Is there a way to stop spam users registering?

are you having members register through WP or through PMPro signups.
do you have any other plugins that have signups available.

Turn off Registration in WP itself and just have then signup via the plugin..

And no there is generally only 1 WP signup option..

Do you have any security plugins on your site.
Consider Ithemes Security or Wordfence etc etc

It is really hard to understand what could be happening with out more info

Hi Pete,

Thanks for the quick reply.

The only signups allowed are through PMpro, and I’m using Theme My Login. So, there is a single TML login page. For signups, you have to go through the PMpro membership levels.

I also have Woocommerce (but I only use external products on it, so you can’t buy anything from the store, meaning you can’t signup there either.

And I have BuddyPress, but I’ve set it so that there is no signup for it. It’s members only (PMpro members).

For security, I have Wordfence, Stop Spammers and Askimet.

I’m not sure, but I think this might be the answer:

Turn off Registration in WP itself and just have then signup via the plugin..

I think I have WP settings set to allow users to register. If I turn that off will they still be able to register via PMpro? I think that might solve the issue if I can turn that off.

Nope. That didn’t work. I went into Settings > General and changed the ‘users can signup’ from ‘subscriber’ to ‘pending’ to see if it would stem the flow, but it just created a signup loop, where new users can’t login.

Here is more information on this issue. It happened again to me yesterday and today. I run very few plugins and yes, I have the latest version of Askimet as well as all the rest of my plugins and site is at the latest version.

I am running Ultimate Member for my club’s membership website. It is very disturbing as all registrations should be going through that and then get held as a pending member. What is disturbing is that I have member’s information on the site, only viewable to those members who are actual “Members”, not pending members.

This spam issue bypasses that protection. Normally, a new member registers and I get an email that there is a pending member waiting for approval. I then physically approve them and change their status from PENDING to MEMBER. These spammers are able to bypass that protection and register directly as members – giving them access to all “Members Only” content.

I’m experiencing the same issue with Woocommerce and ActiveMember360. It just started about 3 weeks ago as well – But it’s added nearly 5,000 new spam members (yikes). I don’t believe they have access to anything (like Marys) because they’re set to a subscriber level, which really gives access to nothing. But it’s a huge pain to figure out who to delete, as I can’t sort sign ups by date (or, I can’t figure out how to sort by date). I know this is a PMpro thread, but I wanted to jump in and mention that I think it might be something from a more recent WP release, that’s impacting those of us with membership sites, vs just a pmpro issue.

I started having the same problem yesterday. WP updated to 4.4.8 and I have been getting “New User Registration” emails ever since. I have over 100. I changed my password, and I updated my site to <I think> 4.7.2 or whatever the latest update is. They keep coming in. I have updated all my plugins and have the latest version of Aksimet. The weird thing is I can’t find them. My registration is for my blog list which is run through Mailchimp. They are not on mailchimp either. Any ideas?

So glad i found this stream because since the WordPress update, i’ve been getting New User Registration emails too, and i only use iContact for which has a captcha. iContact says it’s coming from my WordPress website. WTH???? Luckily, these registrations are not in any of our iContact databases. So what’s the problem here?

me three… or, I suspect, many more

so just following this for now in case there’s any insight beyond these initial questions

Same problem here. Since the WP update I’ve gained a couple hundred followers. Also, the images in my galleries are faded to low opacity. hmmmm. Can we get another update?

Anyone find an answer to the spammer issue?

• This reply was modified 7 years, 11 months ago by spisciotta.

We have this problem too.

I just found this link (https://www.elegantthemes.com/blog/tips-tricks/how-to-defeat-wordpress-spam-users-identify-delete-and-prevent-future-registrations) and found a plugin called SplogHunter, which looks like it can identify existing spammers and prevent future registrations through the form. Haven’t yet seen if it works, but wanted to pass it on!

I’m not sure how this applies with this plugin but I used the information about changing the .htaccess on this page: https://www.inmotionhosting.com/support/website/wordpress/lock-down-wordpress-admin-login-with-htaccess (about halfway down)
and it worked for my situation.

3 days now same problem here… 153 registrations in 3 days. I have Wordfence on the site but no helped in this situation. @ajwd your suggestion is to avoid admin login not spam user registrations. Anyway does anyone has any clue what is the point of this ?

The only people I want “signing up” are customers. I have customers sign up through a different signup than what a typical wordpress subscriber would typically use. I believe the spammers programmatically sign up and apparently this method stops them (it should stop them from using POST unless the request comes from the specified url). When I remove the code I get tons of sign ups despite having “allow anyone to register” turned off. When the code is active I get zero signups… Went from 1 or 2 signups a minute to zero in the last couple days. I did test to make sure customers could still sign up for an account and it still works on my site.

• This reply was modified 7 years, 11 months ago by AJWD.

This is happening to me to. 1 of the subscribers, somehow, made themselves an administrator. I have deactivated new subscribers, changes passwords everywhere, bumped up security and nothing is helping.

Additionally, when this started happening, [email protected] (not me in any way, shape, or form) has been requesting information.

Wordpress needs to fix this ASAP!

yea it is happening with my website too some 200 subscribers ! Don’t know how they get in? All are spammers