Can wordfence block spam registrations?

  • Resolved flamuren

    (@flamuren)


    11 months, 2 weeks ago

    I really need someones help.

    The question is more or less in the title. But for some background:

    I have a job board, with WPJM plugin, mostly some other “famous” plugins. I have started get alot of spam registrations lately.

    The theme creator has no issues with this on his demo page, so the theme seems to not have any bugs. I use manual approval for new users (they have to optin through email), i have removed the “allow users to register” in wordpress settings, installed wordfence, have recaptcha on registration page and custom wp-admin page url. No idea what more to do.

    At the moment I manually look at the site vistors and block the ip of the created accounts that create these spam accounts. But thats not sufficient because the accounts are registered with different ips.

    Is there any setting in wordfence that can help? I use the free version. The firewall is in learning mode atm.

    Best regards,

    Flamuren

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @flamuren, thanks for reaching out.

    If you’ve disabled user registrations, so reCAPTCHA would be ineffective compared to cases where they were enabled, spam registrations can come through XML-RPC. This can be disabled if appropriate for your use-case.

    Disable XML-RPC authentication” appears in Wordfence > Login Security > Settings. You can also block this route entirely using .htaccess, provided you don’t use the WordPress app or a plugin that requires it such as Jetpack:

    # Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Can wordfence block spam registrations?’ is closed to new replies.