Occasionally, your donation forms might get targeted by spam bots, or fraudsters looking to test stolen credit card numbers. GiveWP has several tools for handling spam donations. Here’s how to inform yourself on them and what to do about it.
What is Donor Spam?
Donor Spam is a reference to any donation that is fraudulent or malicious where the spammer or spambot creates many donations at the site that are either declined or for very small amounts for the purposes of testing stolen credit cards.
Why do Some People Spam Donation Forms?
The reason many fraudsters target donations (as opposed to other e-commerce solutions) is that there’s no cart to deal with as an additional hurdle.
With donations, there’s essentially a Credit card/Payment form on the site and so the bot/script that the fraudster creates is much simpler.
For more insight into why fraudsters choose donation forms, see this excellent article at WePay’s site.
What You Can Do to Prevent Donor Spam in GiveWP
GiveWP’s Akismet Integration
GiveWP works out of the box to integrate with Akismet, the popular SPAM filter for WordPress.
Install or activate the free Akismet plugin. Then navigate to “Donations > Settings > Advanced” and ensure that the Akismet SPAM protection is enabled. Don’t forget to save the settings at the bottom of the page.
Set a higher minimum donation amount
Sometimes, simply increasing the minimum donation amount is a huge method of preventing these types of attacks. Bots tend to test forms with $1 or up to $5 amounts. If your form only accepts donations of $10 or higher you can prevent these low-hanging easy bots.
The Stop Donor Spam plugin
If that still does not help, Install and activate this functionality plugin called Stop Donor Spam: https://github.com/mathetos/Stop-Donor-Spam This plugin works out of the box without any settings.
Install and activate it and it will filter your attempted donations through a known spambot database before proceeding.
Implementing a reCAPTCHA
If at all possible, avoid the reCAPTCHA option because it slows down the donation experience and looks unsightly. It can harm your donations sometimes more than benefit them. But sometimes it’s really your last line of defense.
This snippet allows for adding a reCAPTCHA to your forms:
Make sure to note the instructions at the top of the Snippet for making it work on your specific site. This snippet is not simply a copy-paste snippet.
Refer to this guide for adding custom PHP for help adding this snippet to your site. Note that you don’t need the opening
<?php tag if you are using the Custom PHP inserter.
Use Cloudflare or Sucuri
Sometimes, the best defense for donor SPAM is to take the fight one level higher than your web server. Cloudflare and Sucuri both do that, in different ways.
These are third-party services that help both speed up your website and provide protection against bot attacks and donor spam.
Some sites get added to bot lists and there’s nothing you can do to prevent them from just continually attacking your site, except using a strong and dedicated firewall/security service like these two.