Are you wondering how to stop spam in user registration forms? Do you want to get rid of WordPress’s new user registration spam? If so, we’ve listed some useful methods to avoid WordPress spam registration in this article.
With the help of spam bots, thousands of registrations occur daily with fake email addresses. It’s challenging to analyze them individually and pick out the spam registrations. However, there are a few simple methods that can help you prevent WordPress spam registration.
Before learning about the methods, let’s see why you should stop WordPress spam registration.
Why Should You Stop WordPress User Registration Spam?
In simple words, spams are unsolicited commercial messages. They contain a lot of similar messages and comments about irrelevant content and can be quite annoying to deal with.
Spammers create many spam bots – a system that can make thousands of spam at once. The main purpose of spam is to gain a cheap promotion from the affiliated company.
But for website owners, it brings various problems that harm the whole organization and its reputation. Besides being an annoyance to deal with, spam may lead to unwanted hassles and sometimes quite dangerous situations when you give out your personal information.
Below are some significant problems that you might face if you don’t stop WordPress spam registration:
- Consumption of storage: Many WordPress registration spam can appear at once in bulk on your website. This spam takes large storage in your devices and servers.
- Automatic forwarding of spam to registered users: With the help of malware, spam can also be automatically forwarded to the registered users on your website. It might happen when you accidentally click on the spam. As a result, it leaves a bad impression of your business on the users.
- Slow performance of the website: Spam uses many of your server resources and makes your website very slow and unusable. You’ll also lose a lot of bandwidth eventually and reduce the performance of your website.
- Other security threats: The malware in spam can also alter the credentials of the editors, authors, or even admins of the website. It also changes the roles of the users, which might result in your website being hacked.
How to Stop WordPress User Registration Spam?
Now that you know how harmful spam can be, let’s discuss how to stop spam user registration on a WordPress site.
Method 1: Using the User Registration Plugin
The most effective way to prevent spam is by using a registration plugin that has the capabilities to stop registration spam. Out of various registration plugins available, only a few plugins have features to stop spam in the registration form.
So, we’ll be using this plugin to show you some easy steps to prevent spam. There are five ways through which you can stop WordPress registration spam with the help of this plugin.
i) Using Admin Approval and Email Confirmation
One of the best ways to block or stop spam is using admin approval on User Registration.
In most cases, we can know whether it’s a WordPress registration spam or not by looking at the email address. So, if the email address seems to be spam or a fake user, the admin can manually deny the particular user’s registration.
To activate the admin approval feature, log in to your WordPress site and go to User Registration>>Settings.
You’ll be provided with the User login option in the General section. Simply select Admin approval after registration from the dropdown. Save the changes when you’re done.
You can make further changes in the Email section for your admin approval to function as you wish.
The users who’ve submitted the registration form on your website will appear on the Users page. Here, you can approve or deny their registration according to their email address.
You can also block WordPress registration spam by approving users only after email confirmation. When a new user registers on your website, you can send a confirmation link to the user’s email address. Users can then access their new account by confirming their registration.
If it’s a fake email address, it won’t be possible to open the confirmation link as the link will never be delivered. The real user will click the confirmation link if it’s a real account.
For this, go to the User Registration>>Settings of your Dashboard. Then, under the User login option in the General section, select Email confirmation to login.
You can make the necessary changes in the Email confirmation configuration through the Emails section.
Now, when a user registers through your form, you’ll see their verified status in the User Registration dashboard. If the status is pending for too long, you can know it’s spam.
Meanwhile, you can also choose Admin approval after email confirmation option from the same User login option. It allows for approval of the user by the admin only after they verify their registration from the email sent to them.
ii) Using Google ReCaptcha and hCaptcha
One of the easiest and most common ways to block spam bots is using Google reCaptcha. It’s a system developed by Google to distinguish whether a user is a human or not. It uses many techniques to determine the user as a human.
The most common method is to use the “I’m not a robot” checkbox. Another method is to select some images from a given set of 9 images. Google reCaptcha analyzes the user behavior while interacting with these CAPTCHAs and decides if the user is real or a bot.
