How to Stop Spam Registrations on your WordPress Membership Site

Do you want to stop spam registrations on your WordPress membership site? Spam registrations are a common nuisance for site owners who run membership sites or allow users to register on their website. In this article, we will show you how to stop spam registrations on your WordPress membership site.

Method 1: Stop Spam Registrations Using WPForms

This is the easiest and most efficient way to deal with spam registrations in WordPress.

WPForms is the most beginner friendly WordPress form builder. It comes with a User Registration addon that allows you to easily add user registration form to your site while effectively stopping spam registrations.

WPForms is a premium WordPress plugin. You will need Pro License to access user registration addon.

WPBeginner users can use this WPForms Coupon to get 10% Off on their purchase.

First thing you need to do is install and activate the WPForms plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit WPForms » Settings page to verify your license key. You can get this key from your account on WPForms website.

After verification, you need to visit WPForms » Addons page. Scroll down to locate ‘User Registration Addon’.

You need to click on Install Addon button and then click on activate.

Next, you need to create a user registration form. Go to WPForms » Add New page. Provide a title for this form and then select user registration form template.

This will launch the Form Builder with user registration form template. You can edit the fields by clicking on them.

You can also drag and drop fields to rearrange them.

Next, you need to click on the settings panel. This is where you can configure form notifications, confirmation, and user registration settings.

Click on user registration tab to continue.

On this page, you can map the form fields to your WordPress user registration fields.

Scroll down and check the box next to ‘Enable User Activation’ option. This will reveal a drop down menu, where you can select the User activation method.

WPForms uses two creative ways to prevent spam registrations on a WordPress site. You can choose to send a verification email to each user, so that they can confirm their registration.

Alternately, you can require a site administrator to manually approve each registration on your WordPress site.

Choose the option that best suits your needs and click on the save button to store your form settings.

You can now add this form to any page on your WordPress site and then use that page as your user registration page.

Simply edit a page that you want to use as your user registration page. On the page edit screen, click on ‘Add Form’ button.

This will bring up a popup menu. Select user registration form you created from the drop down menu, and then click on add form button.

A shortcode for the user registration form will appear in the page editor. You can now save your page or publish it.

Visit your website to see your spam proof user registration form. Depending on your user activation settings, the plugin will either require users to verify their email address or an admin will have to manually approve each user registration on your site.

Method 2: Stop Spam Registrations with Stop Spammers Plugin

First thing you need to do is install and activate the Stop Spammers Spam Prevention plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Once activated, Go to Stop Spammers » Protection Options. Stop Spammer Registrations is a powerful WordPress plugin which aggressively monitors your website for suspicious spam activity.

The default settings on this page will work for most websites. However, you can uncheck a few of them, if you feel lots of legitimate users are unable to login.

Don’t forget to click on the save changes button to store your settings.

The plugin uses a number of spam prevention techniques. It uses HTTP Referrer and Header requests to verify that a user is genuinely accessing your website.

It also checks against Akismet API for known spamming activity. The plugin also maintains a list of bad hosts known for tolerating spam activity and blocks them.

There is a small chance that sometimes this plugin would lock you out of admin area. If this happens, then simplest solution is to connect to your site through FTP and rename the plugin file from stop-spammer-registrations.php to stop-spammer-registrations.locked.

You can now access admin area of your site and WordPress will automatically deactivate the plugin for you.

Method 3: Stop Spam Registrations Using Sucuri

At WPBeginner, we use Sucuri to protect our website against spammers and other security threats.

Sucuri is a website security monitoring service. It blocks hackers, malicious requests, and spammers from accessing your site or injecting any malicious code.

See how Sucuri helped us block 450,000 WordPress attacks in 3 months.

We hope this article helped you stop spam registrations on your WordPress membership site. You may also want to see our guide on

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Stop Spam Registrations on your WordPress Membership Site appeared first on WPBeginner.

