How to stop Registration Spams on your WordPress Website?


 The internet plays an important role in every sector nowadays be it social, professional or any other purpose. But it can be quite dangerous and troublesome too. Due to the growing popularity of WordPress, it has been an easy target for the spams. Spams are basically unsolicited commercial messages. They contain a lot of similar messages and comments about irrelevant contents and can be quite annoying to deal with. However, that’s not the only downfall! Spams may lead to unwanted hassles and sometimes quite dangerous situations when you give out your personal information. More on this later on the post! 

But how exactly does spamming or spams work? Well, the spammers create many spam bots to make them. It is a system that can create thousands of spams at once. The main purpose of the spam is to gain a cheap promotion of the affiliated company or organization. These spams are quite helpful to gain some revenue for them too. They can also defect the systems of a competitive organization through the contamination of malware and viruses. Some spams are also created by anti-spam developers to gain the installs for their anti-spam software.

Spams can appear through sources like email registrations, email messages, website comments and many more in WordPress. Among them, the most tiresome spam to deal with is the WordPress registration spam. With the help of spam bots, thousands of registration can be performed with fake email addresses. It is very difficult to go through all of them one by one and picking out the registrations that are spams. So, in this article, we will be showing you how to stop the WordPress registration spam on your WordPress website. But first, let us go through how they can affect our website.

Why should the WordPress Registration Spam be Stopped?

  • They take a lot of the storage: Many WordPress registration spam can appear at once in your website. These spams also take large storage in your devices and servers. Even though a WordPress registration spam is of a very small size, they can take a lot of unwanted space when they come in a bulk. If you stop spams and remove them immediately, you can use the storage usefully.
  •  Competitive markets: The spams can also disrupt your website or even the devices through malwares. This might lead to the termination of the website if proper backups are not done. Sending the WordPress registration spam with malware is mostly done by the competitive agencies for a business advantage.
  • Automatic forward of spams to registered users: With the help of the malware, the spams can also be automatically forwarded to the registered users on your website. It might happen when you accidentally click on the spams. This might be a bad impression of the user’s’ perspective towards your website.
  • Slow performance of the website: The spams tend to use a lot of your server resources and make your website very slow and unusable. You will also lose a lot of bandwidth eventually and reduce the speed and performance of your website.
  • Other security threats: The malware in the spams can also alter the credentials of the editors, authors or even admins of the website. The roles of the users can also be changed through these malwares which can result in your website being hacked too.

How to Block WordPress Registration Spam?

Now that you know how harmful and disadvantageous the spams can be, we’ll now move onto the process of preventing or stopping the process of spamming on your WordPress site! The most effective way to do so is by using a registration plugin that has capabilities to stop it.

For this demonstration, we’ve used the User Registration developed by WPEverest. It is a free plugin that has all the basic features to stop spams from your website registration. There are four ways through which you can stop the WordPress registration spam with the help of this plugin. But before that all you need to do is install the plugin and follow the methods mentioned below:

1. Email confirmation approval:

One of the best ways to block the WordPress registration spam is to use the approval from email confirmation. When a new user is registered on your website, you can send a confirmation link to the user’s email address. This will ensure whether it is a fake email address or not. If it’s a fake email address, it won’t be possible to open the confirmation link as the link will never be delivered. If it is a real account, the confirmation link can be clicked by the real user. The user can then be verified.

For this, go to the User Registration>>Settings of your Dashboard. You will be provided with the User login option in the General section. Then select Email confirmation to login.

wordpress registration spam email confirmation

You can also make the necessary changes in the Email confirmation configuration in the Emails section.

You will see the verified status in the User Registration Dashboard. If the status is on pending for too long then you can know that it’s a spam.

2. Admin Approval:

You can also block or stop spams using admin approval on User Registration. In most cases, we can know whether it is a WordPress registration spam or not by just taking a glance at the email address. So, if the email address seems to be a spam or a fake user, the admin can deny the registration of the particular user. The WordPress user registration spams can then be blocked in this way.

To activate the admin approval, all you need to do is open your dashboard and go to User Registration>>Settings. Then, under the User login option in the General section, select Admin approval after registration. You can make further changes in the Email section for your admin approval to function as you wish.

wordpress registration spam admin approval

Once you save the changes, the users that have registered to your website will appear on the dashboard. Then you can approve or deny their registration according to their email address.  

