How User Log Spam Works in WordPress Default
Before you understand how to protect yourself, it’s important to understand how WordPress’s default format for new user registration works.
To log in to WordPress, just include in the URL the address “ /wp-login ” or “ /wp-login.php “.
Note that, on the same login page, a button appears to register.
By clicking on it, the URL becomes “ /wp-login.php?action=register ” and you can register.
In other words, if you used a program to access a WordPress registration page, you would just automate it to find and access this URL. That’s why it’s common for spammers to take advantage of this “simplicity” to spam WordPress logs.
Another observation is that in the default form, WordPress does not provide any kind of verification for the registration, which allows, in fact, that it is possible to perform registration spam.
Therefore, a malicious person can configure robots to register on your site several times, and completely automatically, and can fill your WordPress with spam users.
How to protect yourself from Spam Logs on WordPress?
By understanding how spam logging would work, it’s easier to understand how to protect yourself.
There are several tactics you can adopt to protect yourself from Log Spams in WordPress. Among them, some are very simple and that can make all the difference.
- Completely Block Public Records option in WordPress
- Modify the Login and Registration page URL;
- Include an additional check to validate that the user is human, such as using a captcha;
- Manually moderate the entries through approval;
- Use Anti-Spam tools;
- Use Security Plugins for WordPress;
In addition to these, there are other tactics, but these are simpler to implement and extremely effective! That way, even a non-expert user can Block the Log of Spams in WordPress.
Of course, no matter what you do, the only 100% effective way to stop the registration of Spam on WordPress is to block public registration on your website. However, with these methods, you will be able to avoid most of the Registry Spam attempts.
Completely Block Public Records option in WordPress
This is the only way to block any possibilities of Log Spams in WordPress. However, by doing this, you prevent anyone from being able to register on your site. If you don’t intend to allow people to register, this is the best option, otherwise, check out the other alternatives and tactics!
To block anyone from registering, there is a very simple and native WordPress option.
First, navigate to “ Settings ” and select the “ General ” option.
On this page, there is a members option with a checkbox for “ anyone can register ”. To block WordPress Registration, simply uncheck the “anyone can register” option.
This way you prevent anyone from registering. Therefore, if you try to access the URL” /wp-login.php?action=register “, there will be a notification like “ User registration is disabled ” and you will not be able to register.
Modify the Default WordPress Login and Registration Page URL
By changing the login page URL, you will already be able to avoid most Record Spam Bots. We even have a full article on changing the WordPress Login Page URL here on the blog! But let’s get down to business:
Look for the plugin “ WPS Hide Login ”.
Once the search loads, find the WPS Hide Login plugin in the list, it will probably be the first one. Then just install and activate the plugin.
After downloading and activating it, you should access the WordPress configuration panel, on the right sidebar of the WordPress Dashboard, as in the image below:
At the bottom of the general settings screen will be the WPS Hide Login options.
In this step, you will find two new fields. In the first one, there is the Login URL, it is in this field that you will define what will be the new URL for the WordPress Login Page. In the second field, the “Redirection URL”, is to specify a redirect URL for when accessing standard login URLs, such as wp-admin or wp-login. So, just type the desired URL for your login page, and if you want, you can change the Redirection too.
Include Google ReCAPTCHA in your Registration screen
One of the best ways to prevent registration spam on your WordPress is through a CAPTCHA. Briefly, these tools serve to verify if the user is, in fact, a human. In other words, it is an extremely effective way to prevent and block bots from Spam Logs on WordPress.
Among the options, the one we most recommend is Google ReCAPTCHA, in addition to being simple, it is extremely effective and maintained by Google itself.
Remember that you must create your Google ReCAPTCHA usage keys. Therefore, you can generate your keys through the Google ReCAPTCHA Administration Configuration site. If you prefer, we have a complete article about installing Google ReCAPTCHA on WordPress, with all the detailed step-by-step instructions.
To include Google ReCAPTCHA in WordPress, we recommend using the plugin “reCaptcha by BestWebSoft”.
So, search for the plugin “ reCaptcha by BestWebSoft ”. Install and then activate the plugin.
A new option will appear in the WordPress side menu, the “reCaptcha”. So select option ReCaptcha > Settings.
