Yesterday, 152 new users signed up on my website. Pretty impressive for a reboot that’s less than a month old.
Only it’s not.
You guessed it, spam-bots were having a field day. Now, new users on my blog only get subscriber status, but I’m no fool. There’s always the risk of a massive, denial-of-service attack coming from simultaneous massive logins, or the chance that some security breach will be discovered that can be executed from the back end with only minimal privileges.
I confirmed that these were bogus by sending a welcome-greeting to a half dozen. All the emails bounced, so I deleted all the accounts.
For many years, I’ve not bothered to allow users to sign in for this very reason. I’ve had this happen before, and back then, didn’t give it much thought. But nowadays I’m more aware of security and even bandwidth and page-responsiveness. I’ve had to weigh the potential benefits of having users verses the insidious things that can go wrong. I’m still not sure there is a huge benefit to having users with accounts. Non-users can still leave comments, and these can be vetted manually. That’s my plan, unless and until thing scale up. That would be a nice problem to have.
I considered just going back to a no-user policy, but it would be nice to have select, engaged, users vote with their account. So I decided to implement some security.
I Googled “Wordpress login screening,” and variations, finally finding a great website, wpbeginner, and a page that gave information on a free Captcha plugin.
This link gives a rundown. Easy to do. You’ll need to go over to Google to get their website keys for this plugin to work, and that can be done here. It’s free, and takes just a moment.
Now, when a new user wants an account, they get the “I am not a robot” checkbox. Hurray. We’ll see if this stems the tide. I’ll let you all know. And if you have any thoughts or suggestions, drop a comment or a message on Twitter.
I appreciate your feedback, and you don’t need to create an account here to say hello. 🙂