Four years ago today, GD Security Toolbox Pro, version 1.0 was released. And, today, we are celebrating the fourth birthday with the very important version 2.5 bringing a lot of new features related to registration control and antispam filters.
Two major issues any website with open registration faces is the spam registration and spam comments or other submissions. Bots use spam registration accounts as a way to post more spam comments because website often allows no moderation of comments for registered users. And, the bots registering the spam accounts use a wide range of generated usernames, the unlimited pool of domains for emails and it can be very tough to sort all that out, and later remove these accounts.
GD Security Toolbox Pro had a lot of registration filters made to prevent spam registration, and over the past year, I have been gathering data about everything plugin stops, and everything that was not stopped. And, all that leads to a huge update to the registration control methods plugin has.
The new measures for stopping spam registration include:
- Check if the email domain TLD is valid. Plugin updates the list of all available TLD’s every week to stay up to date.
- Check if the email domain is on the disposable email domains list. This will prevent users to register with a disposable email that works for a few minutes or a few hours.
- Check if the email domain includes a subdomain. This is one of the most obvious spam flags because normal emails are domain-based, and when the email is located on a subdomain, that is a red flag. There are some valid cases to have subdomain emails related to education, government and academy TLD’s and they will be allowed.
- Check if the email domain has proper DNS records. This is run as the last filter because it depends on running an online query to get domain records from the DNS server. But, this will reveal a lot of about the email domain and will stop domains with incomplete A or MX records, or domains that have MX record point to disposable domains.
The best thing about this control is that if a bot is persistent, trying to registers and fail, you can ban the bot IP and stop it from coming to the website.
And, the Antispam filters for comments, trackbacks, bbPress topics, and replies and GravityForms have been expanded to include TLD validity check, disposable email check, and email domain subdomain checks. Other changes in this version include updates to events log, improvements to integrity scanner, CSP and more. There are several bugs also fixed.
And, the next few versions of the plugin will expand on some of these features to make the process better, and stop a lot more spam registration and spam posting.