admin管理员组文章数量:1168529
I am talking about the REGISTER form
PROBLEM: I have some requests that are coming from somewhere else - not from the user interface. I know this, because these requests don't have all the mandatory fields completed - and this can't be done from the user interface, because of the data validations (for example, you can't submit the form without a name, or without a valid email address)
I suppose this is a security vulnerability, and I've heard someone can gain admin access through these requests.
QUESTION: Is there any way(a plugin maybe) I can log and parse these requests, in order to understand who/what/why/how is creating them? MORE EXPLANATIONS if needed: each time a user submits this register form, I get an email with details (name, email, period, choosen price). But sometimes, i get emails without all the mandatory details: for example: an email with no price or with no email... and this is theoretically not possible. how are these made, and why? is there any way to log these and see WHERE are they coming from?
I am talking about the REGISTER form
PROBLEM: I have some requests that are coming from somewhere else - not from the user interface. I know this, because these requests don't have all the mandatory fields completed - and this can't be done from the user interface, because of the data validations (for example, you can't submit the form without a name, or without a valid email address)
I suppose this is a security vulnerability, and I've heard someone can gain admin access through these requests.
QUESTION: Is there any way(a plugin maybe) I can log and parse these requests, in order to understand who/what/why/how is creating them? MORE EXPLANATIONS if needed: each time a user submits this register form, I get an email with details (name, email, period, choosen price). But sometimes, i get emails without all the mandatory details: for example: an email with no price or with no email... and this is theoretically not possible. how are these made, and why? is there any way to log these and see WHERE are they coming from?
Share Improve this question edited Mar 2, 2015 at 7:49 Testing_Enthusiast asked Feb 23, 2015 at 10:29 Testing_EnthusiastTesting_Enthusiast 13 bronze badges 3 |1 Answer
Reset to default 0You could use "save_post" hook to capture all submit within WP, for ex:
function just_got_you( $post_id ) {
if ($post_id != '123')
return;
<< do your logging stuff here >>
}
add_action( 'save_post', 'just_got_you', 10, 2 );
Change 123 to your page/post id. More reference here Save Post Hook
本文标签: pluginsHow can i seelog all requests coming from a registration form (not from the UI)
版权声明:本文标题:plugins - How can i seelog all requests coming from a registration form (not from the UI)? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1737567255a1996901.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
Contact Form 7form. You don't really have any control over this. Usually spammers hijack servers and use them for sending spams so practically you cannot block these submissions. But instead you can try to identify legit submission from bogus submissions. One solution would be to check refer url. Usually spam bots do not have any refer URL so you can block such requests or emails.Contact Form 7have Akismet integration that you can use. Third, you can install a captcha too. You will not get more help for this plugin here since it's 3rd party plugin. – Robert hue Commented Feb 23, 2015 at 11:00