Aggressive anti-spam plugin that eliminates comment spam, trackback spam, contact form spam and registration spam. Protects against malicious attacks.
This is the most comment problem that I see. If you see in your log that all users have the same IP address it is possible that your site is behind a firewall of proxy. The IP address that the plugin sees is the IP address of the Proxy or Firewall. You need to configure the proxy to pass the user's original source IP to you. CloudFlare will use its IP address if it is acting as a proxy for your site. You MUST install the CloudFlare plugin in this case. Stop Spammers can do little without a reliable IP address.
Not everyone who is marked as a spammer is actually a spammer. It is quite possible that you have been marked as a spammer on one of the spammer databases. There is no "back door", because spammers could use it. Rename stop-spammer-registrations.php to stop-spammer-registrations.xxx and then login. Rename it back and check the history logs for the reason why your were denied access. Was your email or IP address marked as spam in one of the databases? If so, contact the website that maintains the database and ask them to remove you. Check off the box, "Automatically add admins to Allow List" in the spammer options settings. Then save your settings. This puts your IP address into the Allow List. You should be able to logout and then log back in. Use the button on the Stop Spammer settings page to see if you pass. You may have to uncheck some options in order to pass. Users in some countried often have to use Proxy servers or VPNs in order to access the site. Often the proxy servers are marked as a source of spam. You should find the IP addresses of the proxies that you use and add add those IP addresses to the Allow List. You can possibly find out why you were locked out by using the form on the Diagnostics page. Avoid lockouts my making sure that the second chance captcha is turned on.
Please report it NOW. I fill try to fix it and incorporate the fix into the next release. I try to respond quickly to bugs that are possible to fix (all others take a few days). If you are adventurous you can download the latest versions of some of my plugins before I release them.
You can download previous versions of the plugin at: http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/developers/ Don't forget to report to me what the problem is so I can try to fix it.
I am finding more and more plugin users on hosts that do some kind of Network Address Translation (NAT) or are behind a firewall, router, or proxy that does not pass the original IP address to the web server. If the proxy does not support X-FORWARDED-FOR (XFF) type headers then there is little that you can do. You must uncheck the "Check IP" box and rely on the plugin to use the passive methods to eliminate spammers. These are good methods and will stop most spammers, but you cannot report spam without reporting yourself, and you cannot cache bad IP addresses.
Check your log files to find out exactly why the app was rejected. It usually is often the HTTP_REFERER header was not sent correctly. This is one sign of badly written spam software. It is also, unfortunately, a sign of badly written login software. Uncheck the box on the Stop Spammer settings page "Block with missing or invalid HTTP_REFERER". I Allow List iPhones and iPads using Safari on some checks because of bugs in the headers it sends.
It could be that there is something in your system that is causing errors. Copy the errors and email them to me, or paste them into a comment on the WordPress plugin page. I will investigate and try to fix these errors.
Unfortunately, WordPress did not record the IP address of User registrations prior to version 5.0. This is a design flaw in WordPress. They do record the IP of comments. I cannot run a check against logins without their IP address, so you have to remove users the old fashioned way, one at a time. You might try listing the emails of all registered users, and then deleting them. You can then ask all users to re-register, but that would probably annoy your legitimate users.
I am a full time programmer and have little time to work on my own projects. I will certainly make note of your suggestion, but I may never get to it.
I am slowing down maintenance on this plugin. I don't have time to work on it. Don't send me money unless you have a corporate credit card and your bosses can afford it. There is a plugin menu item to contribute. It has links for contributions and buying my books. The best way to support me is to buy me a beer at the local Blues Jam and don't laugh when I play harmonica.