Why we should delete spam user registrations? How to stop spam user registrations? Are there any tools?
Nowadays, the internet plays a key role in different sections of our lives. The internet is very useful. However, it comes with many disadvantages as well.
WordPress is the most popular CMS in the world and it’s rapidly gaining even more popularity. For this reason alone, WordPress is in the constant attack of spammers.
Spamming is the use of messaging systems to send an unsolicited message and dealing with it can be very difficult. When WordPress was first launched and was used mostly for blogs there weren’t too many spam issues. However, nowadays WordPress is being used for most of the big websites whether they are educational, blogs and even online stores.
We have explained how to stop WordPress' spam comment in another article. In this article, we would like to discuss how to stop spam user registrations in WordPress.
- 1. Send Confirmation Email to Users
- 2. Accept Users Manually
- 3. Use Stop Spammers Spam Prevention Plugin
- 4. Use Sucuri's Anti Spam Features
- 5. Add Google reCAPTCHA to User Registration
- 6. Add Math Captcha to User Registration
- 7. Add Simple CAPTCHA to User Registration
- 8. Stop Spam User Registration with WP-SpamShield
- 9. Block IP Address from cPanel
- 10. Bulk Delete Spam Users
How Does a Registration Bots Work?
Spammers usually create a bot to do their dirty work for them. These bots can send thousands of messages per day without any hassle for the creator of the bot. The main purpose of these bots is to advertise the companies that use them. In addition, these bots can generate a lot of profit for the creators.
Spammer bots can be used for many purposes. For example, they can be used to target a website and infect the website with malware and spam comments. Some developers are known to create spammer bots to force install their applications on devices or websites.
Spams usually enter a website through sign-ups, email messages, comment section and other sections that require the user's input. Amongst these, the most known spam in WordPress is user registration spam.
With the help of spammer bots, thousands of people can signup on WordPress. Checking each user one by one and verifying them is a terrifying task. Plus, users can’t do that and they must use different methods to verify actual users.
Why Should We Stop Spam User Registrations?
There are a lot of reasons to stop spam user registration. We are going to mention 5 important points.
- Wasting Memory Space: Most spam user registration bots are used only once after their initial registration. However, they still can waste a lot of memory space on your website. Although the size of spam is not too big, when there’s a lot of them on your website they waste a lot of space. If you prevent spammer bots from the start you can dedicate the space they waste to different sections of your website.
- Competitive Market: Spams can be injected into your website or devices through malware and destroy everything. If your website doesn’t have proper support, this type of spam could destroy your website. User spam registration is usually done by your competitors and through malware. The main purpose is to interfere with your business.
- Send spam to registered users: With the help of malware, spams will be sent automatically to the registered users on your website. This could happen when you accidentally click on spam. The users will lose the trust you worked so hard to earn and the number of users will slowly drop.
- Reduce the speed and performance of the website: Spammers love to waste your server’s resources and ultimately this will reduce the speed and performance of your website and you will lose your server’s bandwidth and once again, this will lead to the loss of users.
- Security Risks: One of the main reasons to stop spam user registration is to make your website secure. Malware and spams can destroy the editor, authors and even administrators’ image. In addition, they can be the gate for hackers.
How to Stop Spam User Registrations?
Now that you are familiar with how dangerous spams are, let’s talk about preventing it from happening. The most useful method is to install a plugin to prevent spammers from registering on your website.
The User Registration plugin is developed by WPEverest is a good method to stop spam user registration in WordPress.
This plugin is offered for free and comes with many features. With the help of this plugin and the features, it offers you can stop spam user registrations.
1. Send Confirmation Email to Users
One of the easiest methods to identify spammers who register on your website is by sending a confirmation email to them.
Whenever a new user registers on your website they receive a confirmation email. By doing so, you can identify if the email they used is legit or not.
If the email address is fake, the email won’t be received. Only if the email address is legit the user can click on it and verify their account.
To enable this option, from the WordPress Dashboard hover over Settings and click on User Registration. In the General tab, locate the “User login option” and choose email confirmation from the drop-down menu.
In addition, you can make any necessary changes to the email confirmation structure. You can see the confirmation status in the dashboard, if the status is on pending for a while it means that the registered user was a bot or spammer.
2. Accept Users Manually
You can stop spam user registration by accepting users one by one. In most cases, only by looking at the email address you can tell if it’s real or fake. If the email looked fake you can’t decline the registration. To do so, follow the following steps:
From the WordPress Dashboard hover over Settings and click on User Registration. Click on the General tab and in the “User login option” drop-down menu choose Admin approval after registration and click on save.
