Anybody else see wp-register.php abuse?

Do they come from the same IP? If so you can just block it with .htaccess.

yes and I manage to circumvent a good deal of it by doing this:

RewriteCond %{HTTP_REFERER} !^http://([^.]+.)?mydomain.com/.*$ [NC]
RewriteCond %{REQUEST_URI} ".*wp-register.php$"
RewriteRule .* - [F]

it doesnt take care of them all; I see maybe one registration every 2 weeks. Easily something I can manage.

But then I also use mod_security, so if I see patterns i can take care of those 2 with that.

Theres absolutely NO reason why anyone needs to hit that page without having the referer be your domain. And i couldnt give a crap less about ppl that refuse to send referers when they surf, far as Im concerned thats all the more reason to keep folks off my site, completely.

youre very welcome .. 🙂

in your .htaccess file