Spammed with Fake Members

Hey edwardiangaiety,

Hope that you’re well today ??

Generally dealing with spam bot registration is something everyone has to deal with and Membership 2 doesn’t really have anything to do with that. Any site that has free registration unless protected in any way is having to deal with registration spam sooner or later.

What you can do is using the plugin mentioned here https://www.wpbeginner.com/plugins/how-to-stop-spam-registrations-on-your-wordpress-membership-site/ or try using any of the captcha plugins to try to prevent bot registrations.

Best regards,
Bojan

Okay. But I said I deleted the plug-in and every single page associated with it. My site has basically been breeched by spambots and it started with installing Membership2.

It seems weak and counterintuitive to just install another plug-in to handle this when it was a plug-in that started this.

Hey again edwardiangaiety,

This being started with installation of Membership 2 is probably just a coincidence, this is exactly why it continued even after you’ve removed the plugin.

Please note that Membership 2 is plugin for content protection and not a plugin that should prevent spam bot registration which is why I suggested the use of another plugin, there are a lot of plugins that can offer this functionality so there is really no need to add it to Membership 2 as this is not its purpose if that makes sense.

Best regards,
Bojan

No. It’s not a coincidence. My website is nearly 10 years old and I’ve never experienced spam sign-ups. Not to mention that if this plug-in had nothing to do with the spam, I would see these rogue accounts in the section of WordPress marked “Users.” There is no record of these spam accounts anywhere under the dashboard, but I am still receiving emails from WordPress about new sign ups. Be an ostrich if you want to, but this plug-in is terrible. If the security and content of my website is compromised, I am coming after the developer.

Hey there @edwardiangaiety,

Membership 2 adds a separate registration process to your site, as I’m sure you noticed. So it’s possible what happened here is that you didn’t add any CAPTCHA or anything to protect from spam sign ups on that page. That could have been how they initially got in.

We include support for:

WP reCAPTCHA: https://en-ca.www.ads-software.com/plugins/wp-recaptcha/

Are You a Human: https://en-ca.www.ads-software.com/plugins/are-you-a-human/

So if you ever decide to give Membership 2 another shot then I would recommend using one of those 2 spam sign up blockers as well. With any plugin that involves registration forms you will be susceptible to spammy sign ups. We’ve included ways to help counteract that, but of course it’s up to the user whether they want to take advantage of them or not.

I do realize it’s unlikely you will decide to use this plugin again, but just wanted to mention the above CAPTCHA options in-case you do.

If you are still receiving sign ups even with Membership 2 deactivated then you must have a security hole somewhere else as well. I would make sure you don’t have any spam admin accounts or any accounts that have permissions to create users.

You can try temporarily locking up your registration via: WordPress > Settings > General.

Then see if you are still receiving sign ups. If so, it’s coming from inside your site, so make sure you clear out all of the spam users and also do a security scan on your site for any compromised files or ask your host too.

Hope that helps!

Cheers,
Tyler