All things Shopify and commerce
I'm getting blasted with fake newsletter signups - over 100 yesterday.
I get very little traffic at my store (less than 10 sessions/day), so I know this is either a bot or a hack, but it's impossible to know which. Because I have so few visitors, I might at least be able to see where some of the attacks are coming from if there was a way to only allow 1 signup per visit.
Shopify does not provide any security options (e.g. captcha) for the Newsletter Signup form to eliminate bots. And they don't provide any way to control the number of signups per session or visit. I can add code to my theme for more fields requesting more info than just email address, but Shopify only allows the email field to be required.
I don't want to force visitors to do a full account signup just to get on a newsletter list.
From what I have seen on these community boards, this is a common problem. TBH, the bigger problem is that nearly all of the responses on these boards are outdated or along the lines of "try this 3rd party anti-bot app" followed up by "no, that one doesn't work". I don't have time for that.
So my question is what tools exist that can specifically perform each of the following 2 tasks:
1) Limit the number of home page Newsletter signups to 1/visit
2) Require a security response when the home page Newsletter signup Submit button is clicked
Hi, @ponix
Greetings, and thanks for posting! I hope your day is going well.
I understand that you're facing challenges with fake newsletter signups. While Shopify currently doesn't have built-in options for limiting signups per visit or adding a security response to the newsletter signup form, there are some potential solutions you can try:
The first option is using third-party apps from the Shopify App Store that specialize in form customization and security. Look for apps that offer features like limiting signups per visit or implementing additional security measures such as CAPTCHA or reCAPTCHA.
Another option is to modify the code of your theme to add the desired functionality, such as limiting signups or implementing a security response. If you aren't familiar with coding this would require the assistance of a developer.
I hope that helps! In the meantime, as we're discussing newsletter subscribers, I recommend you check out our blog on how to create a newsletter that increases sales! For example, regularly engaging with your subscribers through valuable content and promotions can help foster a loyal customer base.
Best of luck!
Hi Skye,
I hope that you understand that none of what you suggest could be interpreted as a solution.
Telling me to hunt down 3rd party solutions on my own is not helpful.
I am extremely familiar with coding and have consulted with the developer who I hired to build my site. This is why I know what limitations I am up against. Unless we can get access to Shopify's liquid files for the Newsletter signup, it is impossible to modify testing or limits of signups. If I am wrong about this, I need to know. That is why I am posting this request.
If you know of a 3rd party app that can actually do a captcha for just the Newsletter signup, please let me know because I haven't been able to find one. This is why I am reaching out to Shopify for this solution. And I mean SOLUTION, not "try this" or "try that".
Thank you.
Hi, @ponix
While I'm not able to provide specific coding instructions based on our support guidelines, I can assure you you have access to the coding to adjust the liquid associated with the newsletter. Unless, however, you're using a third party theme that for some reason has this locked.
In general, you can find the newsletter sign-up form in the theme's "footer.liquid" or "newsletter.liquid" file. To locate the file, you can follow these steps:
Please note that the exact file name and location may vary depending on the theme you are using, as mentioned above.
Let me know if there's anything else I can assist you with!
I had already modified newsletter.liquid (which modifies footer.liquid) to add first and last name fields for better emailing ID (something users have been requesting from Shopify for some time), but it turns out that's irrelevant.
I went ahead and installed Negate early this morning and set protection at Very Aggressive. It says it has blocked 9 bots already but I've deleted over 40 new fake "customers" in the past 3 hours, so apparently not aggressive enough (or it's not a bot). Most of the bots listed are from India but India has never shown up in my analytics. None of them came in through the home page. My analytics, as well as Negate's, show 2 legit-looking visits so far today.
The only place in my website other than the newsletter signup that collects customer info is at checkout (no separate customer registration). The only info in these fake customer profiles is a clearly fake (often random characters) name and a legit looking email address. No indication of anything put in the cart. Interesting thing about this latest round of attacks, all of their profiles show that they have a classic account. Accounts are hidden (no login), but I do have Shop turned on.
Hi @ponix
I'm glad you were able to locate the liquid file. Are you not able to add Google reCaptcha to it? It's completely free up to 1,000,000 assessements.
I went ahead and installed recaptcha. Didn't help.
I turned off Newsletter signup altogether. More attacks.
I turned off Shop. No effect.
10 more fake customers just popped up in the last 30 minutes. Please understand that they never leave a trace, never show up as visitors, never affect traffic analytics, never show up in cart or checkout analytics. They ONLY show up in my list of customers. It looks like just my customer list is being hacked.
This is acting like a virus.
What is the procedure for figuring out if this security breach is the fault of Safe As Milk or Shopify? I need help, not suggestions, because I can't install anti-virus software on Shopify's servers.
If I can't get this fixed by next week, I have to move my store somewhere else ASAP. The time I have to spend on this is having a very negative effect on my marketing efforts right now.
Hi, @ponix
Thanks for your patience as I was away.
The only possibility I can think of, that allows "bots" to sign up as a customer through your site, but not registering as traffic, is if a script was injected into your theme.
If your theme is a Shopify developed theme this is something our theme department can absolutely investigate. However, if your theme is a third party theme this will need to be investigated by the developer of your theme.
If your theme was purchased in the Shopify Theme Store, you can reach out to the developer directly via your theme settings. Or, if you want Shopify to be involved in the conversation, you can reach out to our live advisors who can email your theme developer on your behalf.
Did you see this thread? Others have had this problem too. https://community.shopify.com/c/technical-q-a/fake-customer-accounts/m-p/2237553
We are having the same problem with both of our stores. The number of fake signups and customers is skyrocketing over the last few months. We have installed recaptcha but it has not been effective. Please advise as soon as possible if there is a Shopify-based solution to this problem.
We are having the same issue. These customer list sign-ups are being generated outside of the pop-up sign up because they would have received my automated follow-up emails and I've only had 5 accounts do that. So where are all these fake email accounts coming from? I know they're fake because the names don't match the emails at all.
Hey Community! As we jump into 2025, we want to give a big shout-out to all of you wh...
By JasonH Jan 7, 2025Hey Community! As the holiday season unfolds, we want to extend heartfelt thanks to a...
By JasonH Dec 6, 2024Dropshipping, a high-growth, $226 billion-dollar industry, remains a highly dynamic bus...
By JasonH Nov 27, 2024