5 Ways to Stop Spam User Registration In WordPress - ProfilePress

5 Ways to Stop Spam User Registration In WordPress

One problem plaguing WordPress membership sites is spam user registration, which can also be referred to as user registration spam or spam bot registration.
This occurs when user accounts that are spammy are being created at regular interval.

If your WordPress site allows users to register, it’s probably vulnerable to spammers. In this article, we’ll show you 5 ways to easily eliminate or stop spam registration in WordPress.

If your website doesn’t have a need for user signups, disable WordPress user registration so you don’t have to deal with spam users by navigating to Settings >> General and ensure Anyone can register isn’t checked in “Membership”.

WordPress user registration / membership settings

Let’s go over the ways we can stop spam registrations with the ProfilePress WordPress plugin.

1. Default Registration Page Redirect

The default signup of WordPress located at https://yoursite.com/wp-login.php?action=register is often a target for spammers and bots as they are programmed to go looking for that link to register fake users.

One efficient way of stopping spam registration is by redirecting requests from the default register page to a custom registration form page.

Thankfully, you can use ProfilePress to create a registration form that can be embedded to a page via shortcode to make a custom registration page as well as handle the redirection. It can also redirect default login and lost password pages to their custom equivalents.

See also: WordPress User Redirections with ProfilePress.

2. Google’s reCAPTCHA

Traditional CAPTCHA works by providing a test question that the user must answer in order to submit a form which from research, decreases form conversion.
Google has improved the experience by creating No CAPTCHA reCAPTCHA that only require users to click a checkbox. It’s that simple.


Aside from its simplicity, it has been found to effectively stop spammers and bot attack against online forms. We have a guide on how you can add reCAPTCHA to your custom registration forms.

3. Akismet

Akismet is a spam-fighting service that protects millions of WordPress sites from not just comment and contact form spam, but also spam of any kind.

We’ve integrated with their anti-spam service to protect your registration form against spam/bot registration.

This is a great alternative to reCAPTCHA because it requires no action from the user.

4. Email Confirmation

User email confirmation or activation is a potent measure in blocking spam registrations. It requires all new users to click a confirmation link sent to their email in order to confirm or verify their email addresses before their accounts are activated, spambots are less likely to get through this security.

Users who haven’t confirmed their email address will be placed in pending mode. And as an admin, you can manually email verify them or delete the spam users.

See also: WordPress Email Confirmation for Registered users.

5. Admin New User Approval

Another spam registration preventive measure is the manual approval of new users.

With this feature activated, all new users will have to be manually approved by you, the administrator before they can log in and use the website. And if they appear spammy, you can block or delete them.

User Moderation Module in Action

You’ll receive an email notification for each new user registration request, and the option to even approve or block their accounts right inside the email.

Now you know how to stop spam registrations in WordPress. What are you waiting for? Get the most powerful WordPress registration form plugin now.