WordPress user registration spam is quite an annoying issue. As a blogger, there’s already too much for you to tackle. With this user registration spam issue, there’s one more thing added to your already full plate.
Spam is a word that anyone using the internet is so much aware of. Spam can take any form, can attack you at any time and with any frequency.
With my blogging and online business experience since 2007, I must say spam is taking newer and interesting forms everyday.
In this post, I will talk about a form of spam that has particularly annoyed me for about 3-4 months now.
And I got so annoyed and took action just now.
After 3-4 months? Yes that’s a much slower reaction, but I wanted to learn the pattern and some of the inside aspects of this particular spam problem.
Well there’s no suspense – the spam I’m talking about is user registration spam pertaining to WordPress blogs or websites.
It all started to me when I opened up guest posting (but now I’ve closed accepting guest blogs for other reasons).
I’m not scaring you away from accepting guest posts at your blog.
Accepting guest posts and spam user registration
I know many bloggers don’t allow user registrations while they still accept guest posts by email.
And, some bloggers allow WordPress user registration and ask the guest bloggers to submit their guest posts via the WordPress Dashboard.
So this particular WordPress user registration spam problem that I’m talking about, arises obviously in the second case.
The host blogger has to open up registrations in order to allow people to login to their site and submit their guest posts via the WordPress dashboard. Basically the link looks like this http://www.yourdomainname.com/wp-login.
Related reading: How to change your WordPress login URL?
Now, you can enable or disable user registration in WordPress by going to Settings > General > and enabling/disabling “Anyone can register”.
And, you can also set the default role of the person who registers (if you enable registration) by choosing from the drop down as shown below.
By choosing the default level to “Subscriber” you’re actually restricting any new registered user from making any spam submissions or doing anything mischievous (I use Subscriber level as default).
Some bloggers allow “Contributor” registrations – this means that when a person registers he/she can submit a guest post for the host blogger’s review.
Apart from the very little number of genuine submissions there can be a bunch of spam and mess that the host blogger needs to clean up every once in a while in this case.
I wouldn’t recommend allowing “Author”, “Contributor” or any other level up for open registration since this may be a threat to your site’s security and integrity.
Authors and Admins can publish content to your site without having to get approved by you, the host blogger. And they can do much more nasty stuff apart from this.
If you want to add an admin user (if you want someone else to moderate comments or do some administration or maintenance work for your site) then you can ask them to register and later on go to “Users” and find their username and upgrade their account to “Admin” or any other level you want to.
Now coming to the topic of this post….
How to combat spam user registration in WordPress?
I am not sure if you would believe me if I say that I got about 10-15 new spam registrations per day.
Well, its so annoying with the email notifications I get for WordPress new user registration spam.
My inbox gets rubbish and sometimes I delete genuine emails and some genuine WordPress user accounts out of frustration.
And so I came to a conclusion that I should stop this anyhow! With WordPress, I was sure that there’s a plugin for this. Not one but many actually.
Anti-Spam by Clean Talk
This is one plugin that I tried and found to work effectively.
The plugin does not use captchas or challenge users with questions to combat spam. So genuine users need not be challenged.
Stopping spam user registration is just one feature of this plugin. It also stops various kinds of spam like the comment spam, contact email spam, orders spam, bookings spam, subscriptions spam and much more.
The plugin also checks your existing comments for spam as an additional bonus!
This plugin filters out the bot registrations and is compatible with WooCommerce, BuddyPress, S2Member, bbPress and any other membership or registrations plugin.
In order to configure the settings of this plugin, you need to go to Settings > Clean Talk
You need to enter the activation key in order for the plugin to work. If you prefer to generate the key automatically, click on that button and the key will be emailed to your admin email (set in your WordPress User profile).
This plugin also stops spam user registration in your WordPress website apart from combating other forms of spam as well like, comment spam, contact page spam, trackback spam etc.
This plugin also does not use Captcha.
This plugin is very effective to stop spam registrations from bots as well as humans – in a sense it acts like a firewall.
In order to start using this plugin, after installing it, you have to go to Settings > WP-SpamShield
You don’t have to “enable” anti-spam feature for user registration since it is already enabled by default. In the Settings page of the plugin you have loads of documentation as well as settings for comment spam and other spam.
Other plugins I tried to overcome WordPress spam user registration
User spam remover – Good one! However, I personally didn’t like it.
Stop spammer registrations – Sounded all geeky to me.
WangGuard – A freemium plugin. They have a pricing model based on the number of queries you get. Check out the plugin page to know more. This plugin might conflict with any other minify or caching plugins you use. Make sure you read the instructions carefully and configure the plugin accordingly.
SI CAPTCHA Anti-Spam – Restricts spam user registration by implementing Captcha. This plugin not only works for user registration but also works for comment spam.
WordPress user registration spam: Conclusion
The spam accounts usually can’t cause much “threat” to your blog as long as you give only the “subscriber” level to open registration.
But when hackers attempt to hack your blog, they might try to use such spam accounts; though I’m not so sure about this fact. In any case make sure you know about the WordPress website basics.
Nevertheless WordPress registration spam is a pretty annoying problem. It is not always possible to turn off website user registration, since you might need to allow registration of new users to your WordPress site for various reasons.
I hope the above mentioned plugins can help you solve the spam user registration problem!
I’d love to hear your thoughts on this matter, and any other WordPress plugins that you find to be more effective to combat WordPress user registration spam. Please share in the comments.