Are you Looking for How to stop WordPress Registration Spam? Then you are landed on the right page. Well, I know, users might have been fed up with spam that is almost everywhere on the internet. whether it is in your email boxes or in the comment sections. Since the web is huge there are countless spammers around the web, and this is what makes things more difficult to completely remove it.
The only more viable and best option left for anyone is to stop or restrict them. Since a well proved says prevention is better than cure.
Similarly, you can prevent spam or bots to infiltrate your website and infect your content. As problems have been emerging since the evolution of the internet, there are various tactics or solutions present to tackle all these nuisances from time to time as well.
Hence, in this article, I tried to bring you all the latest and more effective methods to tackle spam and other malicious activities on the internet. But before that, you must know the reason, why spammers spam your website.
Why do spammers Register on WordPress?
There are various reasons why spammers infiltrate your WordPress site but the main reason is to slow down your website and steal valuable information. In the worst cases, they can potentially damage your website too. When they initially target your website, their main objective is to completely read the whole area of a WordPress website. And once they successfully register to your website, then it becomes a door to your website.
In some cases, spammers’ favorite place to hide spam is usually in plugins. They mainly target those plugins that have compromised their security. And spammer easily breaches into them to get installed along in the WordPress and control through the dashboard.
In general, mostly Spam is simple bots that are based on scripts that have the potential to create multiple Fake accounts. Hence, they can easily be removed by simple spam removal tools.
How the WordPress Registration Process Generally look like?
Before hopping on the best possible methods to stop WordPress Registration Spam, First of all, Let me show you what the default registration process looks like.
If you have not done any custom settings on your WordPress website and allow public registration on your website, generally the WordPress registration page has the URL: https://www.yourdomain.com/wp-login.php?action=register.
from the above picture, you can see, anyone can easily register themselves without any restriction. But once you disallow or stop anyone to register the page will show like the image given below:
How to Stop WordPress Registration Spam?
Since spammers have become active on the internet, there has been a lot of solutions and methods also have emerged to tackle all these. Depending upon your website, its requirement, and its severity, there might be a single method that can be enough or you may need multiple methods to use collectively to make it effective to stop WordPress registration spam.
Disallow or Disable WordPress Registration
Stop WordPress Registration Spam Method 1: The first thing you need to do while setting up your WordPress website is to disallow or Disable anything that unnecessarily consumes your website’s resources. Same as to Stop WordPress Registration Spam or malicious joining to your WordPress website, simply disable the registration option from your WordPress settings. Especially if you do not require users to register with your website.
Even if you want to add or allow specific users to use your website, you can simply create accounts for them and provide the username and password separately. Rather than letting them create accounts by themselves.
Hence, to restrict or disable users to register to your WordPress site. You need to go to your WordPress Dashboard > Settings > General and uncheck or clear the box of Anyone can Register box option.
When you successfully disabled or disallow users to register on your WordPress website, whenever anyone tries to register themselves a message will appear as shown in the picture below:
Adding a Captcha option to your Registration page
Stop WordPress Registration Spam Method 2: In our second method to stop WordPress Registration Spam, Adding the Captcha option would be adding up an extra layer of security to your WordPress login/registration page. However there are multiple Captcha options are available to choose from, but Google’s reCaptcha has found to be very effective and highly user-friendly as compared to the others. For more details on Captcha, you can also read a detailed and dedicated article on How to enable WordPress Captcha to your WordPress Site.
Now to add Google’s NoCaptcha reCaptcha to your WordPress registration form, you can download and install Advanced noCaptcha WordPress Plugin.
Now the next thing you need to do is to generate a Free reCaptcha API Key from Google as shown in the picture below.
When you have finally decided which WordPress Recaptcha plugin to install and activate, the next thing you need to do is to create your Google Recaptcha, only if your plugin uses it. Go to the Google ReCaptcha Admin page, and fill out the necessary information asked as shown in the picture below:
You must keep in mind that you will be provided with two versions of reCaptcha as an option to choose from reCaptcha v2 and reCaptcha v3. Depending upon your choice, you can use either verify with a score or with a challenge. But it should not affect the User experience.
After successfully filling up the Google Recaptcha form with all the necessary details, click on the submit button. Copy the site key and secret key, which will be shown on the next page.
The keys that have been shown in the above picture need to be entered into your WordPress Captcha plugin settings. However, the process may differ depending on the Plugin you use. But you won’t find it tough to get the plugin’s Settings page. Once you find the settings page, paste the keys in their respective fields.
After pasting the keys, click on the “save changes” button and regularly check your Google ReCaptcha admin page. When your website starts receiving a significant amount of traffic, you will be able to check out your Google Recaptcha analytics.
Once you save your changes, you should see your CAPTCHA form on your registration page (unless you chose an invisible method, in which case it would only be visible for suspected bots):
Using a WordPress Registration Spam Plugin
Stop WordPress Registration Spam Method 3: There are even some dedicated Word Anti-spam plugins available that can help you to stop any kind of spam on your WordPress site. Even if it is about stopping WordPress registration spam. Here is a list of some popular plugins that help you directly stop WordPress Registration Spam.
