Are you sick and tired of constantly trying to stop spam registrations in WordPress?
Do you receive hundreds of invalid user registrations per day and have to delete 1000’s of these every week?
Well, you are not the only one. Some people just don’t have better things to do. They use bots in order to gain access to your site.
They hope webmaster forgot/made a mistake and left ticked option that new user gets admin role.
That is the main reason. But whatever their reason are, they are very annoying. Spam registrations, comments, trying to gain access to site….
Stop Spam Registrations In WordPress
User registration spam is becoming an important concern for many of the WordPress site owners.
If your WordPress site is set to allow user registration, then it’s probably vulnerable to user registration spam from spam-bots.
But even if your site doesn’t allow user registration, you will still get spam registrations. More and more as site becomes popular.
The spam accounts usually can’t cause much threat to your blog as long as you give only the “subscriber” role to open registration.
You can also receive a lot of brute attacks when bots try to guess you password and username.
Username can be easily obtained so those spammers can lock you out of your own site (never use “admin” as username).
Luckily there are numerous plugins available, free and paid to stop that menace.
Before WP Security my main security plugin and champion when it comes to stop spam registrations in WordPress was Hide My WP plugin.
The main goal of Hide My WP plugin is not to stop spam registrations.
Its main purpose is providing security from various attacks and to hide the fact you are using WordPress.
With Hide my WP you can hide wp-login.php of your WordPress site, thus stopping spammers from constant registrations.
This can also be done with iThemes Security (formerly Better WP Security) WordPress plugin which comes in free and paid version.
Personally I don’t like iThemes Security. Only had problems with my sites after installing it. But, it is just me.
You can give it a go. Maybe you will have more luck than me.
Changing Login Path to Stop Spam Registrations
In order to effectively stop spam registrations in WordPress using Hide My WP (you can use any other plugin) you need to change the URL path of your wp-login.php.
If you are using Hide My WP then go to General Settings and tick “Hide Login Page.”
Then change the Login Query and Admin Login key. That will create new login path. Remember it or write somewhere.
Now use it for login. Remember you will not be able to login with wp-login.php or by going to wp-admin.php.
This is best option when you don’t have users registrations on your site.
If you accept user registration, change login URL to something like /login? . You could also try Theme My Login as it is compatible with Hide My WP.
Hide My WP FAQ
1) I can’t login, what should I do now?
When you hide wp-login.php you should add your admin key to login address:
e.g. your-wp-path.com/wp-login.php?hide_my_wp=1234 (1234 is our default key).
If you have any other problems simply use FTP or a file manager and rename the plugin folder to something else (in wp-content/plugins) it will deactivate the plugin.
2) I hide both wp-login and wp-admin but I still can see them. Why?
Because you are a logged in administrator! Log out and try again. Don’t forget to save new login address somewhere.
Hide My WP vs Swift Security Comparison
Swift Security is another WordPress plugin intended for removing traces that website/blog uses WordPress as its platform.
I have made comparison of both plugins so if you decide to go for one of those you can see what you get with each.
- Swift Security
- Free Version
- Export/Import Options
- Trusted User Roles
- Hide Login Page
- Hide Admin
- Spy Notify
- Remove Meta
- Remove Version
- Hide Other Files
- Compress Page
- Hide PHP Files
- Replace in HTML
- Replace URLs
- Change Theme Paths
- Change Plugin Paths
- Change WordPress queries
- Change upload URL, wp-includes folder, AJAX URL
- Disable WordPress archives, categories, tags, pages, posts, etc
- Anti-Brute Force
- Multisite Compatibility
- Compatibility With Cache Plugins
- Login IP Filter
- Scheduled Code Scans
- Automatically Quarantines Files
- WooCommerce Compatibility
- Child Themes Support
- Nginx Support
- Hide My WP
Hope some above tips will help you get rid of spam registrations on your WordPress site or blog. How to do fight it? If you have any other method or advice let me know in comments below!