April 9, 2014 E3

Spam User Registration in WordPress: How To Reduce Unwanted Signups

If your website runs on WordPress, you’ve probably experienced the conundrum of unwanted spam user registrations. Typically, these registrations are entered on a subscriber-level only, but excessive registrations can overload your inbox, and can lead to real problems with your website.

Spam users can have a negative effect on a site in several ways:

  • Hacking – Spammers can exploit vulnerabilities in your site for illicit purposes.
  • Decreased Performance – If your site carries too many registered users, it increases the size of your database and can slow down your website.
  • Unsolicited Content – Spam users can and often do post unsolicited links to other spam websites that can get you penalized or worse, banned, from search engines.

There are many plugins and techniques that site owners can employ to limit WordPress spam user registration. Today we will discuss a few of those options.

Stop All Registration Entirely

If you don’t operate a membership site, or if you don’t care about on-site subscriptions, the most efficient way to limit spam users  is by blocking all registrations. Login to your Admin dashboard, go to settings, then “General.” From there, uncheck “Anyone Can Register.” This will eliminate all new user-generated registrations with your site, but you can still manually add writers, subscribers, and administrators.

But not everyone wants to shut off the registration spigot completely. Sites with multiple authors and guest posters may wish to allow users to set up their own accounts in the interest of time. And site owners who wish to keep membership options open will not want to lock out all potential users.  In order to control the number and type of user registrations, there are some WordPress plugins that can help.

WordPress Plugins To Reduce Spam User Registration

There are a number of WordPress plugins that can reduce spam user registration. They are not all perfect. Some can lock out long-time users, and others simply reduce user spam registration, they don’t necessarily prevent it. We recommend trying a few to see which works best for you based on your site operations and personal preferences.

Stop Spammers Plugin

The granddaddy of spam prevention, the Stop Spammers plugin is an extremely aggressive solution that, by its creators’ own admission, can sometimes lock out legitimate users (in fact, it happened on our website). Stop Spammers makes no apologies for its aggressive approach, and many users prefer to be safe rather than sorry.

This plugin takes a several-pronged approach to eliminate spam. It cross-checks spam databases to identify IP addresses, usernames, and emails of new registrants. It will also block users who fill in registration and comment forms too quickly (an indication of automation). When a user is blocked, they are automatically directed to a form where they can request white list status from the administrator.

Once the plugin is installed, be sure to test your own IP address to ensure it’s not blocked. Even after whitelisting your own IP, there is a chance that you can be shut out of your own website with this aggressive plugin. Should you get locked out, connect to your site via FTP and rename the file pluginstop-spammer-registrations.php to stop-spammer-registrations.locked. Access wp-admin and WordPress will deactivate the plugin.


WangGuard claims to have a 99.9% positive track record for blocking spam user registration on WordPress websites. It is free for personal websites, corporate sites with less than 500 registrations per day, or sites that make less than $200 per month in revenue.

This plugin uses an antivirus approach to spam blocking.  One benefit to this plugin is that it will scan previous registrations and eliminate spammers from your rolls. So if you’ve been drowning in a sea of spam user registrations, this plugin will clean them up, saving you the manual hassle.

Captcha Codes

A captcha code can prevent automated spammers from registering, but may not prevent manual spammers. This is a decent middle-of-the-road approach for site owners who don’t want to take the aggressive action employed by some other plugins. Traditional captchas are easy for spammers to break, so administrators should be aware that some captcha plugins won’t reduce spam user registration by very much.

Math Captcha displays a simple math problem to weed out automated registrations, rather than hard-to-read combinations of letters and numbers.   Site owners can determine where and how they want to use the captcha, they can hide it from properly registered users, and admins can set up the type of mathematical operation the code will display.

There are also several picture captcha plugins that request users identify a photo of something simple (dog, cat, lion, etc.) in order to complete registration. Again, this will reduce registrations by automated bots, but it won’t stop human spammers.

Create A Custom Registration URL

Custom Registration Link is a plugin that will allow you to change the registration link of your WordPress website from the default, “wp-login.php?action=register”.  Modifying the link can dramatically reduce spam user registration, as bots won’t be able to “find” the URL. This plugin changes the URL and makes the default invalid. One caveat to this plugin – according to the download page, the administrators have not updated it in quite some time. At its peak, users were quite happy with it, and it may still work properly, but support may be limited.

If you are handy with code, some developers in the WP support forums suggest you can modify the URL yourself with using functions.php. Advice around the web is mixed on this DIY-style coding solution, so only trust a qualified developer to help you with this technique.

The Cost Of Doing Business

As long as the internet exists, site administrators will have to deal with spammers. While there is no way to completely eliminate the practice, there are ways to reduce the number of unauthorized spam user registrations on your WordPress website.  Before making any major changes to your site, always remember to back up your files to prevent a disaster. And when in doubt, seek the services of a professional web design and development firm to help you clean up your databases.

Comments (2)

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.