Also, you can give the admins more features to verify the email addresses. When you save the settings, you can see all of the statuses’ in the WordPress Dashboard. Their registration can be accepted or declined based on their email address.
3. Use Stop Spammers Spam Prevention Plugin
The first step you need to do is, download, install and activate the Stop Spammers Spam Prevention plugin. From the WordPress Dashboard hover over the Plugins and click on Add New, type the plugin in the search box and press enter.
Once the plugin is activated, from Stop Spammers go to Protection Options.
This is one of the most powerful plugins in WordPress to detect spammers. The default configurations are activated on most websites. If you think real users may have a difficult time registering on the website you can disable some of its features.
Don’t forget to save the changes. This plugin uses different methods to stop spam user registration. It uses HTTP Referrer and Header requests to identify real users from fake users. Besides, it can detect any user who has had malicious activity on their browser and block them immediately.
However, this plugin is known to limit your access to the WordPress Dashboard. If this happened to you, from an FTP client connect to your server and rename the plugin to regain your access to the Dashboard.
4. Use Sucuri's Anti Spam Features
Sucuri is a big security company that develops and offers all sorts of security services for WordPress websites. This company protects your website against hackers, malware and DDoS.
Their software is one of the best you can find in the WordPress community. When you enable Sucuri, all of your website’s traffic will be filtered by their CloudProxy firewall. Thus, your website is protected.
By using Sucuri only verified users can send you messages or post comments. In addition, this plugin also increases the performance of your website. Besides, this leads to a lower cost of bandwidth which means you have to pay less money each month to your hosting provider.
5. Add Google reCAPTCHA to User Registration
CAPTCHA is one of the best methods to fight bots. If you have serious bots and spammers issue, we highly recommend adding this system to your website.
reCAPTCHA is the modified version of CAPTCHA developed by Google. Designed specifically to deal with spammer bots. reCAPTCHA only asks you to click on the checkbox and there is no need to answer any questions.
To enable reCAPTCHA in your registration form go to WPForms. From there click on Addons and locate reCAPTCHA Addon.
From Settings go to the General tab, edit your form and by reviewing it scroll down to enable reCAPTCHA.
6. Add Math Captcha to User Registration
If you would like to keep the user registration on your website you can simply enable Math Captcha. This tool uses simple math equations to detect real users from fake users and bots.
In the settings, you can choose different math equations to display in the CAPTCHA.
7. Add Simple CAPTCHA to User Registration
If you want your users to fill the CAPTCHA before entering the website, you can use Captcha by BestWebSoft. This plugin also adds simple math equations. This tool can be a good solution to stop spam user registration. Some of the key features of this plugin are:
- Works for login, signup, reset password, comments and contact us
- Adds simple math equations
- Allows users to solve a simpler math
- Can be both characters and numbers
- It’s free
8. Stop Spam User Registration with WP-SpamShield
WP-SpamShield Anti-Spam is a powerful plugin to prevent spams from accessing your website. This website can be very useful for your website, it even works on the registration page.
- It can protect your website against spam user registration, pingback, and other spams
- It doesn’t use CAPTCHA and won’t cause any trouble for the users
- It’s compatible with WooCommerce, WordPress, Buddypress, and BBPress
9. Block IP Address from cPanel
This method completely blocks an IP address from visiting your website. You should use this method if you want to protect your website against hackers and DDoS attacks. Before anything, you must log in to the cPanel account given to you by the hosting provider.
Scroll down until you see IP Address Deny Manager and click on it. You can add IPs you would like to block from accessing your website. Add an IP address and click add. If you would like to unblock an IP address go to the same page and remove the IP from the list.
10. Bulk Delete Spam Users
The easiest method to bulk delete users is to head over to the WordPress Dashboard and click on Users. Go through each user and check the ones you think are fake and from the Bulk Actions menu choose Delete and click on Apply.
Using this method can be a bit difficult with the default screen options in WordPress. You can only view 20 users per page.
If you would like to increase this amount from the top right corner click on “Screen Options” and increase the number from 20 to 50 or 100.
If you don’t have the time to go through each user and delete them, you can use the Bulk Delete plugin. This plugin allows you to delete users based on the following standards:
- Specific user roles
- Specific meta fields
- Last login date
- Registration date
These standards can differentiate real users from fake users. With the Bulk Delete plugin, you can easily identify fake users or inactive users and delete them.