SPAM entries through Frontend Submissions

WordPress Event Management, Calendars & Registration Forums Frontend Submissions SPAM entries through Frontend Submissions

This topic contains 2 replies, has 2 voices, and was last updated by  Benjamin Ogg 2 years, 8 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #40740

    Hi there.
    The SPAM entries made through Frontend Submissions raised quite heavily. Even with activated reCaptcha we are facing a lot of SPAM submissions.
    Is there any other way to protect the form and avoid SPAM entries?
    Cheers, Benjamin

    Benjamin Ogg
    #40782

    Hi Benjamin,

    So beyond captchas, they are a few things you can do:

    • Require the user be logged in (effective, but not always practical)
    • Perform validation on the input (e.g. by filtering out event titles/descriptions with key words, or event date/times outside what you would expect)
    • A two step process where events are left as draft until the user has confirmed their email or contact phone number

    For (2), you can use the

    add_filter('eventorganiser_fes_submit_event', function( $event, $form ) {
        // Inspect $event an apply rules
    
        if ( $isSpam ) {
            $form->add_error( 'spam', 'Error message...' );
        }
    
    }, 10, 2 );
    

    For (3) you could use the eventorganiser_fes_submitted_event hook

    add_filter('eventorganiser_fes_submitted_event', function( $event_id, $event, $form ) {
        // generate a random key
        $key = wp_generate_password(16, false, false );
    
        // Store the key
        update_post_meta( "_fes_user_confirmation", $key, true );
    
        //Send a link containing $key and $event_id in the url to the user's email.
        //The user clicks the link creating a `GET` back to your site request containing those parameters
    
    }, 10, 3 );
    

    You’ll need to listen for that GET request and respond accordingly. In the code where you respond to that request:

    $event_id = intval($_GET['event_id'])
    $key = $_GET['key'];
    
    if (get_post_meta( $event_id, "_fes_user_confirmation", true ) === $key) {
        // If the key matches what is stored, publish the event
        wp_publish_post($event_id);
    
        // Then remove to prevent repeat requests potentially republishing the event
        delete_post_meta( $event_id, "_fes_user_confirmation" );
    }
    
    Stephen Harris
    #40806

    Hi Stephen
    Thanks for your kind input. I will try one of your proposals …
    Cheers, Benjamin

    Benjamin Ogg
Viewing 3 posts - 1 through 3 (of 3 total)
To enable me to focus on Pro customers, only users who have a valid license for the Pro add-on may post new topics or replies in this forum. If you have a valid license, please log-in or register an account using the e-mail address you purchased the license with. If you don't you can purchase one here. Or there's always the WordPress repository forum.