Recently, I've noticed that we have been getting spam users, registering, and creating profiles on our website even though we have Google reCaptcha enabled, hidden link
Is there something else to do in order to prevent this?
Also, I can identify most of the spam users so my question is this, if I delete the profiles, will it also delete their uploaded images that they uploaded to their profile account? I would like for those images to also be removed.
However I see the following "honeypot" plugin that shows that it offers integration with Toolset Forms and it works without any issues.
- https://wordpress.org/plugins/honeypot/
Hello, I know all this stuff. For one, I am already using your official method to protect the forms from spam. I provided my login credentials and had you logged in. You would've realized that. As I mentioned in my Support ticket I am using Google recaptcha and it is enabled.
Also, the other plug-in you suggested to use, is not a good one. There are tons of issues with it as you can see from the plug-in support page. It just has lots of false positives. As a test, I installed that plug-in and enabled it and it looks like this method will not work either because honeypot is embedded only after the submit button therefore the form would already have been filled in and submit it before the field can never be entered with data. I've seen honeypot plug-ins before, and it embeds the honeypot field within the form not after the submit button.
But just as importantly, I asked some other question in my Support ticket that you just simply glossed over and it was this,
=======
If I delete the spam profiles, will it also delete their uploaded images that they uploaded to their profile account? I would like for those images to also be removed.
=======
Those are the only two options I've to suggest. How you want to restrict spam user profile?
Do you want to restrict with profile username or any other custom field that has unique value? If yes, you can use the Toolset Form hook "cred_form_validate" and check if that profile exists before - if yes, you should return error otherwise allow user to create profile. Here is the hook link:
=> https://toolset.com/documentation/programmer-reference/cred-api/#cred_form_validate
Regarding:
=======
If I delete the spam profiles, will it also delete their uploaded images that they uploaded to their profile account? I would like for those images to also be removed.
=======
No, deleting post will not delete its associated images or custom fields. You may would like to try the following plugin:
- https://wordpress.org/plugins/advanced-database-cleaner/
That will help you to remove orphaned custom fields and there are many more features.
Alternatively, you can use WordPress native hook "before_delete_post". For example:
add_action('before_delete_post', 'func_delete_post_attachments_and_toolset_images');
function func_delete_post_attachments_and_toolset_images($post_id) {
// Delete all media attached to the post (standard WordPress attachments)
$attachments = get_children([
'post_parent' => $post_id,
'post_type' => 'attachment'
]);
foreach ($attachments as $attachment) {
wp_delete_attachment($attachment->ID, true);
}
// Delete Toolset image fields stored as attachment IDs
$toolset_image_fields = ['custom_image_field_1', 'custom_gallery_field_2']; // Add your Toolset image field slugs here
foreach ($toolset_image_fields as $field) {
$image_value = get_post_meta($post_id, $field, true);
if (is_array($image_value)) {
// If it's a gallery field or multiple images
foreach ($image_value as $image_id) {
wp_delete_attachment($image_id, true);
}
} elseif (!empty($image_value)) {
// Single image
wp_delete_attachment($image_value, true);
}
}
}
