How to Stop Spam User Registration in WordPress

If you’ve ever created a WordPress website and especially a WordPress membership website, you’ve probably had your fair share of encounters with Spam user registrations.

WordPress membership websites require site visitors to create accounts for the sake of interaction and communication on the forums present on the website itself. A lot of times, spam bots go about creating Spam accounts on less secure websites. These Spam User registrations are downright irritating, clutter up your user database, attempt to exploit vulnerabilities, and reduce your website’s performance.

But yes! These spam User Registrations on your WordPress website(s) can be handled for good. Here is a guide to help you figure out ways to combat such spammy situation. Let’s learn how.

Note: If you are new to blogging and your WordPress blog/membership website just started out and your spam problem (also on your WordPress blog’s forum/comments) isn’t quite a big one, you can handle it by manually deleting the Spam users lurking on your site. Just log in to your site’s dashboard > Users > Delete > Bulk Delete. If there are just too many users to take care of, you can try the Bulk Delete plugin.

Let’s begin with the guide, now.

  1. Use Plugins that have been specifically created to detect and remove registration Spam

If you like plugins to do the work for you, here are some User Registration Spam barring plugins for your consideration:

  • Stop Spammers Plugin: A highly aggressive Spam fighting plugin, ‘Stop Spammers’ performs over 20 checks to detect Spam.
  • Stop Signup Spam Plugin: A rather smart registration spam combat plugin, this one will block IPs that have been reported to Stop Forum Spam, hence cutting down the spam registrations on a membership website.
  1. Kill that Spam with CAPTCHAs

The easiest way out there to fight spam bot user registration is to use CAPTCHAs. You can use robust CAPTCHA plugins for your WordPress website to make sure that Spam bots have a really hard time penetrating the fence. Some of the amazing plugins for the purpose are Google Captcha (reCAPTCHA) by BestWebSoft, WP Bruiser, etc. These CAPTCHA plugins add a simple Math question to the registration form which is good enough to trick the bots.

  1. Define the defaults

a) User Role

You can save yourself all the hassle if you simply pre-define the default User role for your WordPress membership website. To do so, all you need to do is to set ‘Subscriber’ as the default user role for all incoming user membership requests.


  • Login to your WordPress website Dashboard by entering the login credentials.
  • Locate the ‘Settings’ tab.
  • Click on ‘General’
  • For the ‘Membership’ option, check the ‘Anyone can register’ box.
  • Set the ‘New User Default Role’ to ‘Subscriber’
  • Click on ‘Save Changes’

b) Implement ‘Admin approval’ for new registrations

This method will only work for your membership website if there are multiple Administrators working at your site. As and when new users ask to be registered, these admins will receive an Email and they should be quick enough to approve or reject the registrations.

A great way to fight spam user registrations, you can enable Admin approval the following ways:

There are two ways to go about this, either manually approve and reject these requests or use a plugin to do so.

  • To manually approve the registration requests, you will need to have the WordPress ProfilePress plugin. Then, just visit the ‘Extra’ ‘User Moderation’ menu under this plugin from your site’s dashboard.

Next up, click the checkbox for ‘Activate Moderation’ as shown in the figure below.


Once you save the changes, any new registration requests will be marked as ‘Pending’ from that very moment.


The plugin will notify the users about their registration status if they have been approved or rejected and if they are still pending.

  • You can also use a plugin such as WP Approve User to keep the unapproved users from accessing your site’s WordPress Admin.
  1. Create a custom User Registration Form

Having a robust form creation strategy in place can be a stepping stone towards a more secure and Spam-free user registration setup. With WPForms, a premium plugin, you can create an amazing custom form that can well deceive the spam bot armies. It also features a bunch of paid add-ons to facilitate other amazing functionalities onto your site.

A highly-reliable form plugin, WPForms features WordPress form spam protection features that utilize smart CAPTCHA and Honeypot to stop spam form submissions. You can move ahead by installing and activating the plugin, and then:


This Addon will help you create amazing registration forms where users can register for a WP account easily. The site admin can then allot a user role to them and choose to send them a welcome email.

Besides WPForms there are a number of other “forms” plugins that are worth a check. Here you can find a nice overview of some of the best WordPress Forms Plugins.

  1. Opt for Email Verification

Yet again, a very popular way of assessing the legitimate user registrations for your WordPress site, Email Verification solves the problem any day. Prompting the user to click on a verification link that has been sent to their Email inbox, this kind of verification leaves little space for Spam.

If you are using the WPForms plugins already, you are in for a win. All you need to do is:

  • Visit the ‘Settings’ tab >User Registration.
  • Locate the ‘User Activation Method’ and click on ‘User Email’
  • Click on Save Changes


  1. Use the Honeypot Technique

A lot of website owners really value user-experience over everything else. So, they know that CAPTCHA can sabotage their attempt at helping the site visitors navigate seamlessly throughout the website and maybe create a user account if they want to. For such admins, Honeypots are the best options. The Contact Form 7 Honeypot is one such plugin that can help you fool stupid spam bots.

Aptly named, Honeypots are like honey traps. They are a CAPTCHA technique invisible to the genuine users but visible to spambots. Hence, whenever, the site’s user registration form is laced with a Honeypot enabled plugin, the bots fill in the form fields and are busted. However, if a genuine user was to fill a honeypot powered form, they would leave it blank because they simply would not see it.


One cannot deny the fact that Spam is inevitable in one form or the other. However, reducing it to the greatest possible extent is still a great way to go. We hope that the above guide will be a helpful resource for you and your WordPress website in your pursuit to tackle Spam User Registrations.


By Madan Pariyar

Madan Pariyar, a digital marketing strategist helping clients to resolve their website woes. When not busy with all things, you may find me occasionally watching movies, traveling and spending time with my family.


    1. Hi Karen,

      this refers to the standard self-hosted WordPress. If you’re using WordPress within a platform like then this setting might be somewhere else or is disabled. In that case, I’d recommend contacting their support.

      Hope this helps.


  1. Good job, thank you very much for this article is the solution that I sought because I am new to the world of blogging.

  2. Um this is just a promotion more then help, because it cost $199 dollars for this plugin, thanks but NO thanks sir

    1. Hi Joey,

      thank you for your comment.

      Most of the plugins mentioned in the article are free plugins.
      However, some more advanced features are available only within paid plugins or add-ons. It wouldn’t be fair not to mention those just because they’re not free.
      Although a lot can be achieved using only free plugins, many people are happy to pay for the added value premium plugins provide.


    2. He joe,
      you could install “Stop Spammers”, which is free.
      It helped me a lot over the last 4 month. There will still be a few sign-ups coming through, but the spam users are far less than before I implemented it.
      Also you have the chance to enhance the list of bad IPs yourself (I take the lists from several site I run “Stop Spammers” on and combine them). Also blocking by TLD and Country works.
      Please note that I am not affiliated with “Stop Spammers” but jaust a happy user.

  3. Hi Madan,

    Thanks for your suggestions for preventing spam.
    Through your suggestions, we recently installed Google Captcha Plugin and It’s working great. Thanks again! Keep It Up.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.