WordPress.org

Resolved Drivingralle
(@drivingralle)

1 month, 2 weeks ago

Hey!

I looked into a client website and the log inside Brevo. There are a lot of spam sign ups that are eating email counts. And are allowing this plugin to be misused for DDOS or stalking attacks. By bombing people with double opt in emails.

The only option to prevent that you offer is the use of Captchas that require external request. Because of GDPR this is not acceptable.

A big step forward would be a honeypot as and widely, successful way to fight bots. Sadly the plugin does not provide hooks or filters to allow others to extent it. Therefore I suggest to add a honeypot to the plugin to prevent thousands of spam emails. Or some hooks and filters so others can provide it.

Greetings
derRALF

Viewing 6 replies - 1 through 6 (of 6 total)

Torsten Landsiedel
(@zodiac1978)

1 month, 1 week ago

Came here to say the same! @neeraj_slit @alexisbienayme

I found this KB article:
https://help.brevo.com/hc/en-us/articles/19591451188114-Protect-your-forms-from-bots-and-spam-signups

But although you are mentioning different things to prevent spam registrations, you only provide a UI for external Captcha or the DOI itself. This is not sufficient.

Why not adding an easy way to add a honeypot field or a math question in your plugin?

All the best
Torsten

Plugin Support alexisbienayme
(@alexisbienayme)

1 month, 1 week ago

Hello,

I understand your concern. We offer protection for your form using Cloudflare Turnstile, as described in this article: https://help.brevo.com/hc/en-us/articles/360019551939-Add-a-CAPTCHA-to-your-subscription-form.

The Brevo plugin on WordPress allows you to add this protection. Please feel free to use it to secure your form.

As for now, it’s not possible to add a honeypot but I’ll pass it to our Product team for an improvement of our plugin.

I remain at your disposal.

Alexis

Torsten Landsiedel
(@zodiac1978)

1 month, 1 week ago

Hi @alexisbienayme

Cloudflare Turnstile is also an external request.

This thread is about adding an antispam feature without external request, like honeypot or a math quiz. Or one of the other features mentioned here:
https://help.brevo.com/hc/en-us/articles/19591451188114-Protect-your-forms-from-bots-and-spam-signups

Cloudflare Turnstile and Google reCaptcha is what we want to avoid.

All the best
Torsten

Plugin Support alexisbienayme
(@alexisbienayme)

1 month, 1 week ago

Hello,

I understand. For the moment, we only have these solutions.

The alternative would be to use a plugin that allows the creation of registration forms on WordPress, and to connect it to Brevo using Zapier.

Here’s the link: https://zapier.com/

Brevo is available on Zapier, so you’ll need to make sure that the application used to create the forms is also available on Zapier.

I’ve passed on your requirements to our product team with a view to improving our functionality.

Alexis

Thread Starter Drivingralle
(@drivingralle)

1 month, 1 week ago

Hey!

Sending the data through Zapier is on the same level not acceptable or even worse, as personal data are send.

Looking forward to the improving of the plugin.

Greetings
derRALF

Plugin Support alexisbienayme
(@alexisbienayme)

1 month, 1 week ago

Hi,

I understand.

As a last resort, you can create a form using programming and use Brevo’s API to add the contacts. This way you can add a Recaptcha of your choice.

Here’s the link for API : https://developers.brevo.com/

Your feedback has been passed on to the Product team.

Have a great day !

Alexis