Spam is not limited to just comments. If you leave your WordPress blog open to new user registration, you could be hit by a wave of spam bots or rather nefarious individuals registering with hopes that you’ll give them a chance to post spam on your blog.
First of all, do you really need open registration? If not, uncheck “Anyone can register” from the Settings area of your Dashboard.
So, what if you need open registration? First, stop the bad bots from even visiting your blog with Bad Behavior.
Now, you could certainly use a CAPTCHA on your registration form, but I wouldn’t bother with that. Several CAPTCHA have been broken by a simple program, and they just aren’t accessible. Instead, use Ban Hammer, which compares registration email addresses with your comment blacklist (just add them if you notice a trend) and the collective blacklist at Stop Forum Spam.
Like comment spam, registration spam will be a constant battle, but Bad Behavior and Ban Hammer should at least make it easier on you.