WordPress user registration spam is becoming an annoying issue. For bloggers, there’s already too much to tackle.With this new user registration spam issue, there’s one more thing added to their already full plate.
Spam is a word that anyone using the internet is so much aware of. Spam can take any form, can attack you at any time and with any frequency.
With my blogging and online business experience since 2007, I must say spam is taking newer and interesting forms everyday. In this post, I will talk about a form of spam that has particularly annoyed me for about 3-4 months now.
And I got so annoyed and took action just now. After 3-4 months? Yes that’s a much slower reaction, but I wanted to learn the pattern and some of the inside aspects of this particular spam problem.
Well there’s no suspense – the spam I’m talking about is user registration spam pertaining to WordPress blogs or websites.
It all started to me when I opened up guest posting and when this blog got a decent PR from the big G. I’m not scaring you away from accepting guest posts at your blog.
Accepting guest posts and spam user registration
I know many bloggers don’t allow user registrations while they still accept guest posts by email. And, some bloggers allow WordPress user registration and ask the guest bloggers to submit their guest posts via the WordPress Dashboard.
So this particular spam problem, WordPress user registration spam I’m talking about, arises obviously in the second case. The host blogger has to open up registrations in order to allow people to login to their site and submit their guest posts via the WordPress dashboard. Basically the link looks like this http://www.yourdomainname.com/wp-login.
Now, you can enable or disable user registration in WordPress by going to Settings > General > and enabling/disabling “Anyone can register”. And, you can also set the default role of the person who registers (if you enable registration) by choosing from the drop down as shown below.
By choosing the default level to “Subscriber” you’re actually restricting any new registered user from making any spam submissions or doing anything mischievous (I use Subscriber level as default). Some bloggers allow “Contributor” registrations – this means that when a person registers he/she can submit a guest post for the host blogger’s review.
Apart from the very little number of genuine submissions there can be a bunch of spam and mess that the host blogger needs to clean up every once in a while in this case.
I wouldn’t recommend allowing “Author”, “Contributor” or any other level up for open registration since this may be a threat to your site’s security and integrity. Authors and Admins can publish content to your site without having to get approved by you, the host blogger. And they can do much more nasty stuff apart from this.
If you want to add an admin user (if you want someone else to moderate comments or do some administration or maintenance work for your site) then you can ask them to register and later on go to “Users” and find their username and upgrade their account to “Admin” or any other level you want to.
Now coming to the topic of this post….
How to combat spam user registration in WordPress?
I am not sure if you would believe me if I say that I got about 10-15 new spam registrations per day. Well, its so annoying with the email notifications I get for WordPress new user registration spam. My inbox gets rubbish and sometimes I delete genuine emails and some genuine WordPress user accounts out of frustration.
And so I came to a conclusion that I should stop this anyhow! With WordPress, I was sure that there’s a plugin for this. Not one but many actually.
I currently use SABRE which is a free plugin. And so far I find it to be working great. WordPress spam user registrations are 0 (yes zero) after I started using this plugin.
Installing the plugin won’t do the job, you need to go ahead and configure some settings nicely so that it fits your audience.
Here are some of the features I liked the most about this plugin.
- A simple text test, which I feel is less intrusive, unlike complex math and Captchas.
- Stealth tests (un-obstructive) to check if the registration is done by a human or not.
- Keeps a list of blocked/spam ips and blocks registration from those ips.
- Option to make it compulsory to verify registration either by user or by the admin (I love this feature and it blocks people using fake email ids to register. I leave it to users to verify!).
- Limit the number of days to confirm. If a user account is not confirmed by X number of days, the account is deleted.
- Prohibit login before confirmation (sweet).
- Ability to make the user to agree with a license or disclaimer or any other guidelines (I’ve not used it yet).
- Ability to enable “invitation only” registration.
- User is allowed to choose a password by himself/herself upon registration (instead of the WordPress auto generated password).
The captcha/math options
The thing I liked about this plugin is that it gives me, the blog owner, the option to decide how hard I can make it for a spam user at the same time not harming the genuine user.
I usually tend to stay away from Captcha plugins since filling out a Captcha is not very pleasant. I might annoy the genuine people.
But this plugin has 3 options – Captcha, Math and Text. And I went for the text option (you simply have to check the box against “Text” options and uncheck the other two as shown below to use this feature).
This is something I really love. As you can see from the picture below, the security is pretty much tight and this stealth check won’t interrupt or come in the way when a user is registering.
All these checks are done silently in the background!
Other plugins I tried to overcome WordPress spam user registration
User spam remover – Good one! However, I personally didn’t like it.
Stop spammer registrations – Sounded all geeky to me.
Registration control – I still got spam registrations.
Skt NURCaptcha – Works good by using a Captcha below the registration form.
WangGuard – A freemium plugin. They have a pricing model based on the number of queries you get. Check out the plugin page to know more. This plugin might conflict with any other minify or caching plugins you use. Make sure you read the instructions carefully and configure the plugin accordingly.
SI CAPTCHA Anti-Spam – Restricts spam user registration by implementing Captcha. This plugin not only works for user registration but also works for comment spam.
A word of caution
The SABRE plugin does a great job, but since I enabled the option to make the users “verify”, all the already existing accounts ran into problems; they received errors while logging in. I had to make them register again and attribute their posts (if any) to their new accounts.
Considering the amount of spam I got, I found this to be a lesser painful job. And the contributors were so kind enough to register again.
So if you are already running a blog with around hundred contributors, you should disable the verification option. Otherwise you should be fine!
WordPress user registration spam: Conclusion
The spam accounts usually can’t cause much “threat” to your blog as long as you give only the “subscriber” level to open registration. But I hear some people say that when hackers attempt to hack your blog, they usually try to use such spam accounts; though I’m not so sure about this fact. In any case make sure you know about the WordPress website basics.
Nevertheless WordPress registration spam is a pretty annoying problem. It is not always possible to turn off website user registration since you might need to allow registration of new users to your WordPress site for various reasons.
I hope the above mentioned plugins can help you solve the spam user registration problem!
I’d love to hear your thoughts on this matter, and any other WordPress plugins that you find to be more effective to combat WordPress user registration spam.