Is there a way to stop spam users registering?

  • taela87

    (@taela87)


    7 years, 10 months ago

    Hi,

    I don’t know if this is possible, but is there a way to stop spam registrations?

    I keep getting regular spammy registrations on my site that I’m having to go in and remove every day, and it’s sucking up all my time. I’m not even sure how they’re registering because they’re coming in as subscribers, but they don’t have a membership level, which shouldn’t be possible

    I’m running Stop Spammers, Wordfence and Askimet on the site, but they’re still getting through, somehow. I’ve blocked all of yahoo.com from subscribing in an attempt to get rid of them (90% of the spammers were using Yahoo email addresses).

    I can’t work out how they’re subscribing without selecting a membership level. Is there a secret WordPress signup page or something that I’m not aware of?

    Any tips on where to start looking and how to shut them down would be really helpful.

    https://wordpress.org/plugins/paid-memberships-pro/

Viewing 13 replies - 16 through 28 (of 28 total)
1 2
  • webmystery

    (@webmystery)

    7 years ago

    I’ve got a surge of users registering on one of my sites (one of the few on godaddy) right now. Wordfence and Akismet are not stopping them. I’ve temporarily disabled the option to allow new subscribers which prevents the new accounts, but Wordfence shows that some bot is hitting the registration page at the rate of about 3 times per minute, and switching to a different European IP every minute. I’m lucky I caught it this morning right when it started happening or i’d have thousands of fake users. This particular site is designed for a local organization as a community portal, so we HAVE to allow new users. I can block other countries, but IMHO that is only a temporary work around becasue this bot could easily move to the US. And legitimate users do travel. I’m going to try installing https://wordpress.org/plugins/theme-my-login/, which changes the login/register url – security in obscurity. I’ve used this plugin before for a similar problem on another site.

    webmystery

    (@webmystery)

    7 years ago

    correction. Theme My Login didn’t help but https://wordpress.org/plugins/rename-wp-login/ does.

    assupport

    (@assupport)

    7 years ago

    Hi everyone,

    Thanks for all the tips. I wanted to update you on WangGuard: I installed it but was unable to activate my account. I tried about 6-7 times, contacted support twice, and nothing. Then I got locked out of my site – a problem that my hosting confirmed was WangGaurd related.

    It seems that the plugin is no longer actively supported and a quick look online showed me that others are experiencing this same problem (both in terms of activation problems, lack of answers, and being locked out of their sites).

    Needless to say, WangGuard is now uninstalled and I won’t be recommending it to anyone. Might have been great once upon a time, but it cost me a lot of time and frustration.

    • This reply was modified 7 years ago by assupport.
    ibrahimwalied

    (@ibrahimwalied)

    7 years ago

    I came across this plugin and currently testing it “WPS Hide Login”

    haagamble

    (@haagamble)

    6 years, 12 months ago

    Experiencing the same problem since I updated to WordPress 4.7.4 a couple of days ago. Anybody have a good solution yet?

    vusi

    (@vusi01)

    6 years, 11 months ago

    To resolve this issue, you need to ad a reCaptcha on your site registration or signup forms. depending on what plugin you are using. see how to do it https://www.google.com/recaptcha/intro/invisible.html

    MaryCarlson55

    (@marycarlson55)

    6 years, 11 months ago

    I am now using a spam catcher – it is working:

    “WP-SpamShield has blocked 15,516 spam! That’s 239 spam a day”

    netballscoop

    (@netballscoop)

    6 years, 11 months ago

    Glad I found this thread. Running Ultimate-Member with EDD on my site with reCAPTCHA on the registration page, have moved the WP default registration page to another URL so that it is obscured. Am running WP-Bruiser and Spam-Master and still I’m getting spam registrations. Seemed to start happening at around the 4.7.1 release for me.

    Can’t work out where the registrations are coming from apart from I am getting an email when these spammers register. As Ultimate Member and EDD are set not to email when a user registers they must be coming from core but I don’t know how they are avoiding the anti-spam plugins.

    Am running NGINX so a couple of the anti spam solutions don’t work (no .htaccess). Are others here running NGINX?

    Trying to work out what the common component is.

    haagamble

    (@haagamble)

    6 years, 11 months ago

    My spam registrations have stopped. I’m trying to remember what I did. I didn’t install anything new. I’m using Jetpack, and I changed some settings under Traffic Growth – I unchecked “Publicize” and “Enhanced Distribution”. Could that have made the difference?

    dakotadearborn

    (@dakotadearborn)

    6 years, 11 months ago

    This is the best help I can provide. First, if you’ve deactivated registration, good. Second, check to make sure your widgets does NOT contain the “meta” as it provides the log-in and register option. Third, if that’s all done and you’re still getting the spam, redirect these links: (http://www.yourwebsitehere.com/wp-login.php?action=register, http://www.yourwebsitehere.com/wp-login.php?action=registered, http://www.yourwebsitehere.com/wp-login.php).

    you can also use wordfence live traffic to look at the links they are hitting. I may be on the wrong idea for what types of registrations for members only, but I literally just started getting these spam registrations in the last 24 hours. lol a new problem a new solution, I guess..

    RavenMediaLLC

    (@ravenmediallc)

    6 years, 11 months ago

    Having the same issue. Following…

    • This reply was modified 6 years, 11 months ago by RavenMediaLLC.
    amylaze

    (@amylaze)

    6 years, 11 months ago

    I’m very new with wp But: wp has a standard login and registration url that contains the domain name for the registration is always the same except for the domain. For example:
    http://abcd.com/wordpress/wp-login/xxx/xxx

    All the spammer need do is use a script to change domain name “abcd.com” to get to the original wp login and registration and enter standard information to generate a new user. This bypasses your security and the spammer never goes to you registration page.

    We fixed this by redirecting the default wp url to go to our registration page, which has more required fields.

    Please let me know if this fixes the problem for you. Best Wishes

    Dottianne7747

    (@dottianne7747)

    6 years, 11 months ago

    Hi amylaze, where did you put the redirect code?

Viewing 13 replies - 16 through 28 (of 28 total)
1 2
  • The topic ‘Is there a way to stop spam users registering?’ is closed to new replies.