WordPress Download Monitor Plugin › Forums › Download Monitor Plugin Forum › Require captcha only for guests?
- This topic has 3 replies, 2 voices, and was last updated 3 weeks, 3 days ago by
admin.
-
AuthorPosts
-
May 1, 2025 at 12:10 am #2337
jestermgee
ParticipantI use Simple Downloads for this exact purpose, offering simple downloads for free to any user, specifically so I can offer a demo version of the libraries I sell for trial before users purchase a full version (which then creates an account for them to login)
I do not allow registrations without first going through the checkout so I need to allow downloads to guests without accounts.
While this plugin works just fine for this simple task I have noted in the logs hundreds of spam attacks from AliyunSecBot located in Hong Kong in waves hitting many files just a few seconds apart and this seems to cause the site to fluctuate in performance.
I ahve implemented captcha whihc has solved the problem for the moment, however because my site has a lot of visually impaired users visiting this is not an ideal step as these click captcha boxes are often problematic.
Is there a way to use reCaptcha v3? Is it also possible to have the captcha only display for guests but be removed for users logged in?
May 1, 2025 at 4:56 am #2339admin
KeymasterIf you’re experiencing attacks like the one you described, the most effective solution is to implement a server-level firewall. CAPTCHA won’t prevent the performance impact, as the page still needs to load before the CAPTCHA is triggered—meaning bot traffic can still strain your server. If you inform your hosting provider about the specific bot attacks, they can configure a firewall at the server level to block the traffic before it reaches your site, eliminating the load and preventing performance issues.
May 4, 2025 at 12:13 am #2340jestermgee
ParticipantCan I get an answer more on the question at hand tho?
There aren’t “attacks” happening, it is approx 200 downloads being targeted a day which is normal bot behaviour for unprotected links, this is also not the cause of my issues.
I more wanted to know if it can simply be disabled for logged in users
May 4, 2025 at 5:54 am #2346admin
KeymasterPlease let me know if the following response on your other topic helps clarify how we’re currently approaching the CAPTCHA feature:
If this approach doesn’t work for your setup, let us know and we’ll make arrangements so you can switch to an alternative plugin.
-
AuthorPosts
- You must be logged in to reply to this topic.