WordPress Security How To
WordPress Security How To
Posted By Gregory

How to stop spam user registrations on your WordPress

Cerber Security has several anti-spam and anti-bot features which can be enabled simultaneously to stop registration spam nightmare.


Enable an antispam engine for the registration form

The fastest way to stop spammers is to enable the antispam engine for the WordPress registration form. To enable protection:

  1. Go to the Antispam plugin admin page
  2. Enable Protect registration form with bot detection engine in the Cerber antispam engine section
  3. If you have a separate, non-standard registration form or a membership plugin, enable Protect all forms on the website with bot detection engine
  4. Click the Save Changes button

Change the default registration and login URL

The next thing you need to do is to change the default WordPress registration URL to a custom one. That allows you to block automated spam attacks. Follow this guide: Custom login and registration URL for WordPress.

Set the limit on user registrations from one IP address

The third step is to set the limit to the number of user registrations from one IP address. By default, three user accounts are allowed to be registered from one IP address within one hour. This feature is available in Cerber Security Pro.

  1. Go to the plugin admin Dashboard
  2. Click on the Users tab
  3. Enter appropriate values in the Registration limit fields

Block new user registrations from specific countries with GEO rules

The country-based GEO rules enable you to set a list of countries from which users are permitted to register on your WordPress. If you want to get new users from your country only, this is the right way. GEO rules are available in  Cerber Security Pro. To create the list of the countries:

  1. Go to the Security Rules admin page and click the Countries tab
  2. Click Register on the website.
  3. Create a list of countries by clicking on the country name in the left window. Selected countries are listed in the right window.
  4. Once you’ve created the list, set its type. If you want to permit new user registrations from the selected list of countries, click Selected countries are permitted to register on the website, other countries are not permitted to. Otherwise, if you want to block registrations, click the second option Selected countries are not permitted to Register on the website, other countries are permitted to.
  5. Click the Save all rules button.
Block user registrations on WordPress from specific countries with GEO rules

Block user registrations on WordPress from specific countries with GEO rules

Enable reCAPTCHA for the WordPress registration form

The last but not the least option is to enable reCAPTCHA for the WordPress registration form. Before you can start using reCAPTCHA on the website, you have to obtain a Site key and a Secret key on the Google website. To get the keys you have to have Google account. Register your website and get both keys here: https://www.google.com/recaptcha/admin

Read more: How to set up reCAPTCHA for WordPress and WooCommerce registration, reset password and login forms.

How to protect a contact form on your WordPress

The Cerber antispam and bot detection engine is capable to protect virtually all contact forms on a website. It’s tested with Caldera Forms, Gravity Forms, Contact Form 7, Ninja Forms, Formidable Forms, Fast Secure Contact Form, Contact Form by WPForms and WooCommerce forms.

Follow this guide: How to stop spam form submissions on your WordPress.

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.


I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments
There are currently no comments.