Ways to stop bots from attacking create account forms?

Community Feedback
1

I’m looking to add a reCaptcha to my form to stop bots but it seems like it’s not supported. I’ve looked into how to do it but it’s not working. Any suggestions. Heres the form code im talking about - Create account form.

{{ ‘customer.min.css’ | asset_url | stylesheet_tag }}

{%- form ‘create_customer’, novalidate: ‘novalidate’,class:‘bee-w-100’ -%}
{%- if form.errors -%}





{{ ‘customer.form.error_heading’ | t }}



{%- endif -%}


{{ ‘customer.register.first_name’ | t }}

<input class=“bee_frm_input”
type=“text”
name=“customer[first_name]”
id=“RegisterForm-FirstName”
{% if form.first_name %}value=“{{ form.first_name }}”{% endif %}
autocomplete=“given-name”
placeholder=“{{ ‘customer.register.first_name’ | t }}”
>



{{ ‘customer.register.last_name’ | t }}

<input class=“bee_frm_input”
type=“text”
name=“customer[last_name]”
id=“RegisterForm-LastName”
{% if form.last_name %}value=“{{ form.last_name }}”{% endif %}
autocomplete=“family-name”
placeholder=“{{ ‘customer.register.last_name’ | t }}”
>



{{ ‘customer.register.email’ | t }}

<input class=“bee_frm_input”
type=“email”
name=“customer[email]”
id=“RegisterForm-email”
{% if form.email %} value=“{{ form.email }}”{% endif %}
spellcheck=“false”
autocapitalize=“off”
autocomplete=“email”
aria-required=“true”
{% if form.errors contains ‘email’ %}
aria-invalid=“true”
aria-describedby=“RegisterForm-email-error”
{% endif %}
placeholder=“{{ ‘customer.register.email’ | t }}”
>

{%- if form.errors contains ‘email’ -%}




{{ form.errors.translated_fields[‘email’] | capitalize }} {{ form.errors.messages[‘email’] }}.

{%- endif -%}


{{ ‘customer.register.password’ | t }}

<input class=“bee_frm_input”
type=“password”
name=“customer[password]”
id=“RegisterForm-password”
aria-required=“true”
{% if form.errors contains ‘password’ %}
aria-invalid=“true”
aria-describedby=“RegisterForm-password-error”
{% endif %}
placeholder=“{{ ‘customer.register.password’ | t }}”
>

{%- if form.errors contains ‘password’ -%}




{{ form.errors.translated_fields[‘password’] | capitalize }} {{ form.errors.messages[‘password’] }}.

{%- endif -%}
{{ ‘customer.register.submit’ | t }}

<div class="bee-login-footer bee-login-btn bee-text-center"><span>{{ 'customer.register.have_account' | t }}</span><a class="bee-d-inline-block" href="{{ routes.account_login_url }}"> {{ 'customer.register.login_here' | t }}</a></div>

{%- endform -%}

{%- schema -%}
{
“name”: “Register”,
“tag”: “section”,
“class”: “bee-section bee-section-customers bee-container”,
“settings”: [
{
“type”: “range”,
“id”: “item_radius”,
“label”: “Button / input radius”,
“default”: 4,
“min”: 0,
“max”: 60,
“unit”: “px”
}
]
}
{% endschema %}

2

Do you have these settings enabled on the Online Store > Preferences page in Shopify admin?

image
image1133×288 42.4 KB

More info

3

I do, but yet it still won’t stop bots, any suggestions?

4

Not really - hCaptcha should be fine.

Try contacting Shopify support and see if they can do anything. Long shot. Maybe they can make the hCaptcha appear more frequently.

5

Just to play devils advocate - what’s the harm of these spam customer accounts?

Captchas can add friction to real good acting customers, is the cure worse than the disease?

If they’re trying to make test payments to test stolen credit card numbers, then you can switch to manual payment capture to remove this risk of chargebacks and the non-refundable transaction fees on fraudulent payments.

1 Like