So, if the WordPress registration spam is created with the spambots, they will never be able to pass this obstacle.
You also have an option of enabling hCaptcha, a spam protection method from Intuition Machines Inc. It’s similar to reCaptcha but doesn’t sell data obtained to any third party, unlike reCaptcha.
To enable CAPTCHA, go to the User Registration>>Settings on the dashboard. Then click on the Integration section and select the CAPTCHA type you want to enable in your form.
Now, enter the Site Key and Secret Key and save the changes.
Next, open your registration form from User Registration on your dashboard and go to Form Settings. On the right side of the form settings, scroll down and find Enable Captcha Support. Now, check the checkbox to Enable Captcha support and click on the Update form.
For a detailed guide, please read our article on how to add Captcha in WordPress form.
iii) Using Honeypot Spam Protection
Honeypot spam protection is another option in the User Registration plugin to stop WordPress spam registration.
As the name suggests, the honeypot is a trap developed to lure bots to reveal their identity. Once they’re caught, the program prevents them from form submission. Hence, it prevents WordPress’s new user registration spam.
For this, open the user registration form in your WordPress dashboard to enable this option. Now, click on Form Setting >> Extras. You’ll see the available option on the right side, so check the box for Activate Spam Protection By Honeypot.
Once you complete the process, click on the Update form button.
iv) Using Whitelisted Domains Registration
Whitelisted Domains is the option that allows you to mark domains as trusted and allows form submission. This means when you add domains such as gmail.com as Whitelisted Domains, you’ll receive the form only if the user’s email has the same domain. If users from other domains try to submit the form, they won’t be able to do so.
To add the allowed domains, go to User Registration >> Settings. Under the General Options, you’ll see Whitelisted Domains.
Now, add the domains such as gmail.com, outlook.com, and others that you consider genuine. Make sure you don’t separate the domains with commas or spaces; just hit enter and add another domain.
As you save the changes, users whose emails are from the whitelisted domains can register to your site, while others can’t.
v) Replacing Default Registration Page with Custom Registration Page
Since it’s easy to find the WordPress login URL, some registration spams are sent targeting the login page of your WordPress website. To prevent this, you can redirect the wp-login page directly to the registration page of your website.
You can create a custom login page using the User Registration plugin and redirect users from the default login page to the new page.
For a detailed guide, read our article on changing your WordPress login URL.
The spammers who search for the WordPress default login page will be automatically redirected to the registration page. So, they can’t send spam to the admin directly. The registration page can also be spam proofed using any techniques mentioned above.
Method 2: Using Anti-spam Plugins
Since WordPress provides numerous plugins to add different functionalities to your site, there are also plugins that can stop spam on your WordPress website. All you need to do is install the plugin. We’ve mentioned some of them below and highlighted their features:
Stop Spammers Security is the plugin that helps you to stop spam registration along with spam comments and emails. It adds security to kill many of your spam and offers dozens of features to meet specific website needs. With more than 50 configuration options, you can easily personalize the plugin.
Meanwhile, you can also view activity, run a diagnostic test, and much more using the plugin. Also, the premium version of the plugin provides a built-in contact form.
- Easy to connect third-party spam defense service
- Lets you block or allow IP addresses, emails, and usernames manually
- Allows to block countries
- Blocks disposable emails
Price: Free or $24.5/year
Spam protection, AntiSpam, Firewall is a spam prevention plugin by CleanTalk that stops spam user registrations, comments, and many more. It also checks the existing spam user and removes them. The plugin is compatible with GDPR (General Data Protection Regulation).
Besides, it also blocks disposable and temporary email. Stopping spam in search form is another interesting feature of the plugin that is available in only a few of such plugins.
- Stops spam in surveys, polls
- Block messages by languages, countries, networks
- Email address encoder
- Mobile-friendly anti-spam and firewall
Price: Free or $8/year
These are the different ways using which you can stop WordPress user registration spam. We’re sure that you won’t have problems with the WordPress spam registration on your site now.
Meanwhile, you don’t need to apply all these methods to stop spam user registration. Implementing any one or a few of these methods will be enough to prevent WordPress spam registration, depending on your necessity.