Moderator
James Huff
(@macmanx)
Volunteer Moderator
Well, the CAPTCHA isn’t working because bots have been solving CAPTCHA for *years*. They’re more of a nuisance to humans and a deterrent to visually impaired humans than they are a deterrent to bots: http://caca.zoy.org/wiki/PWNtcha
If you can isolate a common factor in the registrations (name, email domain, website), try this plugin: https://wordpress.org/plugins/ban-hammer/
If not, try this plugin: https://wordpress.org/plugins/stop-spammer-registrations-plugin/
I am currently running the second one but it still is not working at all, I am still getting new users, at a slower rate but they are still pouring in,
Does your site require user registrations to do certain things? I have no reason for people to register on my blog so I just disable the ability in General Settings and then uncheck “Users must be registered and logged in to comment” in the Discussion Settings.
I then use http://wordpress.org/plugins/anti-spam/ to block Comment spam (along with Akismet).
Moderator
James Huff
(@macmanx)
Volunteer Moderator
I recommend asking at https://wordpress.org/support/plugin/stop-spammer-registrations-plugin#postform so the plugin’s developers and support community can help you with this. There might be some settings that could be tightened up.
@markrh I am making a game website not just a blog so it requires full user interaction.
@james Huff I will ask them thanks for your support.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Hi again umm so I spoke there and the guy helped however it is irrelivent
I ran a test last night by disabling the ability for people to make new accounts yet I still got new members so I am pretty sure one of the admin accounts are breached, I have reset all the passes and demoted all but me to editor. I that stops it I will bring everything back and smile however if not I have been hacked right?
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Just in case, carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
after seeing that even after resetting paswords and setting me the only person who can make users and still getting one (but one nonetheless) user this morning I am treating it as a hack and will follow your guides π hopefully I can find an answer this way π
OK well, I eventually ended up messing up badly enough that I ended up restarting everything from scratch. However the system prevails in getting 10s of spam users. Please I am begging for help I actually have no idea
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Check Settings -> General in your blog’s Dashboard. Do you have “Anyone can Register” unchecked? And, if so, are you still getting new spam registrations in the Users section of your blog’s Dashboard?
I ran a test and when I did do that they still registers, I am trying to fix the issue still however as these users are doing nothing the only problem is that is takes server space.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
And the option is definitely currently unchecked?
If so, run through the hack removal guide already posted above.