Spam registrations

I’m running a small blog (= a couple hundred unique visitors per day) and have been pretty lucky so far in respect to security. I get literally no spam comments, I use captchas on my contact forms etc. so aside from a few advertisement contacts (which I just delete) I’m doing fine.

My problem is that as my traffic increases I’m getting pounded by spam registrations. No comments, just phony usernames creating accounts and filling up my “Users” list. I manually look up their ip then blacklist them from my server before deleting their account, so I don’t get struck twice. I tried activating Akismet but of course that only deals with comments, not registrations. I’ve read that you can deselect “Anyone can register” but I don’t want to alienate real users from creating an account. (At this point, if anyone already knows a solution to this problem, please enlighten me.)

As I browsed around in my admin I started wondering if the issue lay in the WP interface itself. When a bot or spammer gets to the “register” screen, it just has to enter a username and e-mail and submit – no security. Of course if your site is well-protected, it can’t get much further. But what if the programmers could integrate some kind of semi- robot-proof field into the registration form, say a captcha, or a security question that takes a human brain to answer, and functions like a password that won’t allow the entity to submit without the correct text in the field “just to make sure you’re human” (e.g., “Who is the current US President?” > “obama”).

I’m not terribly literate in computer programming or security but it was just a thought. Why make it any easier for them than we need to? I’d like to know if this is a plausible idea or if anyone else has some suggestions.

By the way, I do think WP is terrific. Thanks you guys!