How to stop user registrations spam in Q2Av1.8.0 and Donut theme 2.0

Question

I did google for the solution that solve user registration spam. I have found here a solution that suggest for stopforumspam API but won't use this as people are still complianing about this API. My favourite is Google Image recognizator. So, I want to install this on My Q2A version 1.8.0, and I have installed Donut version 2.0. 

Could you please resolve this issue?

I found a post that says When reCAPTCHA v3 will be supported in Q2A? and I am unable to see any option for reCaptcha in my Admin Section.

Thanks in advance.

Answer 1

First of all you have to accept that you cannot stop SPAM user registrations. I can get to your site (I have the URL in your profile) and I can register, select images from the captcha, input a scrambled text, do some math calculations or whatever captcha you have and then start posting SPAM. So you can't stop it.

However, you can add obstacles in the process. "Google Image recognizator", as you call it, is Recaptcha v2. It is very likely that a user who completes the challenge successfully is a human. However, it does not mean you will NOT be spammed by that human (or bot, because maybe the human does the registration process and a bot carries on the job of posting the actual SPAM).

Thinking about obstacles, Recaptcha v2 is a very good one. A spammer trying to register a site that is using it will have to, at least, pay someone to crack it. So you decrease SPAM user registrations by limiting those registrations of spammers who don't spend money in spamming, i.e. you just get spammed ONLY by well-financed spammers :)

Getting more practical, let's enable Recaptcha v2.

1. Go to admin/plugins
2. Locate reCAPTCHA v2.0 plugin and enable it (remember to click on the Save Options button at the bottom of the page to actually enable it)
3. If you have successfully enabled it then you will see an "options" link in the reCAPTCHA plugin. Click it
4. You will see two text fields and the text "To use reCAPTCHA, you must sign up to get these keys". Click on the "sign up" link
5. Perform the registration of your domain selecting reCAPTCHA v2, the Checkbox approach (Validate requests with the "I'm not a robot" checkbox), add your domains, accept the terms of service and click "Register"
6. Then open the newly created domain and scroll until you see the "Adding reCAPTCHA to your site" section. In there you'll see the "Site" and "Secret" keys. Copy and paste them in the two fields from step 4 and save the plugin settings.
7. Scroll down in the reCAPTCHA site up to "Advanced Settings", below the domains and owners. Move the "Security Preference" to "Most secure" and save the settings
8. Navigate to admin/spam, check the "Use captcha for user registration" checkbox (and any other you want) and save the settings again

All unregistered users who try to register will have to input the captcha that shows images. You can see it in action here: http://q2a-pupi1985.herokuapp.com

Comments

Thanks for nice explanation, but images are not appearing during registration. What should I follow next?

---

I see it working in your site, with images. Open a private/incognito session in the browser and you'll see it too

---

I performed step-7, then step-8 and then step-6. Its working now.  I think some time, it's not working.

However, your explanation very useful. It's fine for me. Thank you.

---

Thank you for this detailed explanation. That works for me.