How To Stop Registration Spam on WordPress Powered Websites

I’ve spoke about preventing comment spam on WP Mods on a number of occasions. It’s something that all popular WordPress blogs have to deal with at some point.

One type of spam I haven’t really spoke about until now is registration spam. If you have checked the option to allow anyone to register for your site (under www.yoursite.com/wp-admin/options-general.php) then you may have suffered from registration spam. On WP Mods there are currently over 2,500 registered subscribers, most of which were created by spam software.

You can usually tell these accounts from legitimate accounts as no profile details are completed and they use strange email addresses with lots of characters. Alternatively, many accounts are set up with variations in the username and/or email address (example below).

 Registration Spam

A guaranteed way to stop registration spam is to disallow new registrations and create all accounts manually. This isn’t always practical. For example, if you require users to register an account to leave a comment on your site or if you have a private member area or bbPress forum.

Admittedly, I could disallow registrations on WP Mods though I find it easier to keep registration open so that authors and guest posters can setup accounts themselves.

Today I will be showing you a selection of WordPress plugins that try and reduce or stop registration spam. Those of you who would prefer to keep membership registration open should find this list useful. As usual, all plugins have been tested on my test blog however they have not been tested on a live site so if you see a suitable plugin I encourage you to try it out yourself and share the results with WP Mods readers :)

1. User Spam Remover

A great plugin that automatically removes older accounts that are no longer used. You can set threshold for what accounts are deleted. Any unused accounts over the number of days you set are automatically deleted.

User Spam Remover

Accounts that are due for deletion sit in a pending queue for 24 hours before being deleted. The plugin logs details of all accounts that are deleted in a log file so you can restore accounts if necessary.

User Spam Remover

If you have been suffering from registration spam, this is one of the first plugins you should install. I used it to remove all of the 2,500+ unused accounts that were on WP Mods.

Download: User Spam Remover

2. Stop Spammer Registrations Plugin

Checks the databases of StopForumSpam, Project Honeypot and BotScout to prevent spammers from registering. It does this by checking the ip address, username and email address of everyone who registers and if it matches a name on the database, registration is stopped.

Stop Spammer Registrations Plugin

Download: Stop Spammer Registrations Plugin

3. Raz Captcha

Prevents registration bots by adding a captcha test to the registration page. You can choose to have the captcha test on your registration page and/or your login page. The explanation to users as to why the captcha is there can also be modified.

Raz-Captcha

I sometimes find captcha tests quite frustrating as they are frequently impossible to pass. Some of the numbers generated by Raz Captcha were easy to read but others were very difficult, which is something that could annoy your legitimate users. Something to bear in mind.

Raz-Captcha

Download: Raz Captcha

4. Restrict Registration

Lets you setup a blacklist and whitelist of usernames and email addresses that can and cannot be used. You can use wildcards which will help you block registrations from certain email providers. It’s not the most practical solution in my opinion as you need to do everything manually.

Restrict Registration

Download: Restrict Registration

5. WangGuard

A feature rich plugin that works with WordPress, WordPress MU, BuddyPress and bbPress 2.0. Once you have acquired an API key and installed the plugin, it checks registered users against known spammers on the WangGuard database.

WangGuard

Download: WangGuard

6. Sabre

Sabre, short for Simple Anti Bot Registration Engine, aims to prevent bots from registering on your site. It is simple to use but is far from basic as you have a huge number of ways to customise what prevention measures are used on your registration page.

Sabre

You can include a captcha test, maths test and a text test too. The captcha test is also easy to read so it should stop boys but not frustrate your members. A good choice for those who want to stop bots from registering in the first instance.

Sabre

Download: Sabre

7. WP Recaptcha

Uses the Google Recaptcha service to prevent registration, comment and email spam. You need to acquire a key in order to use the plugin.

WP-reCAPTCHA

You can enable the plugin in the comments area and/or the registration page. Once it’s all setup, your visitors will see the familiar Recaptcha test.

WP-reCAPTCHA

Download: WP Recaptcha

8. Register Plus

Reviewed last year, Registration Plus is one of my favourite WordPress plugins. It’s primarily known as a way of enhancing the registration page and requesting more information on the registration page however it also has some fantastic anti-spam measures built in.

Register Plus

You can add a simple captcha test or the Google recaptcha test to the registration page. You can also ask users to confirm an invitation code in order for the registration to proceed. Finally, you have the option of manually approving all registrations.

As you can see from the screenshot below, the registration form is quite large when you add all the additional fields.

Register Plus

In addition to uploading your own logo to the registration page, you can also style the login and registration pages using custom CSS. The email notification to new members can also be customised. Quite simply, Register Plus is the best way of controlling the registration process.

A variation of the plugin entitled Pie Register however in my opinion Register Plus is the better option.

