Title: Multisite registration spam Last modified: August 20, 2016 --- # Multisite registration spam * [sturvey](https://wordpress.org/support/users/sturvey/) * (@sturvey) * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/) * Hi, * I’ve installed the Cookies for Comments (inc the htaccess code) and Bad Behaviour plugins but they aren’t stopping spam registrations. I haven’t done any configuration of these plugins as it seems you’d have to do them on a blog by blog basis, but apparently they don’t need configuring for most users anyway. * Any advice on why they aren’t being effective and/or other plugins to try? I’d rather not have to admin approve registrations if possible. * Thanks. Viewing 15 replies - 1 through 15 (of 28 total) 1 [2](https://wordpress.org/support/topic/multisite-registration-spam/page/2/?output_format=md) [→](https://wordpress.org/support/topic/multisite-registration-spam/page/2/?output_format=md) * [Ed](https://wordpress.org/support/users/coopeh/) * (@coopeh) * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2745855) * Is Akismet not effective for you? * Thread Starter [sturvey](https://wordpress.org/support/users/sturvey/) * (@sturvey) * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2745905) * For comments yeah, but not for reistrations @ wp-signup.php * [Ed](https://wordpress.org/support/users/coopeh/) * (@coopeh) * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2745906) * Ah, sorry I completely misread the title and your post it seems! * We use Anti-Splog from WPMUDev but it’s a paid plugin, very effective though. I recommend trying WangGuard though, it’s very good. * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2745916) * Cookies for Comments – [Read this thread](http://wordpress.org/support/topic/plugin-cookies-for-comments-can-this-functionality-be-added-to-registration-pages?replies=10) * You have to add something to your .htaccess, but it works great. * Also check out [Darcy Normam’s htaccess tweak](http://www.darcynorman.net/2009/05/20/stopping-spamblog-registration-in-wordpress-multiuser/) * Thread Starter [sturvey](https://wordpress.org/support/users/sturvey/) * (@sturvey) * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2745922) * Would one of these techniques also block genuine users seeing as most of my sign ups will come from direct links to wp-signup.php via an e-newsletter? * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2745936) * Nope. What they do is say ‘If you’re trying to pass the data to wp-signup without clicking the SUBMIT button, you’re a spammer.’ Which is true 🙂 * Thread Starter [sturvey](https://wordpress.org/support/users/sturvey/) * (@sturvey) * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2745937) * ok, so I’ve got: * ``` # BEGIN ANTISPAMBLOG REGISTRATION RewriteEngine On RewriteCond %{HTTP_COOKIE} !^.*59a5259c983ed123457907875dd8d758.*$ RewriteRule ^wp-signup.php - [F,L] RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .wp-signup.php* RewriteCond %{HTTP_REFERER} !.*mywebsite.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) http://lmgtfy.com/?q=spammer [R=301,L] # END ANTISPAMBLOG REGISTRATION # BEGIN WordPress ... ``` * This is the htaccess inside my wp folder, not my website root htaccess file. Everything look ok? * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2745942) * Assuming you changed `mywebsite.com` to your website 😉 * Is WP installed in a subfolder? And if so, is it running out of mywebsite.com/ wp/ ? * Thread Starter [sturvey](https://wordpress.org/support/users/sturvey/) * (@sturvey) * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2745943) * subfolder and /blogs/ * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2745944) * Should be fine 🙂 Just making sure you’re not trying to install it in /blogs/ and run it out of / 😉 That way lies shenanigans. * Thread Starter [sturvey](https://wordpress.org/support/users/sturvey/) * (@sturvey) * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2745996) * I’m getting a 403: * Forbidden You don’t have permission to access /blogs/wp-signup.php on this server. * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2746022) * And you changed `mywebsite.com` to your actual URL? * It works perfectly on my site. * Remove this for a test: You may have done that wrong. * ``` RewriteCond %{HTTP_COOKIE} !^.*59a5259c983ed123457907875dd8d758.*$ RewriteRule ^wp-signup.php - [F,L] ``` * Thread Starter [sturvey](https://wordpress.org/support/users/sturvey/) * (@sturvey) * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2746023) * yep. it works if I remove those two lines. how have i done that wrong? * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2746024) * `59a5259c983ed123457907875dd8d758` must not be right is all I can think. * You’ve got `css.php?k=59a5259c983ed123457907875dd8d758&o=i&t=XXXXXXXXX` right? And you’re ONLY getting the stuff in front of `&o=i...` right? * Thread Starter [sturvey](https://wordpress.org/support/users/sturvey/) * (@sturvey) * [14 years ago](https://wordpress.org/support/topic/multisite-registration-spam/#post-2746025) * Here’s the image from view source: * img src=”[http://www.mywebsite.com/blogs/wp-content/plugins/cookies-for-comments/css.php?k=59a5259c983ed12345907875dd8d758&o=i&t=1343467019″](http://www.mywebsite.com/blogs/wp-content/plugins/cookies-for-comments/css.php?k=59a5259c983ed12345907875dd8d758&o=i&t=1343467019″); Viewing 15 replies - 1 through 15 (of 28 total) 1 [2](https://wordpress.org/support/topic/multisite-registration-spam/page/2/?output_format=md) [→](https://wordpress.org/support/topic/multisite-registration-spam/page/2/?output_format=md) The topic ‘Multisite registration spam’ is closed to new replies. ## Tags * [Registration](https://wordpress.org/support/topic-tag/registration/) * [wp-signup](https://wordpress.org/support/topic-tag/wp-signup/) * In: [Networking WordPress](https://wordpress.org/support/forum/multisite/) * 28 replies * 3 participants * Last reply from: [Ed](https://wordpress.org/support/users/coopeh/) * Last activity: [13 years, 12 months ago](https://wordpress.org/support/topic/multisite-registration-spam/page/2/#post-2746074) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics