Hi, are they also come from VDsina’s IP range?
https://ww.wp.xz.cn/support/topic/some-spammer-broke-through/
I used different strategies to deal with the new spam.
One website I used Cloudflare to block VDsina’s AS number, which has worked well so far, but it will stop working if the spammer changes its IP.
For other websites, I used Cleantalk:
https://cleantalk.org
Note that it has some false positives and false negatives. You can use a filter with IPs < 3 to quickly identify the most likely false positives.
If you are an agency with an Unlimited Plan, I recommend purchasing the Extra Package, which retains logs for a longer period and allows you to delegate access permissions to clients through Website Access Delegation.
Hi,
I checked recent spammer’s IP addresses and all of them are from Dubai (different problem).
The problem is that some spambots act like real visitors.
Using Turnstile helps, but I don’t wanna change 100+ websites 😒
@finalwebsites
Yes, bulk management is crucial for agencies, so I tested different alternative services and setup methods.
I used Human Presence, but they stopped providing services at the beginning of the year, and clients couldn’t see which spam was blocked.
Choosing a service is not just a single issue, but also involves other plugins and services that work with it.
Cleantalk only allows easy spam viewing for each site when using the built-in integration with Fluent Forms, so I suggested adding an Entries status filter to Fluent Forms a few days ago. I also asked Cleantalk for an easier log check solution. However, due to privacy concerns, website access delegation is currently the only available option.
My advice to all clients is to avoid using Elementor’s built-in forms; if you must use them, use the Global widget.
This is because with shortcode forms, you can set them globaly, while with Page Builder’s built-in forms, you need to find each form and set it individually.
@homu9
WP Armour is a good working anti spam solution and the best thing is, that you don’t need to change the forms. The same for the Turnstile integration after you finished the installation.
I’m sure that the current issue I have on some sites is a temporary problem.
My advice to all clients is to avoid using Elementor’s built-in forms; if you must use them, use the Global widget.
Nothing wrong with Elementor forms, sure you need to use the Global widget if you include the same form on many pages.
I opened on of my client’s site:
Hey, WP Armour has blocked 22869 spam submissions till date…
I see this kind of numbers often, even after 1 month of using WP Armour. I’m good here 😃
-
This reply was modified 5 months, 2 weeks ago by
Olaf Lederer.
@finalwebsites
I tried Turnstile too, with Fluent forms integration, Clients reported that if there are multiple forms on the same page, one Turnstile may affect the other.
WP Armour works great until recently, only some manually spam could bypass it’s honeypot. It was my default setup.
And it has problem with PayPal Express checkout and Gtranslate. It’s not a problem with WP Armour, because Gtranslate, like Cloudflare, is a reverse proxy.
For forms without short codes, such as those where you want to modify the “From” field for email notifications or uniformly change “actions after submit,” it’s inconvenient. Not choosing Elementor form is just like seeing the shining point of WP Armour.
When there are many submissions in the backend, deleting records is also inconvenient. There’s no easy way to preview submission content, no advanced filtering or on-demand export, and no daily submission statistics… Furthermore, when using TranslatePress, the form content is also translated, a problem that takes too long to resolve with elementor official support.
For the past month, I’ve been checking the WP Amour forum every few days to see if there’s any progress and to see if new spam has been contained on client websites. I’m currently writing an Access Key generator to make things easier for clients.
If the spam isn’t resolved, the Mail Relay used for form notifications will also experience excessively high bounce rates.
You’re right comment form spam is huge problem not only for all the spam submissions you don’t want.
I develop my own contact form plugin (search for “WP Armour” to find it in the repo) and spent a lot of time for adding anti spam methods even for sessions where Javascript is disabled. The funny thing is that most of spam is still very simple to block. But there are some annoying spam attempts too.