The Pitfalls of Hacking and Spam: 7 Ways to Protect Your Blog

alt="The Pitfalls of Hacking and Spam: 7 Ways to Protect Your Blog" src="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/better-wp-security-500x218_tr.jpg" />

Blogs are a great way to build up a business, share your talent for crafting or cooking, or educate a common audience. But they are also vulnerable to attacks from spammers and hackers. So, just like you protect your computer and your email with software, passwords and spam flags, you should also protect your website from hackers and spam. Here are 7 ways you can protect yourself and your blog.

1. Content Theft

The content you write and the photos you take are protected by copyright, but that doesn’t ensure they won’t be stolen. In addition to stealing your work, people will publish your content and RSS feeds without giving you credit. You need to put safeguards in place to protect yourself. We already href="//localhost/blog/blogging-tips/10-things-i-wish-i-knew-before-i-started-blogging">discussed image theft a few weeks ago. Continue to safeguard your photos with watermarking and keep searching for stolen images online.
Can you also protect your written content? Certainly! One great way I recently discovered uses a search engine optimization plugin, WordPress href="http://wordpress.org/plugins/wordpress-seo/">SEO by Yoast, which some of you may already have enabled. This is a great tool for SEO, but it will also, by default, set up a line of text for your content that you can search online. Once installed, go to the SEO menu in your blog and click the RSS link. Under Content, you will see this:

“The post %%POSTLINK%% appeared first on %%BLOGLINK%%.”

%%POSTLINK%% is code for the page name and %%BLOGLINK%% stands for the URL of your blog.

You can then Google “appeared first on Yourblogname.com” and it will show places your content or RSS feed appears. Some may be legitimate links, some will not.  I recently found someone using my RSS feed on a questionable. If you wish for someone to remove your data, the first step is to email them and politely ask them to remove it. Many will gladly comply.

However, you may get more pushback or no response.  Remember that your content refers back to you and therefore if it is published on a spammy site, you can pay the consequences. In that case, you’ll need to find the web host and write a letter of complaint to them.

href="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/copyright.png">class="alignright size-full wp-image-6925" alt="copyright" src="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/copyright.png" width="300" height="70" />You can also do a page-by-page search using href="http://copyscape.com/">Copyscape.

There, you can enter the direct link of a URL you suspect may have stolen content or your general URL and you’ll come up with a list of sites that are pulling your content. Copyscape is a reliable tool that’s been around for years and is used by web professionals, so I highly recommend it if you are concerned about your content.

Finally, it’s very basic, but while you are protected legally, a copyright message on the bottom of your blog, with the current year, is a gentle reminder to not to steal content.  You can also set up a content policy to clearly lay out what people can and can’t do with your content.

2. Use Anti-Comment Spam Plugins

style="text-align: center;">class="aligncenter size-full wp-image-6904 border" alt="akismet" src="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/akismet.jpg" width="750" height="339" srcset="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/akismet.jpg 750w, http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/akismet-300x135.jpg 300w" sizes="(max-width: 750px) 100vw, 750px" />

I covered href="//localhost/blog/wordpress-blog/6-must-have-plugins-for-new-bloggers">this topic last week: you need to have plugins that protect you from spam.

href="http://wordpress.org/plugins/growmap-anti-spambot-plugin/">Growmap Anti Spambot Plugin requires commenters to check a box thereby eliminating spambot attacks, and href="http://wordpress.org/plugins/akismet/">Akismet will sort through its spam database and flag suspicious comments as spam. If, like me, Akismet makes your site run slowly, another good one to try is the href="http://wordpress.org/plugins/stop-spammer-registrations-plugin/">Stop Spammers Plugin, which functions similarly. This is a highly aggressive plugin, so if you do activate it, make sure you immediately go to set up and select “Check Your IP” address to ensure you are not flagged as a spammer. In addition, it integrates the API key you get from Akismet so if you are signed up with them, so are still employing their database.

