Title: Plugin is getting hacked Last modified: May 5, 2020 --- # Plugin is getting hacked * [rickmaggio](https://wordpress.org/support/users/rickmaggio/) * (@rickmaggio) * [6 years ago](https://wordpress.org/support/topic/plugin-is-getting-hacked/) * The job of this plugin is to 1) sync woo with mailchimp and 2) subscribe users at checkout to mailchimp. * We get 1 order per day, but the plugin adds 20+ emails per day. As a result, our email rep is pretty hosed. Sucks that mailchimp doesn’t know any better. Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Author [ryanhungate](https://wordpress.org/support/users/ryanhungate/) * (@ryanhungate) * [6 years ago](https://wordpress.org/support/topic/plugin-is-getting-hacked/#post-12803631) * [@rickmaggio](https://wordpress.org/support/users/rickmaggio/) * We understand how this can be an annoyance and we do want to make sure that we provide a path to resolving the issue for you. Our plugin doesn’t actively block site spam because there are many other wordpress plugins that do that already very well. Our plugin assumes that an account is valid. * Do you use any of these anti-spam blocking plugins or firewall services? That’s the first thing that we would suggest in order to stop the fake emails from signing up as a new wordpress/woocommerce user. * Also – we’re assuming that this is coming from a standard “new account” form on your site. Is that correct in making that assumption? The thing is, we would only be submitting the form to Mailchimp IF they accepted the newsletter. We also have a setting in our plugin to “disable the checkbox by default” but I don’t know if that would solve your problem. I think this is more related to site spam and fake accounts that should be blocked. * We’ll look out for your response, and thanks again for reaching out. * Thread Starter [rickmaggio](https://wordpress.org/support/users/rickmaggio/) * (@rickmaggio) * [6 years ago](https://wordpress.org/support/topic/plugin-is-getting-hacked/#post-12814762) * Hey Ryan, The plugin submits about 50 new emails to MC but we get only about 1 order per day. So my assumption is that an auto submission service is getting around the account requirements and submitted email addresses. * Plugin Author [ryanhungate](https://wordpress.org/support/users/ryanhungate/) * (@ryanhungate) * [6 years ago](https://wordpress.org/support/topic/plugin-is-getting-hacked/#post-12815760) * [@rickmaggio](https://wordpress.org/support/users/rickmaggio/) Our plugin is submitting the new users for you as the plugin was designed to do. We do not filter them because we assume that when a user is added to your site, they should be synced. That being said, I think there are some options for you to stop this from happening because it’s quite common when you don’t have any spam protection enabled. * 1. [Enable Double Opt In](https://mailchimp.com/help/about-double-opt-in/) on the Mailchimp Audience. This will provide a filter for you that would force the verification of their email before being added to the audience. * 2. Use a security plugin for your WordPress install to prevent robot signups. You may use plugins like Google Captcha, or a Honeypot plugin etc. to accomplish this. We are not affiliated with any specific plugin(s), but there are plenty of options in the wordpress ecosystem for you to choose from. * We feel as if either one ( if not both ) of these should be implemented into your store in order to provide a basic level of filtering which you desire. * Let us know if you have any other questions! * Plugin Author [ryanhungate](https://wordpress.org/support/users/ryanhungate/) * (@ryanhungate) * [6 years ago](https://wordpress.org/support/topic/plugin-is-getting-hacked/#post-12830152) * [@rickmaggio](https://wordpress.org/support/users/rickmaggio/) just wanted to follow up with you on this to see whether or not any of the suggestions might work, or did work for you? * Thread Starter [rickmaggio](https://wordpress.org/support/users/rickmaggio/) * (@rickmaggio) * [6 years ago](https://wordpress.org/support/topic/plugin-is-getting-hacked/#post-12833794) * Hi Ryan, I think that my confusion comes from the misunderstanding that this sends all accounts, not just Woo purchases to MailChimp. My assumption was that customer details are only send if they purchase. * Based on this, what you said makes sense. We’ll implement #2, thanks for following up. * Plugin Author [ryanhungate](https://wordpress.org/support/users/ryanhungate/) * (@ryanhungate) * [6 years ago](https://wordpress.org/support/topic/plugin-is-getting-hacked/#post-12833974) * [@rickmaggio](https://wordpress.org/support/users/rickmaggio/) sounds good – thanks for letting us know. We’ve taken this input from other store owners as well and we’re trying to see if there’s a sensible way for us to allow this type of filtering in the plugin itself for everyone. * In your opinion, would it make sense for us to provide a developer hook right before user submission to determine whether or not the user is “allowed” to be submitted? Or would you just want a toggle for “only after purchasing something”? * Just trying to understand the use case and how we could support this for a broad range of people. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Plugin is getting hacked’ is closed to new replies. * ![](https://ps.w.org/mailchimp-for-woocommerce/assets/icon-256x256.png?rev=1509501) * [Mailchimp for WooCommerce](https://wordpress.org/plugins/mailchimp-for-woocommerce/) * [Frequently Asked Questions](https://wordpress.org/plugins/mailchimp-for-woocommerce/#faq) * [Support Threads](https://wordpress.org/support/plugin/mailchimp-for-woocommerce/) * [Active Topics](https://wordpress.org/support/plugin/mailchimp-for-woocommerce/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/mailchimp-for-woocommerce/unresolved/) * [Reviews](https://wordpress.org/support/plugin/mailchimp-for-woocommerce/reviews/) * 6 replies * 2 participants * Last reply from: [ryanhungate](https://wordpress.org/support/users/ryanhungate/) * Last activity: [6 years ago](https://wordpress.org/support/topic/plugin-is-getting-hacked/#post-12833974)