Fake signups: What to Do
Fake signups can occur on any website mostly due to "bots" which are automated by hackers. WordPress websites are often targeted by them.
Steps to Prevent Fake Signups in MailPoet
Important: if you've imported your subscriber's list, please check this article: Checklist before importing subscribers
Fake WordPress Users Signups
The most common form of fake signups occurs in WordPress and not in MailPoet. Nefarious bots register as WordPress users which in turns adds these fake users to the default MailPoet list "WordPress Users".
- Check your WordPress users for any suspicious users, possibly with the same email addresses;
- Check in your database, with phpMyAdmin, if there are no hidden WordPress users (common hack);
- Check in your database, in the table "..._mailpoet_subscribers" if there are any suspicious email addresses.
- How to Stop Spam User Registration in WordPress (anarieldesign.com)
- 10 Simple Tricks to Eliminate Spam User Registration (wpforms.com)
MailPoet's Bot Protection Mechanism on Its Forms
MailPoet implements preventive measures by default to prevent bots from subscribing to MailPoet's forms repeatedly. This is mitigated Email Bomb type of attacks which became popular in 2017.
When multiple signups occur quickly, MailPoet's forms enforce a delay in seconds between each signups using the same IP address. The message " You have to wait xxx seconds before you can sign up again." will be displayed.
The more signups occur, the longer the delay in seconds will be enforced.
This option cannot be turned off.