How To Stop Spam User Registration

How To Stop Spam Registrations On WordPress

I’ve been contacted by clients a couple of times over the past month about spam user registrations on their sites.  This post will show  you how to stop spam registrations on WordPress in two seconds flat.

They are getting hundreds of spam user registrations on their site, and are seeing increasing amounts of spam comments. They then have to delete these users and the spam, it’s a time suck and pain for the site owner.  They are concerned this is some type of hack attack.

Here is a 2 second fix to stop spammers registering users on your site.

What They Do

The spammer will use scripts to search for sites that have open user registrations. Then using more scripts they add new users to your site.

You can check if  you site is open to user registrations by going to this URL


If registrations are open you will see:

click for full size image
click for full size image


If they are closed you will see:


click for full size image
click for full size image

Why Do They Do This

Some sites set their comments to auto approve from registered users, this means that spam links can be added to comments and made live without moderation.  This then increases people search engine rankings.

If you think this is an automated process you can see how thousands of links can be generated and rankings increased for suspect sites.

It’s not a malicious attack against your site, rather it is spammers trying ot game google and increase ranking for their shoddy wares.  It’s also a pain in the a!se to clean up spam registrations.

How To Close it Down

This is very, very technical, go to settings -> general and un-check this box


click for full size images
click for full size images

Unless you have a site that required registration for memberships or email plugins there is no real need to keep this open, please check with your plugin documentation to see if you need this to be enabled.

We are of course available to hire for this complex procedure

Please Tell Me It’s Not Set To Admin

I have seen certain WordPress sites that have registrations enabled and the default user setting are administrators.  This leaves your site wide open to hackers using the same techniques, and I have seen sites hacked because they have not closed this simple loophole.

Wrap Up

Unless you have a very real need to keep user registrations open I always recommend closing this function down to keep the spammers at bay.

Photo Credit: dok1 via Compfight cc

Discover more from iBrain

Subscribe now to keep reading and get access to the full archive.

Continue reading