Tux Kapono

If you see destinationli.com/register, we have about five questions that are required for registration regardless of whether they login via the site or Facebook. I’m just wondering if that can be done using this plugin.

Keith, thanks for the candid response.

1. I’ve tried it with and without ‘Check credentials on all login attempts’. Made no difference.
2. With hundreds of members, if people can’t login, it’s not practical for me to wait for someone to contact me so that I can whitelist them. Most of them will simply never try to login again.

Overall, I’ve seen way too many references, even in general reviews of the plugin, that even the admins get locked out. It’s just not something that we can subject our users to, especially given that we don’t have any regular contact with them.

Unresolved as far as using this plugin, but resolved as far as knowing we’re not going to use it anymore.

1. I’ve tried it with and without ‘Check credentials on all login attempts’. Made no difference.
2. With hundreds of members, if people can’t login, it’s not practical for me to wait for someone to contact me so that I can whitelist them. Most of them will simply never try to login again.

Overall, I’ve seen way too many references, even in general reviews of the plugin, that even the admins get locked out. It’s just not something that we can subject our users to, especially given that we don’t have any regular contact with them.

We can mark it as closed, but not ‘resolved’ because based on the answers we’ll have to go with something else. It just doesn’t work for very large memberships.

I use Rockettheme, and that’s a pretty popular template.

Anyway, after getting yet another user get locked out, and reading this glowing review https://www.wpbeginner.com/plugins/how-to-stop-spam-registrations-on-your-wordpress-membership-site/ – this is the kicker when that reviewer said this:

“There is a small chance that sometimes this plugin would lock you out of your own site.”

Man, if you multiply that by the thousands of users we have, no wonder so many people are having trouble logging in.

It’s just not meant for us.

In looking for alternatives, I actually found this:

“You can specify which events to check. You may not want to check logins or registrations. You may wish to allow any comment and let Akismet handle things.”

Check IP on wp-comment.php: Check IP and email every time the wp-comments.php file is loaded.
Check IP on wp-login.php: Check IP and email every time the wp-login.php file is loaded.
Check IP on wp-signup.php: Check IP and email every time the wp-signup.php file is loaded.
Check IP on xmlrpc.php: Check IP and email every time the xmlrpc.php file is loaded. This will check ping backs and other remote calls
Check IP on wp_mail: Check IP whenever wordpress sends mail to prevent spammers from sending mail to you or anyone else.

Wouldn’t unchecking all of these essentially eliminate the problem of users not being able to login? Also, does BuddyPress even use the wp-signup.php? I know it accesses a register.php file.

ps The plugin just now denied me access to one of my other sites, even after following the aforementioned directions. That confirms it for me.

I’m requesting to provide it as an option, not ruin it for everyone else who is using it for all three.

The bottom line is I’m just using the wrong plugin – I appreciate the suggestions for a registration-only plugin.

I’m also sure that tens of thousands of users use the plugin everyday with no problem, but based on the fact that three of the people that use our sites the most are having a problem logging in (all in different states), there are probably a lot more we don’t even know about, and probably never will.

It’s not me this time, it’s other users, and considering we are using this on multiple sites, some with 2500 members, others with 700, the fact that a handful of the people we know and trust that use the site regularly are telling us they can’t login tells us this is something that is probably affecting a lot of others. Obviously we can’t be helping each user one by one, much less even identify them. Unfortunately, many of them are going to try and login, get denied, and give up forever.

So, the bottom line is that the Stop Spammer Registration can’t only be used for registration? That is HAS to be also monitoring all logins and comments as well? Here’s a feature request to only have it be used for what the plugin is called, ‘Stop Spammer Registration’, because unfortunately, sadly, we can’t use it as is. Perhaps we just have too many members to make this plugin feasible.

Nope, I did what you mentioned, and our users still can’t login without getting an “Access Denied – This site is protected by the Stop Spammer Registrations Plugin” message.

Naturally, I had to deactivate the plugin once again. This is sad, as it basically means I’ve run out of ways to keep using the plugin ??

I just don’t understand why a plugin that is supposed to monitor only registrations is denying people from logging in. I just don’t get it.

From a developer I hired:

The issue was in the Floating Configuration on Digg Digg plugin. I have deactivated the Extra Integration with ShareThis.

Thanks everyone for their help!

I did that, and I’m awaiting whether people will have login problems, but the spam registrations continue to get worse. This is just from one of our sites:

[ Spam registration email addresses redacted. Please do not share those here. ]

If it is what you’re referring to, we have a few thousand members, we can’t expect them to all being emptying their cache. Most of them don’t even know what that means.