- Stop Spammers Security
- WordPress Zero Spam
- AntiSpam Bee
- Clean Talk Spam Protection
- Wp bruiser
The above list of Spam blocking plugins is not just limited to stopping WordPress Registration Spam but it can give you all-rounder protection from any spam on your WordPress website.
Enable Admin and email Confirmation for new users
Stop WordPress Registration Spam Method 4: Another best tactic that you can apply to stop WordPress Registration spam is to enable Admin approval for every newly registered user. For example, if you do not trust users who might register themselves for spam in your comment section or spam your website in other ways, requiring admin approval lets you avoid this situation.
Combining it with Captcha and any other method to stop WordPress registration spam, will help you to strengthen the website layer of security and also filter out automatic scripts and bots to some extent.
But, if your website is flooded with spam registrations, you may find it difficult to manually check and approve each new user. However, the only alternative to this method is to use Admin Approve Plugins, which will let you automatically approve your existing users and new users will have to wait for getting manual approval from the admin.
Similarly, you can also enable email confirmation for users to allow registration only when they confirm their email.
Change completely the WordPress Registration Address
Stop WordPress Registration Spam Method 5: Adding another layer of security on your WordPress website along with other methods to stop WordPress Registration spam can help filter out the general and basic spammers. Hence, changing the WordPress Registration address/URL can be helpful if any spammer is looking for the registration page, but couldn’t find it.
The WordPress Registration page is not a different page like other WordPress pages, actually, it is a part of the WordPress login page. Hence the Login Page URL can be easily changed or moved to another location by simply using a WordPress plugin.
The best and most suitable option to achieve this is by using a Free WordPress plugin named WPS hide Login.
You need to go to the ‘Plugins’ section in your admin panel. Search for the ‘WPS Hide login’ and click on the ‘Install Now’ button. This way, the plugin will be successfully installed on your WordPress; after installing, press the ‘Activate’ button beside the plugin.
After you are done with the installation and activation part, Go to Settings > General to change the Login URL.
Now, when the page has opened, you can proceed to change your login URL and Redirection URL. And complete it by hitting the Save Changes button. Once you tried to log in admin page with either wp-login.php or Wp-admin. The page will redirect you to a 404 Error.
Points to Remember
- Keep in mind that, upon activation of the WPS Hide Login plugin. You will be restricted to use old login pages. It is because the plugin will redirect you to the WordPress login page with the new URL “/login” immediately. It happens so instantly that you do even not get time to customize it. You must remember the new login URL, to avoid future logins.
- And the second point worth remembering is that, once you no longer use the custom login URL. You can deactivate or delete the plugin from your WordPress. The website will go back to its default Login Url “Wp-admin“.
Read: 🚩 How to locate and find your WordPress Url?
Block or remove suspicious IP addresses
Stop WordPress Registration Spam Method 6: If you found any suspicious activity such as huge registration requests coming from the same IP addresses, you can immediately block those types of IP addresses trying to intrude on your website. You can achieve this either by manual method or by cPanel.
Another great way to block IP WordPress addresses is by using cPanel. This is an easy method that will help you keep your website safe from hackers and DDOS assaults. It will ban the users from visiting your site. All you have to do is follow these steps.
Step 1
The first step is to log into the cPanel of WordPress.
Step 2
You must go to the Settings section and open the ‘IP Blocker.
Step 3
In the IP Address Deny Manager tool, you can add the addresses you wish to ban. Once, you have mentioned the IP addresses, you can click add
Read: 🚩 How to block IP addresses in WordPress?
By using WordPress Registration Form Plugin
Stop WordPress Registration Spam Method 7: In our 7th list of Methods to Stop WordPress Registration Spam is by use a Custom WordPress Registration plugin. This way you can easily replace the default WordPress Registration page with a custom Registration form and add a number of anti-spam features such as:
- Email Confirmation- Enable email confirmation for users who want to register themselves. Those spammers who use fake emails will not be able to complete the registration process and can be filtered out easily.
- Changing WordPress Registration URL- The Registration page can be completely moved to a new custom address and helps to filter out spam to some extent.
- Captcha- These Custom Registration Form plugins generally come with inbuilt Captcha features that won’t allow any spam or automatic scripts to register.
- Admin Approval– These Registration Form plugins let you approve or remove spammers from the above methods.
There are many WordPress Form plugins that are available, that let you create a custom WordPress Registration page/form with all these anti-spam features, but the only problem is, these are not available in the free versions. To avail of all these features, either you need to buy a premium plugin or to upgrade the Free version of a plugin.
However, there are some WordPress Plugins available that still let you customize your registration page absolutely Free.
Free User Registration Plugin
Free User Registration Plugin lets you automatically create a custom WordPress registration page with the URL yourdomain.com/registraion. However, you can also change the URL if you want to. In addition to it, you will also get bonus antispam tactics along it as shown in the picture below.
