Looking for the best spam registration prevention methods? We’ll show you four effective strategies!
If you’re like most WordPress users, you probably don’t want fake accounts on your website. As such, spam registration prevention might be a top priority. However, knowing the best way to keep your site safe isn’t always easy.
Fortunately, there are a few simple steps that can help you out. By understanding the best strategies to fight spam user registration, you can make sure only real people are signing up.
In this article, we’ll explain how spam can hurt your website. Then, we’ll walk you through how to prevent spam registration on WordPress. Let’s get started!
Why spam can harm your website
You probably don't need us to tell you that spam can be annoying. However, it can harm your site too.
For example, let's say you run a business. You might want to send marketing emails to your users. If these messages are going to fake accounts, your campaign can be a waste of money.
Spambots can also hurt your analytics. Fake accounts can skew the demographics of your audience. That means you'll know less about your users. As a result, it can be harder to appeal to them.
They can even slow down your site. If spambots are creating form submissions multiple times a second, it'll suck up a ton of server resources.
The best spam registration prevention methods
Stopping spam user registration can be easy. Here are four ways to keep fake users out of your WordPress site.
1. Turn off WordPress user registration
You might think that fake signups come through custom registration forms. However, the biggest source of spam user registration we see comes from the default WordPress registration page.
Just imagine. 40% of all websites run on WordPress. Each one of those 455+ million sites has the exact same, predictable URL to create user accounts. This is perfect for spammers.
If you want to stop spam registration on WordPress, there's a simple answer: disable that registration page. All you have to do is go to Settings → General:
Then, you just need to uncheck Anyone can register. For extra safety, you can also make sure the New User Default Role is set to Subscriber. This lowers the risk of unauthorized admin access.
However, for some WordPress websites, completely disabling registration isn't an option. Online stores and membership sites in particular rely on user profiles.
The good news is that this can be done using ecommerce plugins, form plugins, and other types of plugins, that don't need the WordPress registration page at all.
2. Require a confirmation email
Another spam registration prevention method is requiring email verification. All you have to do is require users to submit their email addresses during registration. Then, you can set the password to generate in the email notification.
Fake users will not click through this link. Without a password, they won't be able to log in and use their accounts.
This can also help you catch spam that gets past your form. If the email bounces back, you know that it's unlikely to be a real user. You can then use that information to remove fake accounts before they can spam your site.
You can also use these messages to provide value to your real users. For example, you could include a personalized message and add a few links to popular articles. That way, you're also using this as an opportunity to welcome new members.
To set up your confirmation email, go to your registration form and navigate to Settings → Actions & Notifications. Then, select the form action Register User:
Under password, select Set with link in email notification. Then, save your form. It will now send emails that can detect legitimate users. Consider using confirmation emails for other forms you want to keep safe.
3. Turn on admin approval
Finally, you can also run all users past an admin before they're confirmed to stop spammers. Start by going to your registration field.
Next, add a new drop-down field and include three options: Pending, Approved, and Denied. You'll also need to set the default value to Pending:
Now, go to Settings → Actions & Notifications. Select the form action Register User once again. However, this time we'll edit a few different fields.
Start with the Trigger this action when drop-down and select Entry is updated. Then, scroll down to the Allow logged-in users to create new users with this form field and check the box.
Make sure you select Administrator from the resulting drop-down. If you choose any lower-level roles, it could be a huge security risk that only leads to more spam.
Finally, move on to the conditional logic section. Click on Add Conditional Logic. Then, select the options so that it will register users only when you change the status to Approved. Here's an example of what it should look like:
Save your work before you exit. If you have a lot of users, manually approving accounts can take a lot of time. As such, you may want to consider adding more administrators or using a different method.
4. Use strict anti-spam checks in forms
The easiest way to seriously cut down on spam registration coming from forms, is to use a JavaScript token. This is a simple yet effective way of cutting down on spam, using a token that regenerates frequently.
It's completely invisible spam protection, but bots won't have the secret password needed to submit a form.
A reCAPTCHA is another way to block WordPress form spam very effectively. Essentially, it's a Turing test. That means it's designed to tell the difference between a fake user and a real one.
It typically does this by presenting users with a basic task. These are often simple, such as choosing images that contain cars. Some reCAPTCHAs only require a single click.
As such, these fields can prevent spam without annoying your users. Your forms get an extra layer of security with this technology.
ReCAPTCHA V3 adds a score to each form submission, which gives site owners more control. Once V3 is turned on, a spam score from 0 to 1 is given to each form entry. You can choose the threshold of what to block, as you learn more about the incoming spam.
Start by getting your free reCAPTCHA key from Google. Then, go to Formidable → Global Settings → reCaptcha and fill in the required fields:
When you're done, go to your registration form and locate the reCAPTCHA field option in the left-hand menu:
Now, drag and drop it onto your form. It can go anywhere, but we recommend that you place it towards the end. Then, save your changes. Your form is now ready to prevent spam accounts from signing up.
The registration form isn't the only place where you can use this field. Consider also adding reCAPTCHA to contact forms so you don't have to sort through fake submissions.
Conclusion
Fake user accounts can be bad for both you and your audience. As such, spam registration prevention is a priority for many sites. Fortunately, you can choose from several strategies to protect your website.
In this article, we showed you four methods for preventing spam users from registering:
- Turn off the WordPress user registration page.
- Require users to set their password in a confirmation email.
- Set up admin approval for new users.
- Use strict spam checking in forms.
There's also the option of adding an age restriction to filter out some responses.
Formidable Forms can help you accept user registration while keeping spambots out. Get started with the best form maker plugin today!
How to Use hCaptcha for WordPress Forms [Block Spam Easy!]
8 Ways to Block Contact Form Spam in WordPress
How to Add a Captcha to WordPress Contact Forms
Leave a Reply