Fake Accounts Attack Through Social Login

  • Resolved Halo Diehard

    (@halo-diehard)


    5 years, 1 month ago

    Hello, I’ve had Social Login installed on my site for a few years. I haven’t had *too* much trouble with fake accounts, but in the last couple months or so have started getting slammed daily with fake signups from around the world and have had to disable registration. Social Login needs features that can help limit fake accounts from happening, or it needs to be compatible with other plugins that do this. Example: web owners can force sign ups to answer specific questions correctly or jump through other similar hoops. Do features like these exist for Social Login?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Claude

    (@claudeschlesser)

    Hello,

    thank you very much for your feedback. It’s quite hard or at least very time consuming to create fake social network accounts for the sole reason of creating fake accounts on a website.

    Are you sure that those users signed up using social login? You can see the origin of each user in the user list in your WordPress admin area.

    For this you need to enable the following option in the social login settings:

    Do you want to display the social networks used to connect in the user list of the administration area ?

    Could you check if the users are actually from social login?

    Regards,

    • This reply was modified 5 years, 1 month ago by Claude.
    Thread Starter Halo Diehard

    (@halo-diehard)

    Hello, and thank you for your quick response! I have followed your instructions and then re-enabled registration on my site. I will report back after the first handful of registrations. (I’d already deleted all the fake accounts)

    • This reply was modified 5 years, 1 month ago by Halo Diehard.
    Thread Starter Halo Diehard

    (@halo-diehard)

    I have tested registration using Social Login this morning, and in my Users list it doesn’t say anything below Registration (the new column in my Users page after following your instructions to show which social network was used to log in). So I can’t verify if the fake accounts used Social Login that way. I used the Windows Live login option for the test.

    So I realized I might get a clue looking in my deleted email notifications. There weren’t many that hadn’t be deleted permanently, but I see two other recent members who I’ve kept on (assumed they weren’t fake users), who also registered using Windows Live (their registrations also do not show under the new column as registering via Windows Live, it’s just a blank column).

    So the column doesn’t appear to be functioning correctly and telling me whether or not users are signing up using Social Login, but it’s looking like you are correct and perhaps they are not. Moving forward, I’ll have to pay attention to the email notifications to tell. Will report back if I start getting emails notifying me they’re signing up with Social Login. If I do not, apologies for my assumption!

    Plugin Author Claude

    (@claudeschlesser)

    Hello,

    thank you very much for the testing. If a new user signs up with a social network, it should be indicated in the user list in your WordPress admin area. We will have a closer look to make sure it works as intended.

    Do not hesitate to share your findings with us!

    Best Regards,

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Fake Accounts Attack Through Social Login’ is closed to new replies.