Has anyone figured out a way to successfully mitigate spam account sign ups from their store? I have about 20 random customer sign ups per day with first/last names with random letters and numbers + a bogus email address. I've been pretty good with deleting them, but I'm not trying to make this a daily occurrence. I have more important things to focus on.
Are there any apps available for this? Did you implement a CAPTCHA solution? Just looking for some ideas and/or would like to hear what you've done in this situation.
Here is the response I received from Support:
My name's James and I'm a Shopify Guru - here to help!
I'm sorry to hear your customer accounts area is getting spammed, I can't imagine how annoying that must be to have to keep deleting them.
There are a couple ways you could stop this:
You could add a captcha to your customer sign-up area
You could remove the customer sign-in option from your homepage, and just let them sign-in at checkout.
Both of these options would require custom coding and we, unfortunately, don't have guides on how to do this. However, here's a guide on adding customer sign-in to your homepage. It might give you some clues as to how to remove the sign-up from the homepage.
Let me know if this helps you out at all!
If you have any further questions, or would like some information on upgrading your plan, or how to save 10% on your Shopify bill by switching to an annual plan, please don't hesitate to contact me!
Have a great day!
While I'm not very happy with the "remove the sign up from the homepage" suggestion, it is an option, but not a very good one in terms of site usability. In either case, it sounds like CAPTCHA is the way to go here. Unless another Shopify Guru/Expert on here can weigh in with their opinions. I may start to explore implementing the CAPTCHA functionality soon.
I'm building out a very simple CAPTCHA solution that will solve a basic math problem. This won't eliminate ALL spam, but it will definitely help. I'm developing it on my dev site now. Once it's tested and I feel it's "production ready," I'll post all the steps in this thread to install the solution. Look for a reply in another day or two.
Most bots don't actually fill out the form like a human - they just post data to the endpoints. This means they don't need to use the form at all, and skip whatever js captchas or html5 required attributes you put in place.
There's plenty of existing examples (here's one) on the forums and online that you could use rather than trying to reinvent the wheel. Js based captcha can certainly minimise some spam - just don't expect this to be a golden solution.
One alt method would be to include an extra field in the form that is not visible to normal customers. If this field is filled out you can assume it's a bot, and just purge it. Mailchimp uses a very similar technique (and doesn't opt for a captcha). It won't slow down form entries at all, but may help find the suspect ones quicker.