My client uses an old version of Microsoft exchange without SMTP support.
so I can't send the mails true SMPT. And my servers Pp is not Blacklisted.
Domain:
cottex.se
SPF on the Domain:
v=spf1 mx a ip4:178.62.70.32 ?all
I have not setup DKIM(DomainKeys Identified Mail) Because I can't find how to sign the WordPress outgoing mail with a private key.
I really can't understand whats wrong! the SPF should be enough or?
I would like to recommend test your mail on this website
It show you details about problems on the your mail domain.
Send message to specified email and click blue button.
Please use this code its help you:-
Note: You need to use valid email and name here.
add_filter( 'wp_mail_from', 'my_mail_from' );
function my_mail_from( $email ) {
return "enter yout 'from' id";
}
add_filter('wp_mail_from_name', 'new_mail_from_name');
function new_mail_from_name($old) {
return 'enter your "from name"';
}
wp_mail( $admin_mail, $subject, $message );
I have so far integrated a multisite wordpress that uses 4 main subdomain templates in a single wordpress installation: college.mysite.com | jobs.mysite.com | advisors.mysite.com | answers.mysite.com
A wp user is only required to login once and they inmediately have acccess to any wp template.
However, What I would like to achieve is a bit more complicated than that. I don't want new users and existing members to use wordpress as their main user interface to access private content.
In fact I have disabled registration and hidden wp login altogether.
I would like a more secure and less public signup/login.
For this occassion I would like wordpress to ignore the default login credentials and use instead custom db table names and hashmethod pulled from the same wordpress database.
For instance I have a yii platform called: humhub.
For a user to use wordpress they would need to login through humhub and have wp read the db table names:
user instead of wp_users
a secondary db name would need to be read for the password because humhub uses:
user_password instead of the default value within wp_users (user_pass)
I've tried integrating yii framework with wordpress, I've tried tweaking here and about within the yii framework so that it reads two databases separately but it's far more complicated than simply redirecting the wp login credentials by changing the default login table names within the wordpress files,
please help me,
Let's assume you have some unique identifier so that one user will not accidentally collide with another (in YII/HumHub)
You can load up the WordPress API via
require_once("/path/to/wp-load.php");
//Found normally in the WordPress root directory alongside wp-config.php
You can then when creating a new user in HumHub do:
wp_create_user( $username, $password, $email );
//Where username is the unique identifier
//password is ideally a random hash
//email is their email if relevant
And then log them in (assuming you remembered the username and password!!)
$creds = array();
$creds['user_login'] = $username;
$creds['user_password'] = $password;
$creds['remember'] = true;
$user = wp_signon( $creds, false );
if ( !is_wp_error($user) ) {
ob_start(); //flush buffers - otherwise login won't work or user gets redirected to dashboard
$user_id = $user->ID;
wp_set_current_user( $user_id, null );
wp_set_auth_cookie( $user_id,true );
do_action( 'wp_login', $username );
ob_end_clean();
} else {
//Handle the login error
}
They are then logged into WordPress with cookies etc without any headers interfering with HumHub
Note - the above method may not work is there is a name conflict between WordPress and YII/HumHub. You will get a php error with details of the conflict if that is the case and will have to try something else (such as Oauth plugin)
I have added custom payment method to woocommerce and its working fine . I just have one problem that it calls a callback url for saving transaction information to db. I have created new function for this in my plugin file but i cant excess it directly .
This is how i have done it:
//add_action('wp_ajax_nopriv_payment_callback_action', 'payment_callback_action');
//function
function payment_callback_action() {
echo "Its Working!";
}
I am trying to access it by :
url:"<?=site_url( '/' );?>wp-admin/admin-ajax.php?action=payment_callback_action
It seemd that it because of i dnt have privillage to use it directly but how can i do this ?.
Thanks
# for users not logged in
add_action('wp_ajax_nopriv_payment_callback_action', 'dixipay_callback_action');
# for users logged in
add_action('wp_ajax_payment_callback_action', 'dixipay_callback_action');
# Your callback
function dixipay_callback_action() {
echo "Its Working!";
}
read more: http://codex.wordpress.org/AJAX_in_Plugins
I use form to send POST request to a page and to login user with wp_signon() in order to authenticate user to my wordpress installation as described in WP documentation:
$creds = array();
$creds['user_login'] = $_POST["user-login"];
$creds['user_password'] = $_POST["user-password"];
$creds['remember'] = true;
$user = wp_signon( $creds, false );
After this little piece of code I'm checking if user was logged in:
if ( is_user_logged_in() ) { echo "SUCCESS"; } else { echo "FAIL!"; }
But I got FAIL! all the time. Then after sniffing around I found this little trick:
wp_set_current_user( $user );
if ( is_user_logged_in() ) { echo "SUCCESS"; } else { echo "FAIL!"; }
I've got SUCCESS on this one but when I leave this page I got FAIL again and again.
Can anyone explain me how to login user with wp_signon() without logging her out after page is changed or reloaded or whatever.
I've got desirable result when I go to /wp_admin and login with WP's default login form. I can navigate through every page of my WP site remaining logged-in all the time. But when I try to do this outside the default form with wp_signon(); I FAIL!.
Maybe I use it wrong? Guide me! PLEASE!
It was my mistake. I used the whole structure on my localhost server which for some reason didn't allow wordpress to work correctly. After I've uploaded the template into an external server I've got this working.
Sorry for bothering! It won't happen again ...