BEGINNER'S GUIDE

How to Prevent Spam Registration on WordPress? (Complete Guide 2024)

Last Updated: 6 mins By: Anisha Maharjan

To enable WordPress registration, you must turn on the “Anyone can register” option. However, enabling this option can also lead to spam registrations. 

So, how do we fix this? The steps are mentioned below.

Solution 1: Change the Default Registration and Login URL 

Many spam attacks are caused by automated scripts that target the typical WordPress registration URL at “www.yourwebsite.com/wp-login.php“.

One way to prevent this vulnerability is by changing where users register and log in. For this, you can use a tool that lets you easily make such modifications, like the User Registration plugin.

With User Registration, you can easily customize your registration and login forms/pages and create unique URLs that prevent bots from accessing the default forms.

Follow these steps to change the URL to prevent new user spam registration on WordPress. 

  1. Navigate to User Registration > Settings > General > Login Options
  1. Enable Disable Default WordPress Login Screen
  1. Add your custom login page under Redirect Default WordPress Login To
  1. Click Save Changes
  • select login options
  • disable default wordpress login screen
  • choose custom registration page

This will redirect your default login screen to your custom login page, preventing most spam bots from submitting forms to the default URL. 

Furthermore, you can view the source of each registration under Users >> All Users or User Registration >> Users.  

If you notice spam registrations coming from sources other than the default login URL, you can either remove or redirect those pages/forms to block further spam sign-ups.

wordpress registration sources

Solution 2: Add Admin Approval Requirement for Registrations 

If spam registrations still occur, enable admin approval to approve entries before registration manually. You can also set up email confirmation for approvals. 

  1. Go to User Registration > All Forms > Edit (for the form you’re using). 
  1. Under Form Settings, find the dropdown for User Approval and Login Options
  1. Choose one of these options: Admin Approval, Auto Approval after Email Confirmation, or Admin Approval after Email Confirmation
  1. Click Update Form at the top. 
  • edit your registration form
  • dropdown for admin approval
  • choose admin approval options

Solution 3: Use reCAPTCHA, hCaptcha, or Cloudflare Turnstile

To protect your registration form from spam, you can add reCAPTCHA, hCaptcha, or Cloudflare Turnstile.

CAPTCHA determines if a user is human(or bot), while Cloudflare Turnstile offers non-invasive protection without data harvesting.

Registration Form with CAPTCHA

Steps to integrate:

  1. Create a new registration form.
  2. Go to User Registration >> Settings >> Captcha. Choose from:
Captcha Settings in User Registration
  • reCAPTCHA v2: Checkbox or image challenges.
  • reCAPTCHA v3: Works in the background, scoring user actions.
  • hCaptcha: Similar to reCAPTCHA v2, with questions that are easy for humans and difficult for bots.
  • Cloudflare Turnstile: CAPTCHA alternative with no challenges.

Depending on your requirements, you can add any of these to your form.

For a detailed guide, you can refer to our article on integrating CAPTCHAs with registration and login forms or documentation for method of spam prevention.

For reCAPTCHA and hCaptcha, obtain Site Key and Secret Key from their respective sites, and paste them into the settings.

Site Key and Secret Key for reCaptcha

Lastly, enable CAPTCHA protection by toggling the “Enable Captcha Support” option in the form’s General settings and update the form.

Enable Captcha Support

Solution 4: Using Akismet Protection

User Registration integrates Akismet Anti-spam protection in its free version. Here’s how to enable it:

  1. Set Up User Registration and Akismet: Ensure you have the free User Registration plugin set up and the Akismet plugin installed and configured with its API key, which you’ll receive after selecting a plan.
    Configure Akismet Plugin
  2. Enable Akismet Anti-Spam Protection: Open your registration form, go to Form Settings, and toggle on Akismet anti-spam protection. Then, click “Update” to save.
    Activate Akismet Spam Protection

That’s it! Akismet will now analyze each registration using its anti-spam algorithms and then block all spam registrations.


Solution 5: Using Anti-spam Honeypot

The honeypot feature adds an invisible field to the registration form, visible only to spam bots. When a bot fills it, the form detects and blocks it.

To do so, you need to enable an anti-spam honeypot using User Registration Pro.

Open your required form, go to Form Settings >> Extras, and enable the “Activate Spam Protection by HoneyPot” option.

Activate Honeypot

That’s all you have to do to protect the registration form from annoying spam.


Solution 6: Using Whitelist/Blacklist Domain Registration Feature

User Registration’s whitelist feature lets you allow only specific email domains to register, while the blacklist blocks users from blacklisted domains.

  1. To enable this, open the registration form, go to Form Settings >> Extras in the form builder, and toggle the “Enable Whitelist/Blacklist Domain” option.
  2. Select “Allowed Domains” or “Denied Domains” from the dropdown.
    Enable Whitelist Blacklist
  3. Enter the domains you want to allow or deny in the “Domains Entries” textbox, separated by commas, and click “Update form.”
Enter Allowed Domains

Ensure you only list valid domains like gmail.com or outlook.com. Whitelisted domains allow registration, while unlisted ones are blocked. For denied domains, listed ones are blocked, and unlisted ones can register.


FAQs on Preventing Spam Registrations in WordPress


How do I block a new user registration in WordPress?

If you want to entirely stop new user registrations, go to Settings >> General on your website’s admin dashboard.

Disable the Membership feature by unchecking the Anyone can register option.

This blocks new registrations from the default WordPress registration forms or third-party form plugins like User Registration.


How do I remove spam users from WordPress?

You can clear spam users from your database using the Users tab in your admin dashboard. Just bulk-select the spam users and delete them with one click.


Does WordPress have spam blockers?

WordPress, by default, doesn’t have built-in spam blockers. However, you can use WordPress anti-spam plugins and security plugins to prevent spam registrations.


Wrapping Up WordPress Spam Prevention

If you want a secure site, you must prevent WordPress spam registrations.

A registration plugin like User Registration helps you build registration forms and enforce strict protection against spam bots with features like Captcha integration, honeypot protection, and more.

For extra security, you might also want to enable strong passwords during registration and approve users after registration.

And that brings us to the end of this article! You’re welcome to check out our blog for more.

How to Prevent Spam Registration on WordPress? (Complete Guide 2024)
Scroll to top

Pin It on Pinterest