3. Use Security Plugins

style="text-align: center;">class="aligncenter size-full wp-image-6969 border" alt="better wp security" src="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/better-wp-security.jpg" width="750" height="328" srcset="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/better-wp-security.jpg 750w, http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/better-wp-security-300x131.jpg 300w" sizes="(max-width: 750px) 100vw, 750px" />

style="line-height: 1.5em;">Security plugins are a great way to not only safeguard your blog, but to have one tool that handles multiple functions. There are a host of these available, but one of the most popular ones is style="line-height: 1.5em;" href="http://wordpress.org/plugins/wordfence/">WordFencestyle="line-height: 1.5em;">. This comprehensive plugin is free of charge and walks you through a tour on startup. WordFence is designed to help things like IP changes. Ever get spam comments that look the same, but the IP address keeps changing so that you can’t use your black list properly? WordFence helps with sinister security issues like this, plus it patrols your blog for invalid logins, enables firewalls, and scans for latest software versions.

style="line-height: 1.5em;">Other security plugins that provide similar services are style="line-height: 1.5em;" href="http://wordpress.org/plugins/bulletproof-security/">Bulletproof Securitystyle="line-height: 1.5em;">, style="line-height: 1.5em;" href="http://wordpress.org/plugins/secure-wordpress/">Acunetix Secure WordPressstyle="line-height: 1.5em;"> and style="line-height: 1.5em;" href="http://wordpress.org/plugins/better-wp-security/">Better WP Securitystyle="line-height: 1.5em;">. Find the one that works best for your blog.

4. Protect Your Admin

style="text-align: center;">class="aligncenter size-full wp-image-6970 border" alt="stealth login" src="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/stealth-login.jpg" width="750" height="346" srcset="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/stealth-login.jpg 750w, http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/stealth-login-300x138.jpg 300w" sizes="(max-width: 750px) 100vw, 750px" />

style="line-height: 1.5em;">Having an unknown “admin” account appear on blog means you’ve been hacked and a faked admin account has been set up. To make this more difficult, you need to set up your administration properly. The first step is to stop using “admin” as your username.

style="line-height: 1.5em;">Come up with a creative username that no one will guess. For new blogs, WordPress allows you to create an alternate name.

style="line-height: 1.5em;"> What do you do if your blog already has “admin” as its username? You can fix this issue yourself. First, create a new user by going to Users, Add New and put in your  new username. Select “Administrator” under role. Create a complex password with letters, numbers, and characters. Login with the new username and delete the old “admin”, remembering to re-assign all the former posts you have written to a new user (the name you just created). Finally, visit your profile and select an option for “Display name publicly as” other than the username you just created. This will give an added layer of protection against hackers logging in.

Another good idea is to protect your login URL. The plugin href="http://wordpress.org/plugins/stealth-login-page/">Stealth Login Page adds another layer of protection by assigning you a unique authorization code that you must enter when you login and will redirect those who do not enter.

5. Keep Up To Date

style="line-height: 1.5em;">Plugins, themes and WordPress itself are regularly updated, much of the time to prevent vulnerabilities and security breaches from taking down your blog. WordPress gives you a reminder when anything needs an update right in your dashboard and its critical to keep on top of those updates. Do remember to have a backup before you do an update, in case things go “wonky.”

6. Set Safe Commenting Options

style="line-height: 1.5em;">In WordPress, under Settings, Discussion, you’ll see a page where you can select your Discussion Settings.

style="line-height: 1.5em;">This page contains basic options that you can set for your articles and comments, such as automatically closing comments on older articles, getting emailed whenever a comment is posted and how comment approval is handled. This section also contains comment moderation and blacklist queues. Simply add the words or IP address that will either put a comment into moderation or on the blacklist. A good example is “gold” or “ poker,” as these words typically come from spam commenters. Finally, check the settings of any plugins that deal with comments, such as CommentLuv.

