If you have been getting a bunch of unwanted new user registrations on your WordPress website and are wondering what they are and where they are coming from, with such bogus email addresses mostly from the gmail.com domain like firstname.lastname@example.org it’s just a bunch of automated spam, do not fear, here’s what to do!
Spambots trawling through the net seeing where they can get access and leave spam for a number of purposes. In WordPress you can see if you have registration to your site enabled by checking http://www.yourdomain.com/wp-login.php and if you have “Registration” below the login then anyone can subscribe and as long as you have the default level set on the lowest “Subscriber” nothing bad is going to happen.
WordPress ships with the default level in this setting set to Subscriber and the user has very limited access to the site. But I would rather be giving no access.
To turn this off go to WordPress Dashboard > Settings > Settings > Membership and uncheck “Anyone Can Register”.
This will stop spam users setting up fake accounts saving you a lot of admin deleting time.
If you do have a load of bogus users to delete you can speed up the process by increasing the amount of users you can see on screen and then to a mass delete. By changing the screen options and upping the number – 999 is the maximum, if your server can handle it – otherwise try 300 at a time.
If you do want to keep legitimate subscribers consider a plug-in like Subscribe2
Using a Captcha to Avoid Spam
If you need to keep the registration process active on your site consider using a less intrusive captcha such as Math Captcha, this shows the use a simple math formula to solve as appose to a blurry image to read from.
It’s a bit more easy on the eye.