21 Aug

How to Stop User Registration Spam

If you are running a website, you have probably faced surges of notifications of spammy user accounts that are being created on your site. Not only are such situations frustrating, but they can also be quite damaging to both your website’s structure and reputation. If you don’t know which of your analytics can be trusted, which of your data is correct and which of your clients are real, then your business is in jeopardy. We will share with you 7 ways to stop user registration spam by adjusting a few things in WordPress Admin Board as well as downloading and installing many of the available plugins to do the work for you.

1) Set the default user role

The first thing you can do to stop spammy sites from registering on your WordPress website is to change the default settings for new user registrations. If you don’t want to block all attempts at registering on your website, you could assign the Subscriber role as the default one for new members. This is quite a secure solution since it prevents such a user from getting access to your WordPress Admin Board. You can do this by going to Settings » General and checking the box Anyone can register before setting the default role as Subscriber.

2) Create custom user registration form

There are over 50,000 free plugins in the official WordPress directory among which you can find the WPForms plugin to help you create your own (and somewhat) unique registration form. You are able to assign which information they are to leave in order to register on your website – choose a username and password and fill out their bio while adding custom meta information to expand their profile and assigning them the default user role. To avoid user registration spam, you can choose the way your future users’ subscriptions will be confirmed – either you do it as the administrator of your website or they get to click on a link or button you send them in an email.

3) Approve registration manually

By choosing this method, you as the administrator of your website are able to review the information left in the registration form and decide if you want to approve this new persona as your user. If they appear spammy after they login and start using your website, you can always block or delete their account. To activate the approving option, head over to Settings » User Registration, scroll down to User Activation Method and select Manual Approval.

4) Request user email activation

Even though the previous option gives the website administrator more control over who can register as a new user, in case of a large number of user registration requests, there is another way to stop spam. You can choose an optional security measure available as a WPForms User Registration addon. Should you send an email to you potential users after they fill in the registration form where they must click on a link or button to confirm their subscription to your website, you will likely prevent spambots from infiltrating your system. Turn this option on by going to Settings » User Registration, scroll down to User Activation Method and select User Email.


We are all familiar with CAPTCHA fields and how annoying they can be, but there is no denying that they make for an excellent security step. You can add a test question (reentering blurry text from a provided picture, solve a simple math problem or answer a question) in your user registration form, which will allow only those (actual people) who can provide the correct answer to submit the form. If you want to apply this method, you can activate it through custom CAPTCHA addon where you choose the question type from the suggested options or add your own.

6) Use reCAPTCHA

Google’s reCAPTCHA is a good solution for those webmasters who would like to maintain a certain security level as far as user registration is concerned, but don’t want to worsen user experience on their website. You can achieve it by not bothering your potential site users with answering questions and solving math problems to submit user registration requests, but simply allowing them to check a box and thus confirming they are real people. The spambots are still hindered from bypassing your security measures, and real people have fewer hoops to jump through to become registered users of your website. Do this by finding the reCAPTCHA Addon in WPForms » Addons, and edit your registration form by going to Settings » General and checking Enable reCAPTCHA box near the end of the page.

7) Block suspicious IP addresses

If you by any chance end up having spammy users on your WordPress powered website, one of the ways to prevent them from doing further damage is to block their IP addresses from accessing your website. You can have your chosen webhosting company do it for you or you can use a WordPress security solution like the one provided by Awontis. To track which websites are accessing your user registration form, go to Settings » Notifications in the form editor. Next, in the Message field, click on Show Smart Tags followed by selecting User IP Address. Now you will be alerted anytime when someone wants to register on your website, at which point you can decide if and how you want their IP address to be blocked.

If you are afraid of spammy users damaging your SEO with corrupt outbound links, unnecessarily enlarging your database and messing with your real-life users, implement security measures on your website like the ones we shared with you here. What’s more, there are many out of the 50,000 WordPress plugins that can do much of the work for you or, if you would rather leave it to the professionals, we are your people.

Call us today and we will be more than happy to lift this burden off your shoulders!
Share this

Leave a reply