How To Combat Spam User Registration In WordPress?

By choosing the default level to “Subscriber” you’re actually restricting any new registered user from making any spam submissions or so (I use Subscriber level as default). Some bloggers allow “Contributor” registrations – this means that when a person registers he/she can submit a guest post for the host blogger’s review.

Apart from the very little number of genuine submissions there can be a bunch of spam and mess that the host blogger needs to clean up every once in a while.

I wouldn’t recommend allowing “Author”, “Contributor” or any other level up for open registration since this may be a threat to your site’s security and integrity. Authors and Admins can publish content to your site without having to get approved by you, the host blogger. And they can do much more nasty stuff apart from this.

If you want to add an admin user (if you want someone else to moderate comments or do some administration or maintenance work for your site) then you can ask them to register and later on go to “Users” and find their username and upgrade their account to “Admin” or any other level you want to.

Now coming to the topic of this post….

How to combat spam user registrations?

I am not sure if you would believe me if I say that I got about 10-15 spam registrations per day. Well, its so annoying with the email notifications. My inbox gets this rubbish and sometimes I delete genuine emails and some genuine user accounts out of frustration.

And so I came to a conclusion that I should stop this anyhow! With WordPress, I was sure that there’s a plugin for this. Not one but many actually.

I currently use SABRE which is a free plugin. And so far I find it to be working great. Spam user registrations are 0 (yes zero) after I started using this plugin.

Installing the plugin won’t do the job, you need to go ahead and configure some settings nicely so that it fits your audience.


Here are some of the features I liked the most about this plugin.

  1. A simple text test, which I feel is less intrusive, unlike complex math and Captchas.
  2. Stealth tests (un-obstructive) to check if the registration is done by a human or not.
  3. Registration blocked if javascript is disabled or unsupported by the browser.
  4. Keeps a list of blocked/spam ips and blocks registration from those ips.
  5. Option to make it compulsory to verify registration either by user or by the admin (I love this feature and it blocks people using fake email ids to register. I leave it to users to verify!).
  6. Limit the number of days to confirm. If a user account is not confirmed by X number of days, the account is deleted.
  7. Prohibit login before confirmation (sweet).
  8. Ability to make the user to agree with a license or disclaimer or any other guidelines (I’ve not used it yet).
  9. Ability to enable “invitation only” registration.
  10. User is allowed to choose a password by himself/herself upon registration (instead of the WordPress auto generated password).

The captcha/math options

The thing I liked about this plugin is that it gives me, the blog owner, the option to decide how hard I can make it for a spam user at the same time not harming the genuine user.

I usually tend to stay away from Captcha plugins since filling out a Captcha is not very pleasant. I might annoy the genuine people.

But this plugin has 3 options – Captcha, Math and Text. And I went for the text option (you simply have to check the box against “Text” options and uncheck the other two as shown below to use this feature).

SABRE user spam registration control plugin

Stealth options

This is something I really love. As you can see from the picture below, the security is pretty much tight and this stealth check won’t interrupt or come in the way when a user is registering.

All these checks are done silently in the background!

SABRE user spam registration plugin stealth options

Click to enlarge

Other plugins I tried in this process

User spam remover – Good one! However, I personally didn’t like it.

Stop spammer registrations – Sounded all geeky to me.

Registration control – I still got spam registrations.

Skt NURCaptcha – Works good by using a Captcha below the registration form.

Word of caution

The SABRE plugin does a great job, but since I enabled the option to make the users “verify”, all the already existing accounts ran into problems; they received errors while logging in. I had to make them register again and attribute their posts (if any) to their new accounts.

Considering the amount of spam I got, I found this to be a lesser painful job. And the contributors were so kind enough to register again.

So if you are already running a blog with around hundred contributors, you should disable the verification option. Otherwise you should be fine!

User spam registration takeaway

The spam accounts usually can’t cause much “threat” to your blog as long as you give only the “subscriber” level to open registration. But I hear some people say that when hackers attempt to hack your blog, they usually try to use such spam accounts; though I’m not so sure about this fact. In any case make sure you know about the WordPress website basics.

I’d love to hear your thoughts on this matter, and any other WordPress plugins that you find to be more effective to combat user registration spam. I want to learn more about this topic and it will also be helpful for all bloggers out there facing this spam issue!


Follow Me:

Marvin Aoanan

Sr. Web Developer at Cybro Solutions
I’m a web developer / designer and have a large experience in PSD to XHTML/CSS, HTML5, CSS3, (Tableless/DIV), jQuery, WordPress, PHP/MySQL, Twitter Bootstrap, Responsive Design, jQuery Mobile, Mobile web development, 960 Grid System, E-commerce site, and a lot more.
Follow Me: