How To Tell If New User Registrations are real?

Bots leaving spam registrations are just about as common as bots leaving spam comments.

Though I haven’t used this plugin before, it does seem rather promising: https://www.ads-software.com/plugins/stop-spammer-registrations-plugin/

I don’t want to turn off the settings to prevent people from subscribing.

Turning off site registration will not stop anyone from subscribing to an e-mail list or posting a comment, so I treat registration by understanding and deciding whether it is actually *needed* either by myself or anyone else. For example, anyone could sign up (subscribe) for a newsletter and then only registered users could post comments if you were to set things up that way. Also, just ignore the fact that the default user role is called “Subscriber” since an e-mail subscription is something else.

At one site, I had registration turned on while knowing I would have to cull most…then just turned it back off and posted a note letting people know they could send an e-mail or use the contact form to request site registration in order to access a specific site feature not available to ‘bots and such.

Turning off site registration will not stop anyone from subscribing to an e-mail list

Unless it’s a subscription plugin that actually uses the Subscriber role. Such plugins are becoming more and more rare now as many adopt their own user systems, but there are still some that do make use of the Subscriber role.

Thanks for the link to that plugin I’ll give it a try now.

I’m using the Subscribe2 plugin/widget, do you know if it will still work if I turn off the membership/register setting?

It’s basically only good if you have hidden content only available to registered members or only want registered people to comment, sort of like how forums operate?

So if I wanted to find a plugin that could add a forum or show how many users are online, would I have to have the membership option turned on or do those plugins run without it?

I already have Akismet running, but I think it only protects against spam comments, not registration comments, and apparently this new plugin you sent me the link to does everything, so I think I’ll delete Akismet and just use the Stop Spammers plugin.

The last time I used Subscribe2, it used WordPress’s users system and Subscriber role, so I believe that yes you will need to keep registration open for that plugin.

To double check, I recommend asking at https://www.ads-software.com/support/plugin/subscribe2#postform so the plugin’s developers and support community can confirm that.

Bad news: the registrations are still happening though I have the Stop Spammer plugin activitated!
It says it has stopped 95 spammers so far in just a few hours, but I am still getting new user registration notiications by email.

Are email subscriptions the only thing you use registration for? If so, maybe it’s time for a subscription service with its own user system, like Jetpack Subscriptions, MailPoet, or MailChimp?

I would like a better fix for this issue. If they are really spam bots they are getting through that high rated security plugin that is supposed to keep them at bay, which either means that plugin isn’t working or they aren’t spam after all, OR they are the most stubborn spammers in the world. So if they truly are spammers, there must be a better way to prevent them from registering on my site rather than turning off the membership option. I’m literally getting a subscriber every hour, which seems unbelievable to me.

I don’t want to get rid of Subscribe2. I just tried the plugins you mentioned and they did not transfer my email list over. If I get rid of Subscribe2, I also get tid of all of my readers.

The plugin now says it has stopped 185 spammers, so it does seem to be working and doing something. It says there has been 143 admin login attempts. Does that mean someone is trying to hack into my site or try and guess my password? I do have Login Lockdown activated. Could all of those registrations be one person?
Maybe I should be looking into better security plugins?

It’s not a security issue. You have registration open, and people or bots are registering, that simply the nature of the system.

For assistance with the plugin itself, I recommend posting to https://www.ads-software.com/support/plugin/stop-spammer-registrations-plugin

How do you know my security is not being threatened? Please explain. If it is a person that is trying to sign up hourly, that isn’t a good sign, right? If it is a person they’d be more intelligent than spambots which could explain why the plugin isn’t removing their registrations, right?
Login Lockdown by default does a lockdown after 3 login attempts for an hour. And I am getting a new registration every hour which I find coincidental.

I know it’s not the same thing but if they are finding the registration option, they can also easily access my admin panel, right? If I understand it correctly, the Stop Spammers plugin is saying someone is trying to access my admin panel quite frequently. Maybe they are registering to find another way around, I have no idea.

No, it’s not simply the nature of the system because this has literally just started in the last week or so. I have never had this issue before in all the years of having my site. So, why the recent influx? It’s happening literally every hour. And it seems silly to just put a temporary bandaid on it. Nobody should have to shut off registration just to prevent crazy ninja bots or hackers from flooding their site. There has got to be a better way to stop them.

I have researched this exact topic coming up before, and there was no better fix in those topics.

I don’t need assistance with that plugin, it seems to be working just fine, it’s just not picking up on these registrations as being spam.

I just found this website that lets you check the authenticity of email addresses, although I’m not sure how accurate it is. I tested my email address and it seemed to work. https://mailtester.com/
I tested quite a few of these email addresses, a few were not valid, but most of them had ip addresses associated with them but the server didn’t allow verification or something like that – not really sure what that means. So ultimately, I’m still not exactly sure if that’s bots, or a peron using disposable emails or what. But looking at the emails and usernames, they all do seem to be similar in that there’s a first name, first and last name, or name with numbers and the usernames always capitilze the first letter of the name.

How do you know my security is not being threatened? Please explain. If it is a person that is trying to sign up hourly, that isn’t a good sign, right?

Simply registering at your site is not a security issue and your site is not being threatened. It just means you’ve left registration on on your site and that’s a feature you’ve enabled. You are getting registration spam. That’s all there is to it. ??

Personally, I never need anyone to register at my site. The only thing I let other people do is leave comments and that’s it. No registration needed.

Why not just turn off that feature on your site? It is not needed for people to subscribe to your posts. There are plugins that do that well and handle the subscription. I use Jetpack for that but there are others.

I also turned off registration for 5 hours as a test to see if it detours them, turned it back on and am going to test all 3 plugins running at the same time (Akismet, Bad Behaviour and Stop Spammers), and if they don’t work I’m going to look into better security plugins because it might not be spambots I’m dealing with and could be a hacker.

I’m sort of grasping at straws here but in a perfect world I would like to be able to keep the registration setting on because I have been thinking of adding a forum to my site.

They told me that Subscription2 will work perfectly fine with the membership/registration setting turned off so if I have to keep it off, then I won’t lose my readers. But I’d still like to have the option of keeping it on if I wanted to, obviously without being flooded with these weird hourly registrations.

@ Jan, because I don’t want it turned off. I don’t consider it useless. And it doesn’t seem to be normal registration spam at all, especially considering all the points I’ve mentioned and the fact that this has never happened before.