Hi there.
The SPAM entries made through Frontend Submissions raised quite heavily. Even with activated reCaptcha we are facing a lot of SPAM submissions.
Is there any other way to protect the form and avoid SPAM entries?
Cheers, Benjamin
Benjamin Ogg
Hi Benjamin,
So beyond captchas, they are a few things you can do:
- Require the user be logged in (effective, but not always practical)
- Perform validation on the input (e.g. by filtering out event titles/descriptions with key words, or event date/times outside what you would expect)
- A two step process where events are left as draft until the user has confirmed their email or contact phone number
For (2), you can use the
add_filter('eventorganiser_fes_submit_event', function( $event, $form ) {
// Inspect $event an apply rules
if ( $isSpam ) {
$form->add_error( 'spam', 'Error message...' );
}
}, 10, 2 );
For (3) you could use the eventorganiser_fes_submitted_event
hook
add_filter('eventorganiser_fes_submitted_event', function( $event_id, $event, $form ) {
// generate a random key
$key = wp_generate_password(16, false, false );
// Store the key
update_post_meta( "_fes_user_confirmation", $key, true );
//Send a link containing $key and $event_id in the url to the user's email.
//The user clicks the link creating a `GET` back to your site request containing those parameters
}, 10, 3 );
You’ll need to listen for that GET request and respond accordingly. In the code where you respond to that request:
$event_id = intval($_GET['event_id'])
$key = $_GET['key'];
if (get_post_meta( $event_id, "_fes_user_confirmation", true ) === $key) {
// If the key matches what is stored, publish the event
wp_publish_post($event_id);
// Then remove to prevent repeat requests potentially republishing the event
delete_post_meta( $event_id, "_fes_user_confirmation" );
}
Stephen Harris
Hi Stephen
Thanks for your kind input. I will try one of your proposals …
Cheers, Benjamin
Benjamin Ogg