Building with HTMX (or how to get all the WordPress bots to spam your site)
Hi all,
I built Webmail Lookup with HTMX and Go. This is really cool as it meant I didn't have to do the logic on both the front and backend. However, this came with a problem I didn't quite forsee.
Because of the way WordPress is built, you don't need JavaScript support in your browser in order to log in/register for it. Because of this, I think a lot of WordPress comment bots don't bother with JavaScript because if it requires it, it's likely got a Captcha or similar or is not a WordPress blog after all.
As I hadn't anticipated this, there was originally no protection against anyone signing up as I didn't want to add any additional burden that could make the sign up flow more convoluted for legitimate users. Since this was still my aim I did not wish to introduce a Captcha to my service, so I found an alternative in Cleantalk (Referral Link). It lets you load a small amount of JavaScript in the user's browser and also check their email against a list of known spammers in order to reject their signups on your website.
Also, gladly it is GDPR compliant and does not keep any information about your legitimate users which is a nice touch and made it an easier choice.
Over the first week or so we gained 1000 signups but almost all of them were illegitimate. After this, we've only seen a couple fall through the cracks and they're way easier to clean up than having to clean up 100s while making sure not to delete any legitimate users. I could've let it continue, as it has a negligible effect on the servers, but I'd prefer not to have all this noise so I can see who my real users are.
Thanks for reading.