Vote protection

Vote protection

The contest has 9 major layers of vote protection

  1. IP address check
  2. WP Nonce
  3. Javascript
  4. User ID
  5. Cookies
  6. Email confirmation
  7. Disposable email domain checker
  8. Encrypted (Hashed) data
  9. PHP

IP address check

An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, phone, internet router) participating in a computer network that uses the Internet Protocol for communication. Every single IP address can be used only once for one vote. IP address check is optional but highly recommended.

WP Nonce – Unique ID for each vote

WordPress uses a very powerful tool named WP NONCE. It is a unique ID which can be used only once. This tool cannot be falsified and because it can be used only once it is 100% protection against bots and automatic scripts. We use this tool a lot. Not only to secure votes and also to secure every image upload, every user login and every form in our contest.


Javascript protects from multiple voting using multi-click (like double or triple click), also protects against using bots for voting.

User ID

The user ID can be used as protection if is set to vote option to “Registered users”. This control is disabled when the vote setting is set to “Everyone”. The user ID is unique for every single registered user so every ID is stored and controlled before the vote. This protection is optional.


HTTP cookies is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. So after the vote sends small information to the browser, that vote was successfully counted and is not possible vote from the same browser again.

Email confirmation

Email confirmation is very powerful voting protection. This setting is optional so it is allowed every single non-registered user must confirm his vote by email address. Email is also compared with already used emails in the voting process and it is not possible to vote for the same image from the same email address twice.

Disposable email domain checker

This email checker contains a list of disposable and temporary email address domains (over 2100) often used to register dummy users in order to create fake votes. List of domains is constantly updated by the community on GitHub. With this checker is not possible to create contest user or confirm the vote with disposable email services.

Encrypted (Hashed) data

If the voting process needs to use an external confirmation (like in email vote confirmation) the vote is securely encoded to hashed data. This security feature blocks all possible email bot scams. Every vote has a unique encoded data.


The function of PHP protection is controlled bridge between all protections. Check and compare all protections a provides stability of the voting process