7. Be a Smart Blogger

style="text-align: center;">class="aligncenter size-full wp-image-6971 border" alt="Last Pass" src="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/lastpass.jpg" width="750" height="453" srcset="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/lastpass.jpg 750w, http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2013/10/lastpass-300x181.jpg 300w" sizes="(max-width: 750px) 100vw, 750px" />

style="line-height: 1.5em;">Smart and safe blogging means take simple steps to protect yourself from hackers. For example, don’t store your password and logins electronically or on paper without a secure system in place, or store it in your browser. You can use password protection software or services to generate complex, safer passwords and securely store a number of them. Keep in mind that while online services are more convenient so you can access wherever you are, they are also more vulnerable that software you can store on your desktop. 

style="line-height: 1.5em;">For a competent online service, try style="line-height: 1.5em;" href="https://lastpass.com/">LastPassstyle="line-height: 1.5em;">, which comes free or in a Premium version for per year. For desktop, style="line-height: 1.5em;" href="http://keepass.info/">KeePassstyle="line-height: 1.5em;"> is both open-source (free) and has received lots of awards. Designed for Windows, the website links 3style="line-height: 1.5em;">rdstyle="line-height: 1.5em;"> party resources that have configured KeePass for Mac and mobile devices.

No blog is full proof and a determined hacker can break into anything.  However, as a new or up and coming blog, putting up these roadblocks will keep the average hacker away. A little bit of common sense security can go a long way toward protecting your blog.

Page 17 – Web Hosting Secret Revealed

Sick of WordPress Comment Spam? Five Ways to Stop It Today

alt="Sick of WordPress Comment Spam? Five Ways to Stop It Today" src="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2014/11/spamstats-500x332_c.jpg" />

Spam! We all hate it, yet marketers continue to inundate the average with spam at every turn. You likely get spam emails, spam popups and, if you own a WordPress site, spam comments posted to your blog. While Akismet and other spam stoppers do a pretty good job of filtering out this annoying comments, they are still…well, annoying.

What exactly is comment spam? This is when a third party posts to your site and includes unwanted links or promotes a product without checking with you first. Spammers tend to use automated software, so they might try to post 100 times to your blog within a matter of minutes.

Comment Overload

I’ll admit that during my busy time of year I might not check my blog’s comment folders as often as I should. Still, it had only been about 30 days and when I liked in, I had over 6,500 comments in my spam folder. No problem. WordPress lets you delete them with a click of a button, right?

Normally that is true, but in this instance my database kept timing out before it could delete that massive amount of comments in bulk. Instead, I had to go in and manually select about 20 posts at a time and delete them. I repeated this about 100 times before my database would let me delete them en mass. Your experience may be different, depending on your web host and space on your server, etc.

Stopping Comment Spam

href="http://www.webhostingsecretrevealed.net/blog/wordpress-blog/sick-of-wordpress-comment-spam-five-ways-to-stop-it-today/attachment/akismet-2/" rel="attachment wp-att-11605">class="aligncenter size-full wp-image-11605" src="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2014/11/akismet.png" alt="akismet" width="750" height="359" srcset="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2014/11/akismet.png 750w, http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2014/11/akismet-300x143.png 300w" sizes="(max-width: 750px) 100vw, 750px" />Akismet

Fortunately, there are a number of ways you can stop these annoying spammers. I’ve already mentioned href="https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CCkQFjAA&url=http%3A%2F%2Fakismet.com%2F&ei=drl6VOnVCMq1sQT7gYLgCQ&usg=AFQjCNFyof5vbr5LBXyTSXRDcWbFVEfpcw&sig2=02SqNvA6W9yH9vHEByn0WA&bvm=bv.80642063,d.cWc" target="_blank">Akismet. Most WordPress installations come with this plugin already installed. You can set up a free account at Akismet to get what is called an API key. You then plug that key into the plugin on your WordPress dashboard and it will begin to filter comments that are posted and meet certain criteria such as:

• keyword triggers
• links within the post
• strange usernames
• rapid-fire comment posting

Akismet is free for personal sites or charges a very small monthly fee for business sites of . It is well worth the cost.

Discussion Settings

href="http://www.webhostingsecretrevealed.net/blog/wordpress-blog/sick-of-wordpress-comment-spam-five-ways-to-stop-it-today/attachment/discussion-settings/" rel="attachment wp-att-11606">class="aligncenter size-full wp-image-11606" src="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2014/11/discussion-settings.png" alt="discussion settings" width="750" height="274" srcset="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2014/11/discussion-settings.png 750w, http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2014/11/discussion-settings-300x109.png 300w" sizes="(max-width: 750px) 100vw, 750px" />WordPress offers you the ability to set up the way your site handles discussion. You can stop any spam comments that Akismet doesn’t capture with specific discussion settings. You can require that people register before posting (this might limit the number of comments you get on your site, though). You can also set it up so that if someone has a previously approved comment they can automatically post without waiting for moderation.

