A few months ago, one of my WordPress sites started to get hit by spam registration bots. First, they hit my forum's registration, so I had to turn off registration there for a while.
A separate WordPress site of mine, on a different server, started seeing this exact same problem last week. No matter what settings I use, the registrations get through. I can't figure it out, I can only guess that maybe there's an army of actual people out there who go around registering spam accounts for whatever reason.
Any ideas on what I can do? Up until this started, I loved the plugin, it worked like an absolute charm. I always keep my WordPress versions up to date and take server security and permissions seriously, so this has me stumped.