Home › Forums › WoodMart support forum › form protection
form protection
- This topic has 7 replies, 2 voices, and was last updated 2 weeks, 2 days ago by
Hung Pham.
-
AuthorPosts
-
April 23, 2025 at 11:10 am #656032
ElBender8Participantunfortunately, i can’t use satya protection from cloudflare and have to use yandex smart capcha. how can i protect the login and registration form on the woodmart website?
April 23, 2025 at 11:44 am #656046
ElBender8ParticipantCurrently, I’m facing an issue with bots massively registering on my site (WooCommerce + Woodmart). I want to integrate Yandex Smart Captcha into the login and registration forms (as provided by Yandex developers).
Could you please advise how to correctly add the Yandex Smart Captcha code to the login and registration pages using Woodmart?
Where exactly should I insert the provided code (HTML/JS)?
Is there a recommended way or hook in Woodmart/Theme/Child theme to do this, so it remains update-safe?
Maybe you have instructions or experience integrating custom CAPTCHA solutions?
April 23, 2025 at 12:06 pm #656056April 23, 2025 at 12:10 pm #656058
ElBender8Participantwith the help of the plugin I managed only to add Yandex captcha to the contact form 7, but how to do it with registration and login – I don’t know
April 23, 2025 at 3:41 pm #656111
Hung PhamKeymasterHi ElBender8,
Thanks for reaching to us.
1. Login and Registration are default WooCommerce functionalities and WoodMart does not control it.
For specialized assistance and potential solutions, I kindly suggest that you reach out directly to the WooCommerce plugin’s support team https://wordpress.org/support/plugin/woocommerce/, who are better equipped to provide you with the guidance you requires .
2. You can add a Google Recaptcha to your website with the help of the following plugins:
https://wordpress.org/plugins/recaptcha-woo/
https://woocommerce.com/products/recaptcha-for-woocommerce/Please note that we do not give a guarantee for full theme compatibility with all existing 3rd party plugins.
Best Regards,
April 23, 2025 at 4:18 pm #656125
ElBender8ParticipantThank you! I also want to ask:
I’m using your Woodmart theme on a WooCommerce-powered commercial website, and I recently encountered suspicious activity involving unexpected mass email sending from the site. After some investigation, we identified and paused a cron task named site_mailer_pull_logs, which appeared to trigger email dispatches via wp_mail().I would greatly appreciate your help in clarifying the following:
Does Woodmart or any of its bundled plugins create cron tasks that handle mailing or logging email activity? If so, could you specify which ones are legitimate and safe?
Are there any known vulnerabilities or compatibility issues in recent versions of Woodmart that might allow misuse of the wp_cron.php functionality?
We are using WP Mail SMTP for transactional emails, but the nature of the behavior looked like internal automation using wp_cron. We want to ensure there are no components in the theme that could be exploited for unauthorized mail operations.
Any insights or recommendations for best practices around theme setup and hardening would be truly appreciated. Thank you for your continued work on Woodmart — it’s a great theme
April 23, 2025 at 9:59 pm #656187
ElBender8ParticipantUPD Recently, we encountered a serious issue: our site began sending out unauthorized mass emails, triggering bounces and reputation damage. After deep investigation, we identified and paused a cron event named site_mailer_pull_logs, which was firing through wp_cron.php and using wp_mail() internally.
We have no plugins on the site with such a name, and this job was not something our team created knowingly. Below is a brief summary of what we’ve done so far:
• ✔️ Paused and then deleted the site_mailer_pull_logs cron job using WP Crontrol.
• ✔️ Investigated all currently active cron tasks and verified known sources.
• ✔️ Searched our plugin files and database for references to site_mailer_pull_logs — none were found.
• ✔️ Switched from WP Mail SMTP to another SMTP plugin to ensure nothing is exploiting it.
• ✔️ Reviewed and exported logs, reviewed wp_options, and cleaned suspicious users.
• ✔️ Added reCAPTCHA v2 to WordPress login/registration forms and Yandex SmartCaptcha to Contact Form 7.
• ✔️ Currently conducting further audits locally on a backup of the site, and removed fake customers.We would appreciate clarification on a few critical points:
1. Does Woodmart or any of its bundled plugins ever register a cron job named site_mailer_pull_logs, or anything related to automated email dispatching or logging?
2. Are there any known vulnerabilities or recent reports of similar misuse of the Woodmart theme in relation to wp_cron or scheduled tasks?
3. Could any internal Woodmart functionality—such as promotional tools, wishlist emails, or WooCommerce hooks—potentially interact with cron or mailing in this way?
4. Is there a recommended hardening guide for Woodmart installations to ensure safety from abuse of automated tasks like these?Given that our theme is central to our site, we want to rule out any possibility that it could be involved in the issue — even indirectly. Any detailed information or best practice recommendations you can offer would help us avoid recurrence and ensure secure use of Woodmart in production.
April 24, 2025 at 9:19 am #656245
Hung PhamKeymasterHi ElBender8,
Our theme does not control email configurations or have settings-related email sending functionalities.
You can contact your hosting provider for help on this matter.
Best Regards,
-
AuthorPosts
- You must be logged in to create new topics. Login / Register