Require captcha only for guests?

[jestermgee]

I use Simple Downloads for this exact purpose, offering simple downloads for free to any user, specifically so I can offer a demo version of the libraries I sell for trial before users purchase a full version (which then creates an account for them to login)

I do not allow registrations without first going through the checkout so I need to allow downloads to guests without accounts.

While this plugin works just fine for this simple task I have noted in the logs hundreds of spam attacks from AliyunSecBot located in Hong Kong in waves hitting many files just a few seconds apart and this seems to cause the site to fluctuate in performance.

I ahve implemented captcha whihc has solved the problem for the moment, however because my site has a lot of visually impaired users visiting this is not an ideal step as these click captcha boxes are often problematic.

Is there a way to use reCaptcha v3? Is it also possible to have the captcha only display for guests but be removed for users logged in?

[admin]

If you’re experiencing attacks like the one you described, the most effective solution is to implement a server-level firewall. CAPTCHA won’t prevent the performance impact, as the page still needs to load before the CAPTCHA is triggered—meaning bot traffic can still strain your server. If you inform your hosting provider about the specific bot attacks, they can configure a firewall at the server level to block the traffic before it reaches your site, eliminating the load and preventing performance issues.

[Author]

Posts