Here is the best thing to do if you find you’re being overwhelmed with spam comments on your WordPress site:

• Open your Dashboard and navigate to “Discussion” under the “Settings” tab.
• Under “Before a comment appears”, check the box next to “Comment author must have a previously approved comment”. Alternately, you can also set the site to force manual approval of all comments.
• Under, “Comment moderation”, you can set up the number of links you’ll allow in a post before it automatically goes to moderation. I have mine set to 2 links. I don’t mind someone sharing a high quality link or their own (non-spammy) link. You may choose zero or any number you desire.
• In addition, you can create a comment blacklist. A blacklist has a set selection of words or URLs that if the poster tries to link to them, the site will go into moderation.

Remove the Ability to Post URLs

href="http://www.webhostingsecretrevealed.net/blog/wordpress-blog/sick-of-wordpress-comment-spam-five-ways-to-stop-it-today/attachment/no-comments/" rel="attachment wp-att-11607">class="aligncenter size-full wp-image-11607" src="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2014/11/no-comments.png" alt="no comments" width="750" height="277" srcset="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2014/11/no-comments.png 750w, http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2014/11/no-comments-300x110.png 300w" sizes="(max-width: 750px) 100vw, 750px" />There are times when you may want to prevent anyone from even adding any type of link to your site. This is actually not a bad strategy because it gives you complete control over all links on your site. This can be done with the simple use of a plugin. Some of the plugins that work for this include:

• href="https://wordpress.org/plugins/no-comment-links/" target="_blank">No Comment Links
• href="https://wordpress.org/plugins/hide-wp-comment-author-link/" target="_blank">Hide Comment Author Link
• href="https://wordpress.org/plugins/disable-comments/" target="_blank">Disable Comments

reCAPTCHA

Another plugin that you’ll see utilized by a lot of sites is the href="https://wordpress.org/plugins/wp-recaptcha/" target="_blank">WP-reCAPTCHA plugin. This is a free service that requires users to type in the words they see to prove they are a real person and not a bot. Remember when I mentioned above that spammers can post hundreds of posts to your site in minutes? reCAPTCHA shuts them down because they are using software and it cannot read the words and type in the matching answers.

Disqus

href="http://www.webhostingsecretrevealed.net/blog/wordpress-blog/sick-of-wordpress-comment-spam-five-ways-to-stop-it-today/attachment/disqus/" rel="attachment wp-att-11608">class="aligncenter size-full wp-image-11608" src="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2014/11/disqus.png" alt="disqus" width="750" height="369" srcset="http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2014/11/disqus.png 750w, http://whsr.webrevenueinc1.netdna-cdn.com/wp-content/uploads/2014/11/disqus-300x147.png 300w" sizes="(max-width: 750px) 100vw, 750px" />Another option is to use href="http://disqus.com" target="_blank">Disqus to manage the comments on your site instead of your ordinary WordPress built-in comments. This has a couple of advantages to website users.

Disqus is similar to Akismet in that it learns your preference on comments and will start to help you moderate over time. You can specify when comments need to be approved, if you allow links and you can also set up blacklists of words and links you absolutely will not allow.

Should You Worry About Comment Spam?

You may wonder if some of the links offer value to your readers and perhaps you should just leave them and not worry so much over comment spam. There are a number of reasons to remove this spam.

• Some readers absolutely hate spam and will not return to your site if you allow it.
• Search engines, such as Google, have begun to penalize spam and that includes sites that allow spam to be posted. Don’t risk it.
• It gives the appearance that you don’t really care who posts what on your site. If people see that you aren’t really moderating comments, they may not think through their responses. You may notice some flame wars starting on hot button topics. People may not be as polite as if they worry you won’t approve their comment.

Of course, the final choice is yours, but a well monitored site is a professional looking site.

Page 11 – Web Hosting Secret Revealed