Security

Prevent cheating, duplicate votes, spam, and bot manipulation. Riddle offers multiple layers of security that you can combine depending on your use case — from simple browser-based limits to server-side IP restrictions and lead-ID verification.

Plays/votes per browser

Limit how many times someone can play or vote. This is the simplest form of duplicate prevention — it uses browser local storage, so it can be bypassed by clearing cookies or using a different browser.

If you have cookies disabled, the One vote per browser feature does not work as it requires the local storage. When cookies are disabled, use the IP limit instead, which is handled in our backend without cookies.

One vote per browser does not work in apps because they do not support local storage.

  1. Go to the Settings section and click on Security: Limits and privacy.
    go to security
  2. Enable One play/vote per browser to limit your audience to take a Riddle or vote once per browser.
    security one play per browser enabled

Play again

Show your audience a "Play again" button. Disable this for polls or competitions where retaking should not be allowed. Keep it enabled for educational quizzes or fun content where replaying is part of the experience.

  1. Go to the Settings section and click on Security: Limits and privacy.
    go to security
  2. Enable the "Play again" button. This lets your audience retake the Riddle as many times as they like.
    security play again button enabled

Enable IP limit

Limit how many votes can come from the same IP address. This is server-side and cannot be bypassed by clearing cookies. Use it as a stronger layer alongside or instead of browser-based limits.

  1. Go to the Settings section and click on Security: Limits and privacy.
    go to security
  2. Enable IP limit. This makes it harder for bots and scripts to affect your poll.
    security ip limit enabled
  3. Select a time interval for your IP limit from the dropdown menu.
    security time interval
  4. Enter the # of tries per period that can come from a single IP address. We recommend 10 based on the use case that people in the same office who share the same IP address can all vote.
    security number of tries per period
    This does NOT mean each poll taker can take your poll a set number of times (e.g. "4 times per user"). That is still capped at once per browser.
  5. Please note: We never store the actual IP addresses of your audience on our servers. Riddle is an EU-based, GDPR-compliant quiz maker so we don't store personal information like this. Find out more about Riddle.com's privacy policy here.

Enable one vote per lead-ID

Restricting votes by lead identifier adds another layer of security to your polls and quizzes. It prevents people from entering twice and cannot be bypassed in the same way one vote per browser can. Only complete, verified submissions are saved.

Incomplete or duplicate attempts are not recorded in the statistics, guaranteeing clean, unmanipulated data. The only statistic that may increase is view count, but not starts or completions.

  1. Go to the Settings section and click on Security: Limits and privacy.
    go to security
  2. Enable One vote per Lead-ID.
    security enable one vote per lead identifier
  3. Go to the Publish section and click on Save and connect data.
    security go to save and connect data
  4. Select a data variable from the Lead identifier dropdown menu, such as phone or email. Someone reusing this lead identifier will be blocked at verification.
    security select lead identifier

Enable spam filter for emails

Block disposable or temporary email addresses from being entered in forms. This requires your Riddle to have a form block with an email field.

  1. Go to the Settings section and click on Security: Limits and privacy.
    go to security
  2. Enable Spam filter for emails.
    enable spam filter
  3. Email addresses from GitHub's open source disposable email domains list will then be blocked. Your audience will then be asked to use a trusted email address instead.
    spam email blocked

Privacy opt-ins

Add consent boxes for your audience to click on before viewing the content on these sites.

  1. Go to the Settings section and click on Security: Limits and privacy.
    go to security
  2. Enable Privacy Opt-ins (YouTube, Vimeo, X). This is to add another step of consent because YouTube, Vimeo, and X add cookies to any of their content that is embedded in your Riddle.
    privacy opt-ins enabled
  3. Enter a message you want to appear in the Privacy text fields (optional).
    security privacy text
  4. Enter your preferred text into the Privacy text button field for what the button itself should say.
    security privacy text button

Tips

  • Casual polls or fun quizzes: Enable One play/vote per browser and keep the "Play again" button on. This prevents casual duplicate voting while keeping the experience light.
  • Competitions with prizes: Combine One vote per Lead-ID (email) with Spam filter for emails and disable the "Play again" button. This is the strongest combination against manipulation.
  • Corporate or office polls: Use IP limit with a generous number of tries (e.g. 10) to allow everyone in a shared office network to participate.
  • GDPR-sensitive content with embedded YouTube/Vimeo: Enable Privacy opt-ins to show a consent step before third-party cookies are loaded.
Table of Contents