3. Google ReCAPTCHA:

One of the easiest and most common ways to block the spam bots is by using the Google reCAPTCHA. It is a system developed by Google to distinguish whether a user is a human or not. It uses many techniques to determine the user as a human. The most common method is to use the “I’m not a Robot” checkbox. After the user checks into it, he or she will have to select some images out of a given set of 9 images. This task can only be performed and completed by humans. Any attempt by a bot will surely lead to its failure. So, if the WordPress registration spam is created with the spambots, they will never be able to pass this obstacle.

wordpress registration spam recaptcha

To enable it, you need to go to the User Registration>>Settings of the dashboard. Then click on Integration section and enter the Site Key and Secret Key and save changes. You can get the keys from the official website of reCaptcha under the My reCAPTCHA button.

Then, open your registration form from User Registration of your dashboard and go to Form Settings and select Yes for Enable reCAPTCHA support and click on Update form.

4. Redirecting default registration to some other pages:

Some of the WordPress registration spam are sent targetting the login page of your WordPress website like “”. To prevent this, you can redirect the wp-login page directly to the registration page of your website. You can use a page redirection plugin for this like the Redirection plugin.

All you need to do is install and activate the plugin and open the Tools>>Redirection from your dashboard. Then click on Add New and enter the URL of the WordPress login page in Source URL. Put the link to the user registration page of your website in the Target URL. Then click on Add Redirect

wordpress registration spam redirect url

The spammers who search for the WordPress default login page will be automatically redirected to the registration page. So, they can’t send spams to the admin directly. The registration page can also be spam proofed using any of the above-mentioned techniques.  

Alternative Plugins to stop WordPress Registration Spam:

There are alternative plugins that can stop spams in your WordPress website through registrations too with different approaches. All you need to do is install the plugin. We’ve highlighted the features of these plugins and mentioned some of them below:

1. Stop Spammers:

wordpress registration spam stop spammers

It is a plugin which helps you to block the spams coming into your website. Stop Spammers uses many techniques to monitor your website for any suspicious spam activities. It also blocks the bad hosts that allow the spam activities to your website. A list of all these hosts is also maintained for future references. This can help you to block the WordPress registration spam in the near future as well. It will be also helpful to your other websites as well if you own or manage more than one websites.  

Download + Demo + Details

2. Akismet:

best plugins for blogs Akismet

Developed by the developers from the WordPress itself, Askimet is considered one of the best plugins to prevent spams. It automatically analyzes the comments on the website and filters the ones which look like spams. Even though it is specifically focused on spams from comments and contact, it can help you with WordPress registration spam too. You can stop them by installing the plugin and unchecking the Anyone can register checkbox of the membership. This checkbox can be found on Settings>>General of your dashboard.

Download + Demo + Details

Wrapping Up:

These are the different ways by which you can stop spams in your website through registration with the help of a plugin. We’re sure that you won’t have problems with the WordPress registration spam in your website. You don’t need to apply all these methods to stop the spams in your registration. Implementing any one or few of these methods will be enough to stop spams depending on your necessity.

If you have any advice or reviews on the plugins, please feel free to mention them on the comments. You can also find the following articles quite interesting if you liked this one:


Sajan Ratna Shakya

Leave a Reply

Your email address will not be published.

3 thoughts on “How to stop Registration Spams on your WordPress Website?

  1. I have a simple WooCommerce store. I have disabled “Anyone can register” (uncheck the checkbox in Settings -> General). I am still getting spam user registrations with default role as ‘Customer’. I firgure bots are using my WooCommerce account page to create signups. Is there any way to block them or add captcha? My account page has this text [woocommerce_my_account] how can I edit this shortcode?

    1. Hello Ezra,
      You need to create a new page for the shortcode [woocommerce_my_account] as needed here. Then, you can add captcha. We hope this helps. 🙂

  2. Thank you so much for such a great post!

    I was really struggling with how to control spam registrations on my site. I would get a few hundred per hour! In came to a point that I was unable to keep up with some many spam registrations. I would have, for example, hundreds of new spam registrations with email addresses ending in and

    After reading this post, I implemented options 3 aobve (Google ReCAPTCHA) and I didn’t have a single spam new registration overnight! And the added benefit was that there were not even one spam comment as well.

    So I’m coming here today to give you a big thank you for this post and for giving me the simple solutions I needed.

Scroll to top

Pin It on Pinterest