Prevent Spam and Abuse of Your Rating / Review System in WordPress No ratings yet.

In 2004, Bill Gates famously said “two years from now, spam will be solved”. He was way off the mark. Spam is a serious and worsening problem and if you don’t put preventative measures in place, it will cost you time and money ongoing.

I recently received a support ticket where a customer had one day found over 1,000 corrupted ratings. After some quick investigation, a pattern emerged. All of the corrupted ratings occurred within a 2 hour period from the same IP address, and all of the post ids used were in a sequential order. It was pretty obvious that this was no coincidence and that these ratings had been improperly saved (hacked you might say).

There are a couple of ways to address and prevent spam and abuse in Multi Rating Pro.

Spam Protection

The Pro version has a reCAPTCHA add-on which basically uses technology to spot the difference between a robot from a human being. So if it thinks a rating was submitted by a robot and not a person, the rating is rejected.

If you integrate ratings in the WordPress comment form, you could choose to activate the Akismet plugin which offers an anti-spam service.

Extra Validation

As of Multi Rating Pro v5.2.3, a bug was fixed to make sure the post id and rating form id are validated when saving a rating entry. This should prevent any invalid ratings from being saved. Tick 🙂

You could also mitigate an attack by implementing some custom code which checks a minimum time constraint (e.g. 15 seconds) between multiple ratings being saved by the same user or IP address.

What else should I know?

The Pro version has a handy tool to cleanup the database to ensure all ratings are valid. It basically performs checks for any orphaned ratings data.

You might also find the ratings moderation feature useful as a way to vet and approve ratings before they are shown publicly.

Leave a Reply