After successfully downloading and installing the plugin, go to your WordPress Dashboard > lookout for the User Registration option in the Left sidebar > Settings > General.
However, you have also an option to integrate the Google reCaptcha option named as Integration tab just next to the General Tab as shown in the picture below:
Just add the API keys, that you have already generated on Google’s captcha admin page. If not, try to generate API keys first as shown in the earlier section of this post.
Allow or enable Honey Pot Protection
Stop WordPress Registration Spam Method 8: You might be heard for the first time about Honey Pot protection. Basically, it is a clever method by which anyone can protect their registration form easily. Generally, bots or automatic scripts are specially programmed to fill all the fields on a form. But when you enable or allow Honey Pot protection, some fields are not visible to the original users.
But the automatic scripts and bots are programmed only to fill the field by just reading the source of the page. Hence they fill up all the fields even which are invisible to users and filtered out spam and bots easily. Hence, it becomes an effective method for filtering out spam and bots and blocking them instantly.
But it has its own certain drawbacks. You can not stop the spammers or hackers who are humans and do the registration process manually on your website. It can also block autofill features that your users running on their PC for their convenience.
How you can enable Honey pot Protection?
You might have noticed or not, the Honey pot protection feature nowadays comes with some Form plugins and even with popular Web builder Elementor. But you can only access this feature in their premium versions. However, like always WordPress has almost a plugin for everything. Same as there is a dedicated plugin available i.e. Clean Login lets you enable Honey pot protection on your WordPress site.
All you need to do is just Install and Activate your WordPress site and it will be enabled automatically by default.
Assign Default User roles on your WordPress Website
Stop WordPress Registration Spam Method 9: At last, if due to any reasons you have decided to allow new users to register on your WordPress website. One thing you must keep in mind is that you must not allow or grant permission to any new member access to your WordPress dashboard.
However, you should assign every newly registered user as a subscriber. Subscribers have one of the very limited options available in WordPress. They cannot access your WordPress Dashboard, Cannot delete files or make changes, and are unable to play with settings too. it is considered one of the safest options to add new unknown users.
To assign newly registered users as subscribers, Login to your WordPress admin page, Go to your Dashboard > Settings > General.
From the above picture, you can see, how you can assign each registered user as a Subscriber.
Summary
To let users be a part of your Website or Services, Sometimes you need to allow and let users to register themselves on your WordPress sites. But allowing users can also lead to flooding with Spam messages which is a drawback of WordPress registration.
However, there are multiple tactics you can collectively use to eliminate or Stop WordPress Registration Spam effectively. From the above 9 methods, the simplest but most effective method to stop WordPress registration spam is by adding NoCaptcha reCaptcha and Enable Honey pot on the Registration Page. Google’s NoCaptcha reCaptcha tests users by showing images or texts to identify, which can be impossible for bots to do, and hence prevent Spam registrations.
However, you have also an option to use dedicated WordPress plugins that have the potential to stop WordPress registration spam by creating a custom Form that has features that do not allow spam registration and let the admin approve it manually.
I hope this article will help you to explore different methods or tactics to stop WordPress Registration Spam and if you have any more effective methods please do let us know in the comment section below.
Frequently Asked Questions
How do I turn off WordPress registration?
The first thing you need to do while setting up your WordPress website is to disallow or Disable anything that unnecessarily consumes your website’s resources. Same as to Stop WordPress Registration Spam or malicious joining to your WordPress website, simply disable the registration option from your WordPress settings. Especially if you do not require users to register with your website.
Even if you want to add or allow specific users to use your website, you can simply create accounts for them and provide the username and password separately. Rather than letting them create accounts by themselves.
Hence, to restrict or disable users to register to your WordPress site. You need to go to your WordPress Dashboard > Settings > General and uncheck or clear the box of Anyone can Register box option.
How do I stop bot registration?
You can stop WordPress registration spam or bot by following these simple but effective tactics.
1. Implement the Captcha option on your WordPress Registration page.
2. USe WordPress Spam removal plugins
3. Enable Honey pot
4. Disallow or disable WordPress registration
5. Block malicious or suspicious IP addresses
6. Enable Admin approval and email confirmation registration
7. Change the WordPress Registration URL
8. Assign User Roles
9. Use custom registration Forms
Is Google reCAPTCHA free?
Google reCaptcha is absolutely free to use and is specially programmed to help in filtering out humans and spammers while Registering on WordPress. This program generally shows random distorted images of texts or pictures to identify, which can only be possible by humans, and hence spam or bots won’t get access to your WordPress.
Rahul Kumar is a web enthusiast, and content strategist specializing in WordPress & web hosting. With years of experience and a commitment to staying up-to-date with industry trends, he creates effective online strategies that drive traffic, boosts engagement, and increase conversions. Rahul’s attention to detail and ability to craft compelling content makes him a valuable asset to any brand looking to improve its online presence.