How to stop spam user registrations on your WordPress
Cerber Security has five antispam and antibot options which can be enabled simultaneously to stop registration spam nightmare.
Enable antispam engine for the registration form
The fastest way to stop spammers is to enable a Cerber antispam engine for the WordPress registration form. To enable protection:
- Go to the Antispam plugin admin page
- Enable Protect registration form with bot detection engine in the Cerber antispam engine section
- If you have a separate, non-standard registration form or a membership plugin, enable Protect all forms on the website with bot detection engine
- Click the Save Changes button
Change the default registration and login URL
The next thing you need to do is to change the default WordPress registration URL to a custom one. That allows you to block automated spam attacks. Follow this guide: Custom login and registration URL for WordPress.
Set the limit on user registrations from one IP address
The third step is to set the limit to the number of user registrations from one IP address. By default three user account are allowed to be registered from one IP address within one hour. This feature is available in Cerber Security Pro.
- Go to the plugin admin Dashboard
- Click on the Users tab
- Enter appropriate values in the Registration limit fields
Block user registrations from specific countries with GEO rules
The GEO rules allow or block new user registrations from specific countries. If you want to have users from your country only, this is the right way. GEO rules are available in the Cerber Security Pro version. To create the list of the countries:
- Go to the Security Rules admin page and click the Countries tab
- Click Register on the website.
- Create a list of countries by clicking on the country name in the left window. Selected countries are listed in the right window.
- Once you’ve created the list, set its type. If you want to block new user registrations from the selected list of countries, click Selected countries are permitted to register on the website, other countries are not permitted to. If you want to allow registrations, click the second option Selected countries are not permitted to Register on the website, other countries are permitted to.
- Click the Save all rules button.
Enable reCAPTCHA for the WordPress registration form
The last but not the least option is to enable reCAPTCHA for the WordPress registration form. Before you can start using reCAPTCHA on the website, you have to obtain a Site key and a Secret key on the Google website. To get the keys you have to have Google account. Register your website and get both keys here: https://www.google.com/recaptcha/admin
Read more: How to set up reCAPTCHA for WordPress and WooCommerce registration, reset password and login forms.
How to protect a contact form on your WordPress
The Cerber antispam and bot detection engine is capable to protect virtually all contact forms on a website. It’s tested with Caldera Forms, Gravity Forms, Contact Form 7, Ninja Forms, Formidable Forms, Fast Secure Contact Form, Contact Form by WPForms and WooCommerce forms.
Follow this guide: How to stop spam form submissions on your WordPress.
Last posts from WordPress security blog
- Restrict access to WordPress REST API March 22, 2018
- WP Cerber Security 6.5 March 18, 2018
- How to stop spam user registrations on your WordPress March 12, 2018
- Development version 6.3 March 10, 2018
- How to clean up activity and live traffic logs February 16, 2018