WordPress FAQ: Blocking Spam Registrations

February 25th, 2011
WordPress, WordPress FAQs

Spam is not limited to just comments. If you leave your WordPress blog open to new user registration, you could be hit by a wave of spam bots or rather nefarious individuals registering with hopes that you’ll give them a chance to post spam on your blog.

First of all, do you really need open registration? If not, uncheck “Anyone can register” from the Settings area of your Dashboard.

So, what if you need open registration? First, stop the bad bots from even visiting your blog with Bad Behavior.

Now, you could certainly use a CAPTCHA on your registration form, but I wouldn’t bother with that. Several CAPTCHA have been broken by a simple program, and they just aren’t accessible. Instead, use Ban Hammer, which compares registration email addresses with your comment blacklist (just add them if you notice a trend) and the collective blacklist at Stop Forum Spam.

Like comment spam, registration spam will be a constant battle, but Bad Behavior and Ban Hammer should at least make it easier on you.




  1. Joey @ Bargain CT (1 comments.) says:

    Its true there are lots of spammers and captcha is a good way to block them for the auto sender or auto comment software

  2. Linda (1 comments.) says:

    Thank you. Even with askimet, I get so many fake comments, and it takes so much time to clean them up — I’d rather be blogging. I am gong to try the ban hammer.

  3. Tom Coburn (67 comments.) says:

    Great article. I enjoyed reading it very much. I close registrations on my wordpress blog because nobody registers for a WP account anyway. I mean seriously nobody. I’ve often said WP should take out their user registration system, and replace it with facebook and twitter connect, or some other form of universal registration system, like typekey that six apart has for example something more universal that all the real people have in the first place. I think all this spam prevention is so crazy, nobody registers for a blog anyway just to add a comment. If I have to register just to leave a comment I won’t come back and never return. Knowing that I would do that on any other site, made me realize I can’t ask people to do that on my own blog, so I close registrations and use twitter and facebook connect, problem solved! I just wish fb and twitter connect would become standard features in WP without having to add a plugin. there are multiple FB plugins now and none of them seem to function right, they need to just replace their current registration system with something like that, then spam comment problem solved.

  4. Andrew Cooper (1 comments.) says:

    Hi James,

    Thanks for the article. A couple of days ago I turned registrations on to my WP blog. I got a couple of real subscribers and a few that looked like spam. I’ve been deleting them manually.

    Based on your advice I’ve added Bad Behavior and Ban Hammer to my blog and look forward to getting less fake registrations. Thanks again for the great info!

  5. DB Ferguson (8 comments.) says:

    Even with Antivirus, Akismet, Defensio, and Cloudflare CDN Pro protection, I still get tons of spam every day. I’ve upgraded to WP 3.1 and downloaded this plugin. Unfortunately, when I went to the settings to see if there was anything I needed to adjust, I got this error:

    Fatal error: Cannot redeclare _iscurlinstalled() in /home/nofaenet/public_html/wp-content/plugins/ban-hammer/ban-hammer_options.php on line 9

    Fatal errors always make me a bit nervous. Has anyone else come across this issue? Does this look like it could be conflicting with my many other security plugins? Or maybe it’s not compatable with WP 3.1? I’ll deactivate this plugin until I can figure out how to solve this.

  6. Rick (3 comments.) says:

    Unlike some others here, I do have registrations on some of my sites and they are essential, particularly for the CMS type sites. I have found SABRE an excellent control mechanism. It offers a number of different methods to detect and stop the spammers.

    • Harsh Agrawal (1 comments.) says:

      Rick even I’m using Sabre and its excellent and I just checked the logs of Sabre and realized it’s even blocking real registsred users to login..If they punch in wrong password they will be blocked immediately..not a good experience I guess..

Obviously Powered by WordPress. © 2003-2013

page counter