Prevent Spam Account Registration In Magento2

Posted on 16 March, 2019

Spamming is usually known as an act of supplying inapplicable information done by the help of automated software. Most of the bots use tools like 'curl' and 'postman'. More advanced bots are capable to do their job without the need for bypassing the code on a website.

 The fake accounts are very easy to spot, they contain advertising text and links in the name and address details with the hope that the email address they enter will then give visibility to their links.

There are some solutions you can implement to prevent spam account registration in Magento2.

1. Enable Magento captcha from store configuration

Magento 2 provides facility to enable Captcha in some default Magento forms.

You can find the following setting: Stores -> Configuration -> Customers -> Customer Configuration -> CAPTCHA -> Forms.

Here you can select forms where you want to enable captcha.

2. Pass an encrypted string in a .phtml file


Create a hidden form field. Then bind encrypted string with form key in hidden element and then check field value in a controller.

For example,

<input name="form_key_hidden" type="hidden" value="<?php echo $FormKey->getFormKey().'259a8240fba23e82626efdc9eaa0c483';?>" />

In Magento\Customer\Controller\Account\CreatePost.php controller file add a condition in the start of code in execute() function.

$customformKey = $require->getParam('form_key_hidden');
if ($customformKey == $objectManager->create('\Magento\Framework\Data\Form\FormKey')->getFormKey() . '259a8240fba23e82626efdc9eaa0c483') {
 // default code

3. Enable the confirmation email

Enable the email confirmation : System > Configuration > Customer Configuration > Require Emails Confirmation > Yes.

4. Update field limitation rules from the database

Directly in the customer_eav_attribute table, update rows with attribute_id=5 [firstname] and attribute_id=7 [last name] and replace 255 by 25.

Change code

a:2:{s:15:"max_text_length";i:255;s:15:"min_text_length";i:1;} //before update or by default


a:2:{s:15:"max_text_length";i:25;s:15:"min_text_length";i:1;} // after change


5. Add Google CAPTCHA

Magento provides limited form's captcha, for custom form either we need to custom code for Magento captcha or you can add google captcha. Google Captcha is one of the best way to prevent spams.

6. Block the IP address

Every time if the bot is running from the same IP, then block that IP from your .htaccess file.

Deny from

All the above solutions are useful to prevent not only registration form but also other forms like contact us, newsletter registration and any custom forms, too. Hope this note is helpful to you.

Nimita Gajera , eCommerce Project Manager

Magento Technical Notes

About Emipro

Being an emerging leader in IT market since 2011, Emipro Technologies Pvt. Ltd. has been providing a wide range of business solutions in Odoo & Magento. We are pleased to have a large pool of contented customers with our meticulous work in the domain of ERP & e-Commerce. Our customers are companies of all sizes ranging from startups to large enterprises who realize that they need a professional internet solution to generate revenue streams, establish proper communication channels, to achieve desired goals and streamline business operations. [....] Read More

Our writings seems informative ?

Subscribe for our Magento Technical Notes and get more amazing stuff directly to your inbox!

Post Your Review


Your Review has been posted

0 Comment(s)