rusty10

If you get this issue Do this:

Buy CleanTalk plugin – good people there, very helpful.
Disable “Anyone can register” feature in WordPress admin settings.
Also you may want to restrict access via .htaccess to the WP login/register page. The bots love it and anyone can type in your domain’s WordPress registration url, every WordPress site has one. Not everybody using WordPress knows this.

Thanks for input guys! You are appreciated.

Thanks t-p but I don’t have any comment or registration forms on the site.

So far the only thing that’s helped is taking the site completely offline.

I’ve been deactivating plugins one at a time in an attempt to isolate the one that’s being used to attack. It’s not All In One Security, not Yoast SEO, not Sassy Social.

One more thing. I attempted deleting of the registrations yet they keep coming back or won’t delete from my admin. I’m just scratching my head on this one?