Registration Form Honeypot Check #6115
Milestone
Comments
|
@mikeyhoward1977, I recommend installing and using this plugin which uses Google reCAPTCHA service: https://wordpress.org/plugins/recaptcha-for-easy-digital-downloads/ I believe the EDD team have no intention of adding this feature in core anytime soon (I asked prior). |
|
Thanks @davidsherlock I may take a look. Still feel the honeypot validation should be performed in addition though given the field exists within the form already |
cklosowski
added a commit
that referenced
this issue
Mar 23, 2021
cklosowski
added a commit
that referenced
this issue
Mar 29, 2021
* Added honeypot validation during user registration (#6116) Whilst the `edd_honeypot` field is present within the `[edd_register]` registration form there was no validation of this field Co-authored-by: Mike Howard <mike@mikeandniki.co.uk> * Add honeypot field to validation #6115 * Update includes/login-register.php Co-authored-by: Robin Cornett <robincornett@users.noreply.github.com> Co-authored-by: Mike Howard <mike@mikesplugins.co.uk> Co-authored-by: Mike Howard <mike@mikeandniki.co.uk> Co-authored-by: Robin Cornett <robincornett@users.noreply.github.com>
Merged
cklosowski
added a commit
that referenced
this issue
Apr 5, 2021
* Move Stripe to the frist payment gateway in the Available Gateway Settings when it is found #8499 (#8501) * Add ilnks to Termageddon on privacy policy and terms of agreement settings #8506 (#8507) Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Remove GLOB_BRACE flag #8519 (#8520) * Add edd_honeypot to the registration form validation. (#8510) * Added honeypot validation during user registration (#6116) Whilst the `edd_honeypot` field is present within the `[edd_register]` registration form there was no validation of this field Co-authored-by: Mike Howard <mike@mikeandniki.co.uk> * Add honeypot field to validation #6115 * Update includes/login-register.php Co-authored-by: Robin Cornett <robincornett@users.noreply.github.com> Co-authored-by: Mike Howard <mike@mikesplugins.co.uk> Co-authored-by: Mike Howard <mike@mikeandniki.co.uk> Co-authored-by: Robin Cornett <robincornett@users.noreply.github.com> * Issue/8497 (#8504) * Updates to the SendWP setting information #8497 #8498 * Remove Jilt callbacks #8497 #8290 * Properly deprecate Jilt callbacks and remove JS functions #8497 #8290 * Add Recapture settings section, as well as all the states the integration can be in #8497 * Replace accidently removed SendWP client registration #8497 * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Update includes/emails/functions.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Update includes/emails/functions.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Fixing spelilng of connection_complete #8497 * Require the 'install_plugins' cap to see the connect with Recapture button #8497 * Remove 'here' reference in complete connection for recapture #8497 * Deprecate more Jilt functions, remove CSS references, and swtich the abandoned payment notice #8497 * Remove Advanded Emails header #8497 * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Clean up double indents after copying functions to deprected functions file #8497 * Update includes/admin/settings/register-settings.php Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Fix double indenting #8497 * Fix double indenting #8497 Co-authored-by: Ashley Gibson <ashley@nosegraze.com> * Add stripe revision during build #8529 (#8529) * Changelog for 2.10.2 * Rebuild with updated readme stable version * Use default branch for Stripe update * Updating Stripe hash Co-authored-by: Ashley Gibson <ashley@nosegraze.com> Co-authored-by: Mike Howard <mike@mikesplugins.co.uk> Co-authored-by: Mike Howard <mike@mikeandniki.co.uk> Co-authored-by: Robin Cornett <robincornett@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
The registration form ([edd_register]) includes a Honeypot field however I see no validation of this field during the registration process.
I'm being hit with a large number of registrations despite having processes in place to protect against BOT registrations on the main WP registration forms. I guess therefore that these registrations are coming from the EDD form.
PR submitted adding a new
edd_do_honeypot_check()function and being referenced during registration processThanks
Mike
The text was updated successfully, but these errors were encountered: