When deciding to set your WordPress blog to open registration you have to first consider the fact that you will eventually get inundated with false bot users who create profiles and inundate your subscriber tables with useless members. Many of these spam WordPress registrations are easily identifiable by their .pl or .ru email extensions and lack of a gravatar or any profile information ever filled out.
The easiest defense for WordPress registration spam is a good offense, it is much more time consuming to have to cleanup hundreds of rogue registrations and implement the filters later. That being said it is always a good idea to use one of the following methods outlined in this article to help reduce the amount of registration spam on your WordPress blog.
It is highly recommended that if you set your blog to open registration the default account state is “subscriber” instead of contributor. This will at least not allow the user to publish any articles which could cause spam articles showing up in your pending or queue to review. If your site uses some sort of classified theme then you may have no choice but to have a default account with the permissions to publish classifieds (posts) so you just have to be extra careful and make sure you have anti-spam registration measures in place.
Cleaning Up Spam WordPress Registrations
User Spam Remover is the preferred plugin for automatically wiping out and deleting spam users on a site that already has a ton of spam registrations. This plugin allows you to automatically remove accounts that have never been used or accessed in X number of days that you specify.
This is a great way of just cleaning out accounts that say have never been touched in 30 or 60 days, and will keep your user database tables lean and only leave active users.
This plugin also allows you to disable registration notifications to avoid getting bombarded with notifications and has the ability to backup all users in case you need to do any restore actions.
This plugin is highly recommended to cleanup a WordPress blog that already has a lot of spam registrations.
Block WordPress Spam Registrations
Stop Spammer Registrations Plugin
Stop Spammers Registrations Plugin is one that checks all registering emails against up to three databases: Stop Forum Spam,Project Honeypot, and BotScout. In addition to checking on the top forum spam databases, the plugin will optionally check agains several email spam DNSBL sites such as spamhaus, dsbl, sorbs, spamcop, ordb, and njabl. The Stop Spammers Registrations Plugin will stop users from being allowed to register on your site, your site never see’s the registration if the user’s IP or email is found in the spammer databases. This plugin also will reject registrations, comments and pings where the HTTP_ACCEPT header is missing.
It is recommended to use this plugin in addition with the Sabre plugin below which adds CAPTCHA to your WordPress registration page automatically.
Sabre is a WordPress plugin that simply adds a CAPTCHA automatically to your WordPress registration form. It is also compatible for those who use the Custom Login WordPress plugin to customize their login and registration pages.
Sabre allows you to set the complexity of the CAPTCHA by increasing the number of polygons, valid characters that display in the CAPTCHA and how many characters will display.
You can see now once you check mark enable the CAPTCHA setting that your WordPress registration form is protected by CAPTCHA.
Now CAPTCHA alone is an excellent way to deter some SPAM, but it isn’t perfect so I recommend combining the SABRE plugin with the Stop Spammers Registrations Plugin for a near perfect WordPress registration SPAM prevention solution.