Download: Register Plus

9. WP-NOTCAPTCHA

An interesting plugin that adds anti-spam measures to the comments and/or registration page. Instead of entering a captcha code, the user has to slide three icons to a vertical position. A cool user friendly solution :)

WP-NOTCAPTCHA

Download: WP-NOTCAPTCHA

10. No Disposable Email

Prevents users from registering on your site with disposable emails from services such as Mailinator.

No Disposable Email

Download: No Disposable Email

* The following plugins were also tested for this article but did not work correctly: Animal Captcha, Super Capcha, Security Captcha and Registrap.

About 

Kevin Muldoon is a professional blogger with a love of travel. He writes regularly about topics such as WordPress, Blogging, Productivity, Internet Marketing and Social Media on his personal blog and and provides technical support at Rise Forums. He can also be found on Twitter: @KevinMuldoon and Google+.

16 thoughts on “How To Stop Registration Spam on WordPress Powered Websites

  1. Thank you for the comprehensive list, Kevin! I like the idea of captcha but it seems nowadays there are ways to overcome this verifications… what’s your take on this?

  2. Just installed User Spam Remover. Appreciate the round-up of useful tools. I’m still a little bewildered about the utility of registration and what to do with registered users. Is WP registration a reasonable way to run an e-mail list? I’m getting lots of registrations, even though I have the Chimp Mail contact form. I suspect most are probably spammers . . . Great site for a non-coder.

  3. hey Kevin Which plugin you are using and which one is working out for you?
    I’m using Sabre and it’s great and I’m using captcha and Math test along with it..Though the problem is it also blocks normal user login many times..!!!

    1. I’ve tried lots of plugins but at the moment I’m only using Akismet. I’ve found that the plugins that do stop spam also stop most legitimate comments too.

      Captcha and math tests are effective – though there’s no doubt that they discourage some people from posting. Particularly captcha as it can be so problematic.

  4. Hi Kevin,

    Nice list of plugins!

    Here is another user friendly solution, which I believe to have great potential. It uses nine images arranged in a grid for verification.

    The idea is that user has to choose by clicking two images which posses the best relationship.

    For example: there are nine images out of which there are two images of machinery (a modern tank and a modern jet fighter plane)
    and two images of dogs (different breeds).

    The correct choice here is the two dogs.

    Anyways, you may check it out here:
    http://wordpress.org/extend/plugins/prove-you-are-a-human-ruh-captcha-plugin/

  5. Thanks for the info. Wanted to mention, though, that I can no longer find Registration Plus plugin on the WordPress.org site to download and your link doesn’t seem to work either. Pie Register is still there, however.

  6. Hi Kevin,

    A very helpful article…the best I’ve found yet actually. It’s too bad Registration Plus is no longer supported, it sounded like a pretty good plugin. I noticed you’re using LiveFyre for comments. Like Disqus, doesn’t this sort of allow you to bypass people signing up on wordpress to comment? Hence you could just disallow registration in WP but folks can still comment using other social logins? I guess some WP forum plugins would still be affected but comments are my main thing right now.

    Thanks again for the article!

    Mark

    1. @MarkWashburn yeah it bypasses the WordPress comment system. The good thing is that comments are synced back to WordPress so you can switch back at any time or even switch to a different comment service. I’ve not had any problems with spam since switching to it.

      1. @Kevin Muldoon I’ve found the same thing with Disqus, it’s been great at cutting down the junk all around. I don’t think I would have had a problem on one site but I had simple press installed for awhile and then the junk registrations started coming in. All in all I like Disqus and LiveFyre…for those wanting to comment, they may have jump through an extra hoop compared to the default comment block in WP, but it’s not really that bad. For me personally, I like it better when commenting.

      2. @MarkWashburn Yeah once you sign up for an account it actually makes things easier as instead of entering your details you just signsing google or facebook etc. I’ve been happy with it so far though hopefully we will see some new features added in 2012.

  7. We have recently been struggling with this issue. For our site almost all of the spammer come from India, China, Russia or another country in those regions. I have yet to see anything from within the US. As a service company I have considered simply banning all IPs from those countries, but eventually we would like to do business abroad. These plugins seem like a more elegant solution. Now we get to try them out… Thank you for the article.

  8. We are experiencing repeated attacks everyday for the past week. Not sure how they are attacking the site, and not sure how well the captcha is preventing this. I have now installed RUH Captcha (today 4 Dec 2013) Any suggestions would be most grateful.

    For Example:
    A user with IP address 50.63.144.181 has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username ‘admin’ to try to sign in.
    User IP: 50.63.144.181
    User hostname: ip-50-63-144-181.ip.secureserver.net

  9. This is perfect, thank you! After I turned of Register Plus (because of security issue with the plugin), I was getting dozens of registrations per day. I’ve installed and activated several of your recommendations. Crossing my fingers…

Comments are closed.