Are you sick and tired of constantly trying to stop spam registrations in WordPress? Do you receive hundreds of invalid user registrations per day and have to delete 1000’s of these every week?
Well, you are not the only one. Some people just don’t have better things to do. They use bots in order to gain access to your site. They hope webmaster forgot/made a mistake and left ticked option that new user gets admin role.
That is the main reason. But whatever their reason are, they are very annoying. Spam registrations, comments, trying to gain access to site, etc.
Table of Contents
Stop Spam Registrations In WordPress
User registration spam is becoming an important concern for many of the WordPress site owners. If your WordPress site is set to allow user registration, then it’s probably vulnerable to user registration spam from spam-bots.
But even if your site doesn’t allow user registration, you will still get spam registrations. More and more as site becomes popular.
The spam accounts usually can’t cause much threat to your blog as long as you give only the “subscriber” role to open registration. You can also receive a lot of brute attacks when bots try to guess you password and username.
Username can be easily obtained so those spammers can lock you out of your own site (never use “admin” as username). Luckily there are numerous plugins available, free and paid to stop that menace.
Not long time ago I was using Stop Spammer Registration Plugin which did its part perfectly. Now I use WP Security in combination with Anti-Spam plugin.
Before WP Security my main security plugin and champion when it comes to stop spam registrations in WordPress was Hide My WP plugin. The main goal of Hide My WP plugin is not to stop spam registrations.
Its main purpose is providing security from various attacks and to hide the fact you are using WordPress. With Hide my WP you can hide wp-login.php of your WordPress site, thus stopping spammers from constant registrations.
This can also be done with iThemes Security (formerly Better WP Security) WordPress plugin which comes in free and paid version. For more info about it you can check my iThemes Security review.
Changing Login Path to Stop Spam Registrations
In order to effectively stop spam registrations in WordPress using Hide My WP (you can use any other plugin) you need to change the URL path of your wp-login.php. If you are using Hide My WP then go to General Settings and tick “Hide Login Page.”
Then change the Login Query and Admin Login key. That will create new login path. Remember it or write somewhere. Now use it for login. Remember you will not be able to login with wp-login.php or by going to wp-admin.php.
This is best option when you don’t have users registrations on your site. If you accept user registration, change login URL to something like /login? . You could also try Theme My Login as it is compatible with Hide My WP.
Hide My WP FAQ
1) I can’t login, what should I do now?
When you hide wp-login.php you should add your admin key to login address:
e.g. your-wp-path.com/wp-login.php?hide_my_wp=1234 (1234 is our default key).
If you have any other problems simply use FTP or a file manager and rename the plugin folder to something else (in wp-content/plugins) it will deactivate the plugin.
2) I hide both wp-login and wp-admin but I still can see them. Why?
Because you are a logged in administrator! Log out and try again. Don’t forget to save new login address somewhere.
Hide My WP vs Swift Security Comparison
Swift Security is another WordPress plugin intended for removing traces that website/blog uses WordPress as its platform. I have made comparison of both plugins so if you decide to go for one of those you can see what you get with each.
- Swift Security
- $26
- Pushover notification
- Scanner Module
- Name
- Price
- Free Version
- Export/Import Options
- Trusted User RolesChoose trusted user roles.
- Hide Login PageHide wp-login.php.
- Hide AdminHide wp-admin folder and its files for untrusted users.
- Spy Notify
- Remove MetaRemove auto-generated feeds from header.
- Remove VersionRemove version number (?ver=) from styles and scripts URLs.
- Hide Other FilesHide license.txt, wp-includes, wp-content/debug.log, etc.
- Compress Page
- Hide PHP Files
- Replace in HTMLReplace words in HTML output.
- Replace URLsReplace or rename URLs in HTML output.
- Anti-SpamComment spam block
- Change Theme Paths
- Change Plugin Paths
- Scanner
- Change WordPress queries
- Change upload URL, wp-includes folder, AJAX URL
- Disable WordPress archives, categories, tags, pages, posts, etc
- Firewall
- Anti-Brute Force
- Multisite Compatibility
- Compatibility With Cache Plugins
- Login IP Filter
- Scheduled Code Scans
- Automatically Quarantines Files
- WooCommerce Compatibility
- Child Themes Support
- Nginx Support
- Hide My WP
- $22
- Intrusion Detection System
Another great security plugin you can use is MalCare. You can check my MalCare review to find more about it. Hope some above tips will help you get rid of spam registrations on your WordPress site or blog.
DISCLOSURE: Posts may contain affiliate links. If you buy something through one of those links, I might get a small commission, without any extra cost to you. Read more about it here.
I would like to thank for the efforts you have made in writing this post. This was really helpful.
I am glad to see you liked the post.
Thank you for nice article. I will try above mentioned plugin – Stop Spammers. Let’s hope it will be fixed. If something needed I will try as your current method.
Yup, Stop Spammers is good free plugin.