WordPress Spam Registrations

A Bunch of Spam Registrations

I’m getting a lot of spam registrations for a WordPress site. Interesting thing is; I’ve only allowed user registrations for about 5 days, but have had subscribe to new posts forms all over the site for ages.

A normal person would think anyone wanting to subscribe to post/page updates would use one of the convenient subscription forms. But no, it seems they want to register accounts 🙂

The other interesting thing is, the only links to the registration/login forms are from a very small forum section, literally less than a handful of pages. So how are these users finding the form?

registration form image

Human Registration Bots

Why do I say human registration bots? Simple – the registration form is not very bot friendly. It’s not the standard WordPress registration form. Instead it has several additional required fields.

Maybe they are spammers using a bot to find the forms on the web, then entering the required information – user name, first name, last name, e-mail and solve the CAPTCHA code.

It probably won’t let you register anymore, not unless you go to it from the forum page as I’m testing a system to require my own domain as the referrer. And it may lock you out for a few minutes…

Hopeful Wishing Spam Registrations

For the first few days the site was open to registrations, nearly every user registering filled in the website field – with a link to some junk post, not the website home URL. That’s a good sign of a spam registration.

Seems these spammers were hoping to get a backlink to their rubbish.

Guess what, they can’t do it anymore. Why? I removed the website field for subscriber profiles.

All in a Good Cause

Opening the site to registrations was done in a good cause;

  • Letting users of our plugins use the support forum
  • Finding ways of improving on existing WordPress anti-spam-registration systems
  • Part of our campaign to improve WordPress Security

Testing Anti Spam Registration Plugins

Part of our anti spam registration tests involve using several WordPress plugins. alone or in combinations. These plugins must work with the standard suite of plugins used; WordFence Security, WP-Ban, and AP Honeypot.

First plugin on test is Stop Spammer Registrations Plugin. So far, results are good with 4 spam registrations blocked in the first 4 hours. Three days later there have been no spam registrations whatsoever – with 45 blocked.

me on google plus+Mike Otgaar

About Mike

Web Developer and Techno-geek Saltwater fishing nut Blogger

Posted on September 16, 2013, in Spam, WordPress and tagged , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: