This plugin is designed to give you tools for dealing with annoying and possibly dangerous human-generated spam submissions to your signup form.
There are four main tools in the plugin:
- Stop Word Filtering
- Link/URL Filtering
- Language Script Filtering
- IP Blocking with Auto-Block
Stop word filtering looks for words or phrases in the submission that identify it as spam. The plugin can accomodate a large number of stop words and phrases, and will mark as spam any submission that contains them.
Link and URL filtering is an effective tool because most spam submissions are for the purpose of posting links where they will be published on your site, or even seen and clicked on by staff.
Language Script filtering is an effective tool to use if you are seeing a pattern of submissions using language scripts your regular users would not use. A language script consists of the specific character set that is used by any language.
IP Blocking is useful if your singup form is targeted by specific actors, you can prevent them from making a form submission. Auto-blocking can be enabled to automatically block the IP of actors who post repeatedly.
Dealing with the Spam
You have several options for what to do when a submission is flagged as spam: discard it, show the user an error message or accept it and flag it as spam. This is useful to get the exact user experience you want.
The plugin adds a “spam flag” field that you can use to filter submissions that are flagged as spam. The plugin will check the spam flag checkbox for any submission that hits any of the spam filters.
Showing the Stats
The plugin can show you which stop words were encountered in sugnup submissions and how often they are detected.
Configuring the Plugin
This plugin is fairly simple to configure, and it is designed to allow you to adapt how it works over time.
Stop Words and Phrases
The best way to get started with this is to scan through your Participants Database records and look for common words and phrases found in unwanted submissions. Of course, care must be taken to avoid filtering words that legitimate submissions might contain.
It is possible to limit which fields are checked for stop words, and this can be helpful to block submissions that put the wrong word in the wrong place.
Once you have set up your initial list of stop words, keep an eye on the submissions to see if you’re getting any false positives or need to add more words to the list.
Links and URLs
The is a simple selector for filtering links and URLs. A “link” is an actual clickable link, while a URL is simply a website address that isn’t necssarily clickable. You can select either or both for filtering. If you do want to be able to accept URLs, you have two options: filter for links only or limit the fields that are filtered to not include a field that could contain a URL. A Participants Database “Link” field will not come in as a link, only as a URL, so setting the link filter to link only won’t trigger the filter if you’re using a link field in your signup form.
Language Script Filtering
This is a special kind of filtering that is helpful if you find unwanted submissions that use a language script that your users aren’t using. Select one or more scripts to filter from the multiselect dropdown.
You may be unfamiliar with the names in the list, take a look at this artice in Wikipedia that should help you know which scripts you need to select: Unicode Scripts
This is very much a special purpose tool for situations where your submission form is targeted by individual actors. It is not effective as a general spam filter, it’s for only good for targeting specific submitters.
Unless you have configured your signup form to collect this information, you will normally not know the IP address of your submitters. If you find that specific individuals are targeting your signup form, a good way to identify them is to add a hidden field that records the IP of the person submitting the form. Here is an example of a field configured to do this.
Auto IP Blocking
You can set this up to automatically block submitters who submit multiple times a day.
This displays a list of IPs that are submitting multiple times per day to alert you to the fact. You don’t need to set up the IP hidden field as explained above, the plugin counts the IPs of submitters to get this list.
Spam Filter Stats
This tab will show you the hit count for various stop words and links in your submissions. This can be used to guage the effectiveness of your filters.
Spam Submission Action
When a spam submission is detected by whatever means, this selects what will happen next.
Silently discard gets rid of the submission without really alerting the person making the submission. You can select where they are sent afterwards, some other page on your site or even back to the form submission page. This is a good option to use when you’re confident you’re not going to get any false positives, since you’ll never see the submission. When a submission is discarded, the stop words or links are counted and added to the stats.
Reject and show an error is a more user-friendly approach, the advantage here is that the user knows what happened and can possibly improve their submission so it can be accepted. The disadvantage is that a spammer can use this to fine-tune their submission and get it past your filtering. If you want to provide the user with a hint about what went wrong, you can use the “Spam Error Message” setting for that.
Flag the submission as spam and save is the least committal option, and the one to use if your still tuning the plugin and likely to get false positives. The “Spam Flag” field will be checked, so you can use that to check on just the flagged submissions. This option will also unset the “Approval” field, so if you have submission approvals already set up, the submissions that are flagged as spam won’t be approved and published to the public sections of your website.
Spam Discard Redirect
This selects where the user will be sent if their submission hits the spam filters when “Silently discard” is selected. If you’ve got some really aggressive spammers, this will slow them down as they will have to navigate back to the form and start over. You can also select “Same Page” which will make it look like nothing happened when the spam was submitted.
Spam Error Message
This is the message that will be shown if a submission hits the spam filters when “Reject and show error” is selected. You can use this to help people avoid their submission getting flagged as spam if you want.
Reject Submissions with Links
You have two selections here: “Clickable Links” will filter any submission that has a clickable link in it. “URL’s” will filter any submission that has a web address in it. If you select both, either one of these will hit the spam filter.
If you have a “link” field in your form, the Links setting won’t be triggered by this, the URL setting will. You also have the option of setting which fields are filtered (see below) and that is another way to selectively allow URLs in the submission.
Stop Word List
This is where you put your list of stop words and phrases. Each line is a single word or phrase that will be filtered. It is case-sensitive, so if the word can be upper-cased or not, you will need to add both versions to the list.
I recommend you keep a text file with your stopwords and phrases…it will be eaiser to edit and if you make a mistake, you’ll have a way to get back what you had. This also gives you a way to test diffrent sets of stop words.
Select Filter Fields
This enables the use of the Filter Enabled field list for the filtering. When enabled, only fields selected in the Filter Enabled Fields list will be filtered.
Filter Enabled Fields
This is a multiselect dropdown for selecting all the fields you want inspected for stopwords, links and language scripts.
Enable Language Script Filtering
When checked, any characters that are in the scripts selected in the Unicode Scripts setting will trigger a spam filter hit.
This is a multiselect dropdown with a list of all the Unicode scripts that can be filtered. Select any scripts you want flagged as spam.
Enable IP Blocking
If this is checked, the IP blocking filter will be enabled.
IP Block List
This lists the ip addresses that will be prevented from submitting the signup form.
IP addresses in this setting will not be blocked or added with auto-blocking. Whitelisted IPs are still checked for spam content.
Auto Block List Threshold
This sets the number of submissions during a 24-hour period that will result in being automatically blocked. Auto-blocked IPs will be listed in the Block List. If this is set to “0” no auto-blocking will take place.
Remote IP Global Key
This is an advanced setting for site hosting servers that use a proxy or firewall that places the remote IP address under a different key in the $_SERVER php global.
High hit rate IPs
This displays a list of IPs that have submitted more than once during a 24-hour period. This can be useful to determine abusive IP addresses, or you can just add their IP address automatically using the Auto-block feature.
Spam Filter Stats
This displays a running tally of the stop word hits. Also includes tallies for language scripts and links that have been filtered. At the bottom of the page, a checkbox lets you clear the stats. Check the box, then save to clear the tallies.
No product-specific support has been configured for this product yet. Please contact me with your questions.