When you work with WordPress, one of the things that give you the most headaches is the registration of spam users. But do you know exactly what it is?
Put yourself in a situation, you are finishing your workday and, suddenly, you take a look at the WordPress backend To check that everything is correct if you have any last-minute comments on your blog that you want to answer and … surprise! You see that you have hundreds of new records, all with names or emails “a little strange”. Now you know what we mean, right?
And it goes without saying that these types of spam users can jeopardize the security of your website and your visits. So let’s see how you can avoid it.
How do I stop spam registrations on WordPress?
First of all, let me tell you one thing. It is not that you have done something wrong, but that you must take some additional security measures to stand up to spammers.
And not only when you have a field on your website that allows user registration. By default, WordPress has an address where this type of registration is allowed. This is this URL:
This address allows any user to register on your website, so you must take some measures to prevent spammers from sneaking into your site using it.
Some of the things you can do are what we will see below.
1. Restrict user registration in WordPress
Do you really need a registration option on your website? Surely many of you who are reading us do not have this option available on your website and, when we say available, we refer to the view of any user.
So the best thing is to make sure that you have restricted the registration of new users. How do i do it? Too easy:
1st. Access the WordPress backend with your username and password.
2nd. Now go to the section, “Settings” -> “General” and make sure you have unchecked the option “Anyone can register”.
This way you will prevent any malicious user from doing theirs using the URL that we showed you before.
But what if I need my users to be able to register? Then we show you several alternatives. Let’s go to them!
2. Set a default user role
We have already seen how to prevent anyone from registering on your website, but … what if I really need to have this option, for example, to download an ebook or get a free trial of my product? So, you need to take additional security measures.
This we are going to talk about is not an option that prevents the registration of spam users per se, but a way to prevent them from accessing the administrator panel of your website. In other words, it is a measure that limits the actions of your WordPress users.
Just follow these steps:
1st. Access the administration panel of your website.
2nd. In the “Settings” – “General” section, locate the Default profile for new users option and, in the drop-down, select the Subscriber option.
In this way, any new user who registers will not have the necessary privileges to access the control panel of your website. Of course, remember in this case to have the option “Anyone can register” checked.
Important: With this option, you are applying a security layer, but it is not enough to prevent the registration of spam users. It is necessary that you take some other additional measure than those shown below.
3. Verify the registration of new users through email
A good option to ensure that all users who register on your website are legitimate is to apply a double confirmation of registration via an email . If you pay attention, when you browse the Internet it is a measure that many web page administrators take.
How do I do it? In WordPress, there are plugins for (almost) everything, so this time it would not be less. If you use a plugin like WPForms you can do it if you have enabled the premium version. Instead, if you are looking for a free option, User Registration is a good option.
4. Request administrator approval for each new record
Another security measure to prevent the registration of spam users in WordPress is the manual approval of each of the requests by the site administrator.
Do you know when you manually approve or reject your blog comments? Well, this is very similar.
As in the previous case, User Registration allows you to do it for free. Or WP Approve User can also be a good alternative.
Important: Only opt for this option when you frequently check the backend of your website and work on it frequently. Otherwise, leaving the registration pending for several days could affect the user experience of your potential client. So watch this.
5. Use a secure registration form
If you want to allow users to register on your website, one of the most effective measures is to use a secure registration form. Of course, keep in mind that for this you need to pull premium plugins or extensions, such as WPForms or Gravity Forms.
We know that in this case, you have to hire one of these plugins, but think that it is a security plus for your website. In them, you have hundreds of security measures to avoid spam and avoid risks on your website. In addition, you avoid using additional plugins to protect your registration form. And you already know that keeping your WordPress light is always a point in your favor.
By the way, remember that whether you choose this option or any other, never include too many fields in your form. Only what is necessary so as not to bore the user and lose a possible conversion.
6. Use a CAPTCHA system
Whether or not you opt for a premium registration plugin, using a CAPTCHA system in WordPress is always a good option.
As you know, these systems allow us to identify a human from a bot when it comes to making any option by means of some riddle, mathematical operation or image identification, among many other options.
How to install it on your website? For example, the Really Simple CAPTCHA option integrates very well with well-known plugins like Contact Form 7 and the developer always keeps it up to date.
7. Use a reCAPTCHA system
No, it’s not the same. We can say that a reCAPTCHA system is the evolution of the system that we have just seen in the previous section.
A system of riddles or questions does not always appeal to everyone. Many administrators or users prefer simpler options, so they also have an option for them: the reCAPTCHA system.
With this option, users only need to “check” a checkbox. Many claim that this system improves conversions and the web user experience by making the verification process much faster.
A plugin for it? We recommend the following:
- Google Captcha (reCAPTCHA)
- Advanced noCaptcha & invisible Captcha
- Login No Captcha reCAPTCHA
They all have very good ratings in the official WordPress repository, they are always updated and compatible with the latest WordPress versions. So, test them on a test website and stick with the one that convinces you the most.
If you are looking for an even less invasive option for the user, opt for a Honeypot system. In other words, a security tool in which real users will not have to carry out any action, not even a click. This system is completely transparent to the user. Yes, literally transparent,
Why? Well, it is a hidden field that is only recognized by bots. By identifying the field and covering it, the system automatically detects that it is not a legitimate user and automatically rejects the registration.
A plugin to install it? For example:
- Invisible reCaptcha for WordPress
- Contact Form 7 Honeypot
- Blackhole for Bad Bots
9. IP blocking
If the spam problem is recurring and always through the same IP, why don’t you choose to block it?
You can do this easily and without installing any additional plugin on your website. You just have to follow these 2 steps:
1st. Access the control panel of your web hosting plan, in our case cPanel. If you have doubts about how to access, take a look at this post: How to enter the cPanel of my hosting.
2nd. In the “Security” section, click on “IP Blocker” and enter the address that is giving you the can in your WordPress.
10. Use a prevention plugin
More than an alternative to the previous options, we could say that it is an additional security measure to prevent the registration of spam users.
Just as you use AKISMET (or some variant) to manage your WordPress comments, Stop Spammer Registration is going to help you keep your website’s records under control and automatically ban those that are pure spam.
Summing up …
In this post, we have just seen 10 ways to avoid spam user registration in WordPress or, as it is said in the language of Shakespeare, Spam User Registration. Now all you need to do is get to work with your website.
You may like also to read http://www.hostingcultura.com/