On that page, just add your website key, your secret key, and choose the Google ReCaptcha version. Afterward, select the “Login form” option to keep the reCAPTCHA in your Login form and WordPress registration page.
Now your Login and Registration page will have Google ReCAPTCHA enabled.
Manually Moderate Records in WordPress
An alternative to dealing with WordPress Registration spam is to have more control over the registrations. That way you can manually moderate the records on your site.
In cases of small websites, this can be an excellent alternative, as you can manually block the Registrations that identify as Spam and approve only the ones you want.
For this, you can count on a plugin called “ New User Approve ”. This plugin is free and enables the option for you to moderate the registrations of your users. That is, when someone registers, you must choose to allow or block this registration.
On your WordPress, install and activate the “New User Approve” plugin.
After doing just that, the registry moderation system will be working on your WordPress.
Then, in the side menu there will be a new option under “ users ”, the option “ Approve new users ”.
Therefore, whenever a user registers, the registration will only be completed if you approve, through this page.
This way, you can moderate the registrations made on your website! Although it is not the best option and it requires you to perform the approvals manually, it can be a great solution to block the records made by Spam.
In addition to the “New User Approve” plugin, you can also opt for the “ WP Approve User ” plugin. The process is practically identical, so just follow the steps above.
Using Anti Spam Log Plugins in WordPress
One of the simplest ways to protect yourself from WordPress Registry Spam, as well as other types of spam, such as comments, is using an Anti Spam plugin. Currently, there are several AntiSpam plugins. However, it is always important to check if the chosen plugin is effective and up to date, otherwise it may not be able to protect your page against spam.
Another very important thing is to pay attention if the plugin covers Registry Spams, as most of the anti-Spams are focused only on comment spans. A famous and very popular example of the AntiSpam plugin is Askimet, however, it does not have specific protection for logs. That is, currently, Askimet is not yet able to block Registry Spams in WordPress.
Among the options of Anti Spam plugins capable of blocking Registration Spam in WordPress, HomeHost recommends the use of plugins:
- CleanTalk Spam Protect
- Stop Spammers by Trumani
The above plugins, in addition to enabling Registry AntiSpam, are also up-to-date and recommended by several expert WordPress developers. Plus they have free versions! So you don’t need to pay anything to protect your WordPress. They are also simple and easy to set up.
Read more: How to migrate from Blogger to WordPress
Using WordPress Security Plugins
Regardless of spam, using a WordPress Security plugin is highly recommended. In particular, we recommend using security systems that also add a FireWall to your WordPress.
Among the WordPress Security plugin options, we highlight Wordfence Security. Besides being very powerful, it also includes some very interesting features that helped you Block Registry Spam in WordPress. With Wordfence you can add filters, malicious IP blocking, 2-factor authentication, among several other security options.
Here on Homehost’s blog, you can find an article dedicated to the Wordfence plugin, it’s worth a read!
Although we recommend Wordfence, another WordPress Security plugin that is also highly recommended is All In One WP Security & Firewall.
In addition to the above alternatives, there are other alternatives and several solutions to block WordPress Registration Spams. Although some alternatives are simple and easy, others may require greater technical knowledge, whether in networks, servers, or even WordPress itself.
An interesting alternative that we also recommend is the creation of a personalized registration screen. Therefore, you can use a form plugin for this, such as Contact Form or Ninja Form. For those who use page builders like Elementor, you can also create your registration forms there. The important thing is that many of these form plugins already have anti-Spam features. This way, you can avoid Registry Spam on WordPress in a simple way and still have a personalized registration screen.
Another alternative is to use malicious IP filters and blockers. Here we mention Wordfence, a security plugin, and it is capable of doing that. However, there are other ways to perform IP blocking.
A very important factor in terms of security is choosing a good hosting server.
There are several ways to protect yourself from Spam attacks and to block WordPress Registry Spam.
The more alternatives you can implement, the better. Still, you don’t need to implement all the alternatives presented because it is not always feasible depending on your needs. The most important thing is that you perform at least one or two of the alternatives presented here. Furthermore, there is no better or worse alternative. So choose the alternatives that suit your needs.
With the alternatives presented here, you are now able to protect yourself and block WordPress Registration Spam. It’s always good to be aware of news in this area, so you can ensure that your site is safe.
For website maintenance service contact us.