How to stop spam subscribers on WordPress email subscribe form?

wordpress-stop-spam-subscribers

Email subscription forms are very essential for any website to let visitors subscribe to new contents. Email subscription forms will also let website owners collect emails which can be used for online marketing. However, mail subscribe forms may also attract a lot of spam subscribers. In this post, we shall see how to stop spam subscribers on WordPress email subscribe form using free plugins.

Before we discuss how to stop spam subscribers, let's discuss briefly how to include a Subscribe Form in WordPress.


How to create subscribe form in WordPress?

wordpress-email-subscribe-form

There are many free plugins out there if you want to include a subscribe form on your WordPress website. Just search on WordPress and you should get many such plugins. The setup and configuration may vary from plugin to plugin.

For the purpose of this example, "Email Subscribers & Newsletters" WordPress plugin is used to create the email subscribe form. It provides two features - post notifications and newsletters. It is easy to configure and use.

  • Download and install  "Email Subscribers & Newsletters"
  • After installation, navigate to Email Subscribers > Templates and setup template for "Post Notifications".
  • After template is created, navigate to Email Subscribers >Post Notification from the WordPress sidebar, and setup post notification.
    • Choose the template created earlier
    • Choose post categories
    • Choose when to send post notifications
  • Then, navigate to Email Subscribers >Settings and update:
    • Email address for Sender of Notifications
    • Email Type (default WP HTML MAIL is fine)
    • Opt-In Type: Single Opt-in, Double Opt-in
      • While single opt-in is simpler (user just need to enter an email to subscribe), double opt-in may be better.
      • In Double Opt-in, visitor need to enter a valid email address where the confirmation email is sent to. The user need to confirm and then only the post notifications goes. This would reduce fake subscribers. But the down side is that, a visitor may not check the confirmation email and the website may lose a subscriber.
    • Admin email addresses that should receive notifications

After the necessary configurations are done, go to Appearance > Widgets and add "Email Subscribers" widget to any widget area to display the Subscribe Form.

Note: For Email subscribe form to work, WordPress should be able to send emails to subscribers.
For using SMTP to send emails, you may use WP SMTP plugin and configure it with your website's email address or Gmail etc.

If you are facing issues send emails from WordPress, refer to this previous article how to resolve the mail issue.
   
How To Resolve WordPress Unable to Send Messages/Mails from Contact Form? (There was an error trying to send your message).

How to stop spam subscribers on WordPress email subscribe form?

As I said at the start of this post, having a subscribe form on website may attract a lot of spam subscribers. But we can solve that.

In my case also, after the subscribe form was included in WordPress website, I started to notice a lot of spam subscribers started to appear. Most of them where emails with domain @*.ru. This is not good for the website as the mail server will try to keep sending emails to those addresses resulting in unnecessary load on the website.

If you have also integrated Subscribe Form on WordPress and you are receiving a lot of spam subscribers, you can control spammers with "Stop Spammers" WordPress plugin. This plugin is not only good for stopping spammers on Subscribe Form but it is also useful for improving WordPress website security.

Stop Spammers is an aggressive website defence against comment spam and login attempts. It is capable of performing more than 20 different checks for spam and malicious events and can block spam from over 100 different countries.
After using this plugin, spam subscribers have significantly reduced. After 15 days of usage, Stop Spammers stopper 441 spammers, and this is on a not so popular WordPress website!

wordpress-stop-spammers-summary


Download and Install "Stop Spammers"

  • Go to “Add New” from your WP admin menu, search for Stop Spammers, and install.

OR

  • Search WordPress plugins directory for Stop Spammers
  • Download the plugin.
  • Upload the plugin to your wp-content/plugins directory.
  • Activate the plugin.
Setting up "Stop Spammers" WordPress plugin
 
After the plugin is installed and activated, there will be "Stop Spammers" menu on the WordPress Admin sidebar from where you can setup the plugin. The plugin has elaborate descriptions for each of the settings.
 
There are many settings to harden WordPress in the Stop Spammer plugin to improve security of the website. Here are some important settings to enable:

  • Stop Spammers — Protection Options: Check Credentials on All Login Attempts: plugin checks for spammers before WordPress try to log in a user. If this option is checked, every attempt to login will be tested for a valid user.
  • Block Spam Missing the HTTP_ACCEPT Header: Blocks users with missing or incomplete HTTP_ACCEPT header. All browsers provide this header. 
  • Deny Disposable Email Addresses
  • Check for Long Emails, Author Name, or Password
  • Check for Short Emails or Author Name
  • Deny IPs Detected by Akismet:  Checks Akismet bad IP cache
  • Check for Many Hits in a Short Time
  • Block List
    • Add emails of the spammers to the Block List to block them. You can use wild cards (e.g. spammer@spam.* or *@*.ru
  • Spam Words List
    • There are already some spam words added. 
    • You can update spam words to check comment body, email, and author fields. If a word here shows up in an email address or author field then those are blocked in comment, emails etc.
  • Bad User Agents List
    • Browsers always include a user agent string when they access a site. It also checks for known abusive robots that sometimes submit forms.
  • Blocked TLDs
    • Here we can update the domains of emails used by spammers. This will block all comments and registrations that use the listed TLD in domains for emails.
    • Example: .ru, .mail.ru
           
After using the Stop Spammers plugin, check for the progress made using the plugin. Login to WordPress as admin and navigate to:
  • Stop Spammers > Cache
    • Whenever a user tries to leave a comment, register, or login and fails the tests as per the settings applied to Stop Spammers plugin, then those IPs are added to the Bad Cache. You can see those IPs blocked here.
  • Log Report
    • You can check the log for more details of spammers stopped using the plugin here and which settings stopped the spammers.
    • A screenshot below shows spammers blocked by "Deny List Email" setting applied to Stop Spammers plugin.
block-spammers-wordpress-plugin

All in all, I found the "Stop Spammers" WordPress plugin to be very handy in blocking spammers. It is a must use WordPress plugin to harden WordPress and improve the security of the website.

Let me know too which plugins you use to control spam or for security of WordPress website.



Comment with Facebook

3 comments:


  1. There is a great importance of Web Design & Social Media for Businesses. Everybody knows how important social media is for businesses and web designs these days. In order for any business to be successful, establishing a social media strategy is essential. Part of the strategy should include website design.hosting webmaster visit: https://www.bynd.co.in

    ReplyDelete
  2. There's another way of stopping spam emails and security for keeping WordPress secure from spam, in simple way we can use WordPress AntiSpam Plugin to put our website on safer side.

    ReplyDelete