I’ve been struggling with registration spam on one of my retail websites. Currently it’s running a shop based on WordPress, so I have access to a plethora of plugins to assist with this issue. I had been using Stop Spammer Registrations, along with re-Captcha, which only worked for so long. Somehow the spammers just keep getting through, so I took the next step to fortify with Bad Behavior.
Bad Behavior is a WordPress plugin that helps stop spammers before they even access your site. To assist the plugin, it makes a call out to the http:BL API, which is available for free. Once you get the API setup, simply copying it into the plugin is the extent of the setup for normal operation. However, I ran into an issue with getting my transactions confirmed, because I believe it is blocking the callback IP from PayPal.
So, I had to add all of PayPal’s callback IPs to make sure they are getting through and not inadvertently interrupting purchases. Thankfully Bad Behavior has a very easy to use White List option where you can copy over as many IPs as necessary.
List of IPs used by PayPal. – https://ppmts.custhelp.com/app/answers/detail/a_id/92
I’m closely monitoring purchases and making sure the callbacks are working properly. As of now the combination of spam blocking Word Press plugins are keeping about 75% of the spam out. Unfortunately I’m still looking into options for me to do locally to help combat the massive amount of registrations now found in my WordPress user database.