-
Notifications
You must be signed in to change notification settings - Fork 476
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Registration Form Honeypot Check #6115
Comments
@mikeyhoward1977, I recommend installing and using this plugin which uses Google reCAPTCHA service: https://wordpress.org/plugins/recaptcha-for-easy-digital-downloads/ I believe the EDD team have no intention of adding this feature in core anytime soon (I asked prior). |
Thanks @davidsherlock I may take a look. Still feel the honeypot validation should be performed in addition though given the field exists within the form already |
* Added honeypot validation during user registration (#6116) Whilst the `edd_honeypot` field is present within the `[edd_register]` registration form there was no validation of this field Co-authored-by: Mike Howard <mike@mikeandniki.co.uk> * Add honeypot field to validation #6115 * Update includes/login-register.php Co-authored-by: Robin Cornett <robincornett@users.noreply.github.com> Co-authored-by: Mike Howard <mike@mikesplugins.co.uk> Co-authored-by: Mike Howard <mike@mikeandniki.co.uk> Co-authored-by: Robin Cornett <robincornett@users.noreply.github.com>
* Move Stripe to the frist payment gateway in the Available Gateway Settings when it is found #8499 (#8501) * Add ilnks to Termageddon on privacy policy and terms of agreement settings #8506 (#8507) Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Remove GLOB_BRACE flag #8519 (#8520) * Add edd_honeypot to the registration form validation. (#8510) * Added honeypot validation during user registration (#6116) Whilst the `edd_honeypot` field is present within the `[edd_register]` registration form there was no validation of this field Co-authored-by: Mike Howard <mike@mikeandniki.co.uk> * Add honeypot field to validation #6115 * Update includes/login-register.php Co-authored-by: Robin Cornett <robincornett@users.noreply.github.com> Co-authored-by: Mike Howard <mike@mikesplugins.co.uk> Co-authored-by: Mike Howard <mike@mikeandniki.co.uk> Co-authored-by: Robin Cornett <robincornett@users.noreply.github.com> * Issue/8497 (#8504) * Updates to the SendWP setting information #8497 #8498 * Remove Jilt callbacks #8497 #8290 * Properly deprecate Jilt callbacks and remove JS functions #8497 #8290 * Add Recapture settings section, as well as all the states the integration can be in #8497 * Replace accidently removed SendWP client registration #8497 * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Update includes/emails/functions.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Update includes/emails/functions.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Fixing spelilng of connection_complete #8497 * Require the 'install_plugins' cap to see the connect with Recapture button #8497 * Remove 'here' reference in complete connection for recapture #8497 * Deprecate more Jilt functions, remove CSS references, and swtich the abandoned payment notice #8497 * Remove Advanded Emails header #8497 * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Clean up double indents after copying functions to deprected functions file #8497 * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Fix double indenting #8497 * Fix double indenting #8497 Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Add stripe revision during build #8529 (#8529) * Changelog for 2.10.2 * Rebuild with updated readme stable version * Use default branch for Stripe update * Updating Stripe hash Co-authored-by: Ashley Gibson <ashley@nosegraze.com> Co-authored-by: Mike Howard <mike@mikesplugins.co.uk> Co-authored-by: Mike Howard <mike@mikeandniki.co.uk> Co-authored-by: Robin Cornett <robincornett@users.noreply.github.com>
Hi,
The registration form ([edd_register]) includes a Honeypot field however I see no validation of this field during the registration process.
I'm being hit with a large number of registrations despite having processes in place to protect against BOT registrations on the main WP registration forms. I guess therefore that these registrations are coming from the EDD form.
PR submitted adding a new
edd_do_honeypot_check()
function and being referenced during registration processThanks
Mike
The text was updated successfully, but these errors were encountered: