WordPress Spam Registrations
A Bunch of Spam Registrations
I’m getting a lot of spam registrations for a WordPress site. Interesting thing is; I’ve only allowed user registrations for about 5 days, but have had subscribe to new posts forms all over the site for ages.
A normal person would think anyone wanting to subscribe to post/page updates would use one of the convenient subscription forms. But no, it seems they want to register accounts 🙂
The other interesting thing is, the only links to the registration/login forms are from a very small forum section, literally less than a handful of pages. So how are these users finding the form?
Human Registration Bots
Why do I say human registration bots? Simple – the registration form is not very bot friendly. It’s not the standard WordPress registration form. Instead it has several additional required fields.
Maybe they are spammers using a bot to find the forms on the web, then entering the required information – user name, first name, last name, e-mail and solve the CAPTCHA code.
It probably won’t let you register anymore, not unless you go to it from the forum page as I’m testing a system to require my own domain as the referrer. And it may lock you out for a few minutes…
Hopeful Wishing Spam Registrations
For the first few days the site was open to registrations, nearly every user registering filled in the website field – with a link to some junk post, not the website home URL. That’s a good sign of a spam registration.
Seems these spammers were hoping to get a backlink to their rubbish.
Guess what, they can’t do it anymore. Why? I removed the website field for subscriber profiles.
All in a Good Cause
Opening the site to registrations was done in a good cause;
- Letting users of our plugins use the support forum
- Finding ways of improving on existing WordPress anti-spam-registration systems
- Part of our campaign to improve WordPress Security
Testing Anti Spam Registration Plugins
Part of our anti spam registration tests involve using several WordPress plugins. alone or in combinations. These plugins must work with the standard suite of plugins used; WordFence Security, WP-Ban, and AP Honeypot.
First plugin on test is Stop Spammer Registrations Plugin. So far, results are good with 4 spam registrations blocked in the first 4 hours. Three days later there have been no spam registrations whatsoever – with 45 blocked.