How to prevent bots from creating accounts on Memberstack 2.0 without completing Stripe payments?
Hi Team! Need some advice. I’m on memberstack 2.0. I was curious how others are solving the problem of bots - starting to get a lot who are signing up on my forms but not completing payment - however account details are being created on stripe/member dashboard?
Comments
6 comments
Hey Harris Karim,
You can probably explore hCaptcha feature and enable it via Membertack.
There is also a Webflow spam prevention settings (Turnstile protection) that you can enable, but a thing to note here is it's gonna take 2-3 seconds before the submit button gets enabled as it's a standard process for Turnstile to check few things and enable the form submission. You can also use Honeypot technique if that seems fit.
These are just various ways you can prevent spam submissions.
Hope this gives you some idea.
Hi Harris Karim, I ran into problems with bots from ads I was paying for—but my problem was being charged for the traffic rather than sign ups. I've heard there are 3rd party services that can block most of them from reaching your site at all and prevent the ad network from charging you for the traffic. I haven't looked into it yet, so I'd be interested if anyone else has experience with a service like this.
How are you detecting and distinguishing bot activity from real abandonment? I had a couple sign ups that didn't fill out the name field—I wonder if those were bots.
A J Interestingly, when I enable spam and bot protection in Webflow (by Turnstile), I can't log in as a client on my mobile device. It works on desktop, but the button activates after 2-5 seconds.
EDIT
It does work, but I have to wait up to 10 seconds..
Tomasz Moszyński, yes that might be a trade-off that comes with the setting in Webflow, as noticed by users in the past. If you want you can try out different methods shared above and see if that seems better.
I’ve run many tests.
When I implement hCaptcha in Memberstack (it only works in the registration form), it causes issues with reCAPTCHA v3 and v2 in the other forms.
Right now I have:
The login and account-creation forms have no protection — and that worries me — but Webflow’s reCAPTCHA v2 doesn’t work with them, and hCaptcha conflicts with both v2 and v3.
Tomasz Moszyński, I have noticed that many Webflow users prefer Basin for form handling, spam protection etc. and it is one of the tools highly recommended in Webflow forums as well. You can check it out to see if that fits your project and disable webflow native settings in that case.
And I think currently hCaptcha only works for a signup form natively via Memberstack and personally I think it is more effective on sign up forms from a security standpoint than on login forms, since adding this might hamper the login experience without really adding on much security aspect, since we already have hcaptcha enabled and compulsory during sign-ups and also have the option to disable concurrent logins for ensuring multiple people can't login using the same account.
That being said, if you don't want to explore other tool and want to implement it yourself, you can check out the hCaptcha docs to see if that helps.
Hope this gives you some idea.
Please sign in to leave a comment.