WordPress is the most popular platform for creating a blog or website. This is probably the reason it attracts spammers. You should take care to stop WordPress spam registration.

Spam usually concerns the article’s comments. But, when your blog is open to member registration, many of them will come from spammers.

WordPress spam registration is usually easy to be recognized. Strange usernames without member name or CV.

You may use online resources to identify if the IP or the domain name of the new member is related to spam or not. One of them is Stop Forum Spam.

Stop WordPress Spam Registration With a Plugin

ReCaptcha plugin

It is very important to use ReCaptcha on the registration page. Please, keep in mind that it will reduce spam, but it will not eliminate it. Some bots can bypass it.

There are many plugins available. Just select “Add new plugin” from your WordPress Dashboard and search for “Recaptcha”.

I use Login No Captcha reCAPTCHA. It adds a Google ReCaptcha checkbox to login, forgot password, and user registration pages.

WPBruiser {no- Captcha anti-Spam}

According to its author: “eliminates spam-bot signups, spam comments, even brute force attacks”.

You should give it a try.

Plugins based on Stop Forum Spam

You may find interesting the following plugins, as they are mentioned in the Stop Forum Spam page

1. Stop Spammers
2. Stop Signup Spam
3. AVH First Defense Against Spam.

Plugins 2 and 3 have not been tested with the latest three major releases of WordPress.

Other options

Consider using the following plugins

• Spam protection, AntiSpam, FireWall by CleanTalk
• CM Email Registration Blacklist

It would also be a good idea to use a plugin for email verification.

Stop WordPress Spam Registration Without a Plugin

Here is a “quick and dirty” way to utilize Stop Forum Scan to prevent spam registration.

This solution assumes that you are using a child theme. So, open functions.php file and use the following code.

After a suspicious registration check Stop Forum Spam for this email.

PHP xml extension is required.

function restrict_registration($login, $email, $errors ){
    $blacklisted = false;

    $url = 'https://api.stopforumspam.org/api';
    $data = [
        'email' => $email,
    ];

    $data = http_build_query($data);

    // init the request, set some info, send it and finally close it
    $ch = curl_init($url);

    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    $result = curl_exec($ch);

    curl_close($ch);

    $xml = simplexml_load_string($result, "SimpleXMLElement", LIBXML_NOCDATA);
    $json = json_encode($xml);
    $a_resp = json_decode($json,TRUE);

    if ('yes' === $a_resp['appears']) {
        $blacklisted = true;
    }

    if( true === $blacklisted){
        $body = 'Registration denied for: ' . $email . '. Username: ' . $login;
       wp_mail('you@your-mail.com', '[www.example.com] Registration denied', $body);
       $errors->add('domain_blacklist_error',__( '<strong>ERROR</strong>: Something went wrong.' ));
    }
}
// https://developer.wordpress.org/reference/hooks/register_post/
add_action('register_post', 'restrict_registration',10,3 );

It is based on register_post hook.

The use of wp_mail is optional. It is useful if you want to receive an email notification after any denied registration.

Conclusion

Try to use as few plugins as possible. I chose to use the ReCaptcha plugin and the above custom code.

Related Posts

You may also be interested in

• Getting Started With WordPress In 2020
• How to Create, Read, Update and Delete Cookies with PHP or Javascript
• How And Why To Use a VPN For Your Business

Christos Pontikis

Entrepreneur | Full-stack developer | Founder of MediSign Ltd. I have over 15 years of professional experience designing and developing web applications. I am also very experienced in managing (web) projects.

www.pontikis.gr/en