WordPress Security How To
WordPress Security How To
Posted By Gregory

How to stop spam user registrations on your WordPress

Cerber Security has five antispam and antibot options which can be enabled simultaneously to stop registration spam nightmare.


Enable antispam engine for the registration form

The fastest way to stop spammers is to enable a Cerber antispam engine for the WordPress registration form. To enable protection:

  1. Go to the Antispam plugin admin page
  2. Enable Protect registration form with bot detection engine in the Cerber antispam engine section
  3. If you have a separate, non-standard registration form or a membership plugin, enable Protect all forms on the website with bot detection engine
  4. Click the Save Changes button

Change the default registration and login URL

The next thing you need to do is to change the default WordPress registration URL to a custom one. That allows you to block automated spam attacks. Follow this guide: Custom login and registration URL for WordPress.

Set the limit on user registrations from one IP address

The third step is to set the limit to the number of user registrations from one IP address. By default three user account are allowed to be registered from one IP address within one hour. This feature is available in Cerber Security Pro.

  1. Go to the plugin admin Dashboard
  2. Click on the Users tab
  3. Enter appropriate values in the Registration limit fields

Block user registrations from specific countries with GEO rules

The GEO rules allow or block new user registrations from specific countries. If you want to have users from your country only, this is the right way. GEO rules are available in the Cerber Security Pro version. To create the list of the countries:

  1. Go to the Security Rules admin page and click the Countries tab
  2. Click Register on the website.
  3. Create a list of countries by clicking on the country name in the left window. Selected countries are listed in the right window.
  4. Once you’ve created the list, set its type. If you want to block new user registrations from the selected list of countries, click Selected countries are permitted to register on the website, other countries are not permitted to. If you want to allow registrations, click the second option Selected countries are not permitted to Register on the website, other countries are permitted to.
  5. Click the Save all rules button.
Block user registrations on WordPress from specific countries with GEO rules

Block user registrations on WordPress from specific countries with GEO rules

Enable reCAPTCHA for the WordPress registration form

The last but not the least option is to enable reCAPTCHA for the WordPress registration form. Before you can start using reCAPTCHA on the website, you have to obtain a Site key and a Secret key on the Google website. To get the keys you have to have Google account. Register your website and get both keys here: https://www.google.com/recaptcha/admin

Read more: How to set up reCAPTCHA for WordPress and WooCommerce registration, reset password and login forms.

How to protect a contact form on your WordPress

The Cerber antispam and bot detection engine is capable to protect virtually¬† all contact forms on a website. It’s tested with Caldera Forms, Gravity Forms, Contact Form 7, Ninja Forms, Formidable Forms, Fast Secure Contact Form, Contact Form by WPForms and WooCommerce forms.

Follow this guide: How to stop spam form submissions on your WordPress.

Last posts from WordPress security blog


I'm a team lead in Cerber Tech. I'm a software & database architect, WordPress - PHP - SQL - JavaScript developer. I started coding in 1993 on IBM System/370 (yeah, that was amazing days) and today software engineering at Cerber Tech is how I make my living. I've taught to have high standards for myself as well as using them in developing software solutions.

View Comments
There are currently no comments.