Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
WordPress Plugins
View all Guides

How to Stop Spam Registrations on your WordPress Membership Site

Last updated on by
Special WordPress Hosting offer for WPBeginner Readers
How to Stop Spam Registrations on your WordPress Membership Site

For most blogs, comment spam is the biggest issue they have to deal with. This is why you will find numerous articles floating around the web on how to combat comment spam in WordPress. Rarely do you find anything about preventing spam registration in WordPress. For sites with free membership options, spam registrations can become a major problem. In this article, we will show you how to stop spam registrations on your WordPress membership site.

Video Tutorial

If you don’t like the video or need more instructions, then continue reading.

First thing you need to do is install and activate the Stop Spammer Registrations plugin. Once activated, Go to Settings » Stop Spammers. This is the plugin’s configuration page.

Stop Spam Registrations Options

Stop Spammer Registrations is a powerful WordPress plugin which aggressively monitors your website for suspicious spam activity. Before saving the settings, press the “Test IP” button to check that your IP is clean and white-listed. After that review the settings below.

Spam registration IP settings

The plugin monitors your website using a combination of anti-spam techniques. It uses Stop Forum Spam’s database to check IP addresses of users on your site. It is a huge database which is actively maintained by collecting data from thousands of sites from around the globe. This is a quick way to catch a spamming IP or email address. It also uses the Honeypot API, Botscout API, and WordPress API. The WordPress API key is the same key you used with Akismet. Whether or not you are using Akismet, you can still use the WordPress API with this plugin.

Enter API Keys for Spam Monitoring Databases

If you feel that plugin is being too aggressive on users, then you have the option to selectively choose the events where you would like the plugin to check for suspicious activity:

Select events to check

There is a small chance that sometimes this plugin would lock you out of your own site. If this happens the simplest solution is to connect to your site through FTP and rename the plugin file from stop-spammer-registrations.php to stop-spammer-registrations.locked. Access wp-admin and WordPress will automatically deactivate the plugin for you.

WordPress is a great tool to build online communities, do not let the spammers stop you from creating and building your sites. On our videos site, we are using Sucuri which takes care of this and much more. Here are 5 reasons why we use Sucuri to improve our site security. We would love to hear what tools you are using to fight spam registration on your site?

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »


  1. moumita says:

    I hope this process will help me to get away with spam registrations.

  2. Ishtiak says:

    Can this plugin prevent visitors from registering with sensitive usernames like ‘Admin’, ‘admin’, ‘administrator’ etc?

  3. Blake says:

    So, I think I have a bunch of spam subscribers–like 400 out of 400 subscribers to my blog–but what I can’t figure out is WHY I have them.

    What does a spam subscriber get? They’re not leaving comments. So what would be the purpose of subscribing to a random WordPress blog?

    • WPBeginner Support says:

      See our tutorial on how to reset passwords for all users in WordPress. This will send out an email to all users that their password has been reset. Since most spam registrations are generated by spam bots, those users may not verify and recreate new passwords.

      • Blake says:

        Thank you. I have done this.

        I still don’t understand WHY they do it, though. What do they get out of creating user logins for my site? They’re not leaving comments, after all.

      • Blake says:

        And now, having done this, I don’t know what I got out of it.

        So what if they all have new passwords? Is there a way I can tell whether they’re real? Should I just deleted everyone?

        • Chiara says:

          Hey Blake,
          I’m in the same situation and I was looking for answers. I’m glad that at least I’m not the only one with this problem. The option I found was to disable registration for users. But since I’m looking to sell an online course I’ll need to find alternative ways to let user register. And by the way, I was wondering exactly the same thing: WHY do they register? If anyone has an answer he will make 2 people happy :)

    • Caren Pretorius says:

      I’ve learned the hard way. They gather information, especially emails. A light went on for me and I have more control over the register spam problem now. I’ve added a field under users on dashboard and made it a requirement. The bots can’t get past the register page without filling out this field.

  4. Md Abul Bashar says:

    Can you help me please? how can i block specific word when visitor want to register in my site, then go to my site register page, then normally register, but i want to some word block, example: if i block “Admin” word. when visitor want to register in my site and he/she try registration username “Admin” then show error “Admin username is not allow for register in this site”.
    so please help me.

  5. Rashed khan says:

    Hello Admin and everyone,

    I have already your article and comment.Wow, I got the lot of thinks from there. This article and every comment is very helpful.However, I want to add something, and recently I just released the membership plugin in the wordpress repository who is called “rs-members”. Before developing I just studied existence all membership wordpress plugin.I got many problems from the those.As a result; I just tried to include many useful features.Without programming skill any guys can easily maintain this plugin. I hoped this plugin will be helpful fill up your all demand. Guys you can visit my “rs-members” from wordpress repository.

    Thank you gentleman for patiently reading.

  6. Shanna says:

    This was a great find as I’m putting together a membership site. Thank you! However, as I was about to install it and was reviewing the FAQs I read at the bottom that he no longer has time to maintain the plugin in. See the thread here on…

    I’m going to install it anyway, hopefully his hard work and dedication can be carried on by equally dedicated plugin programmers in the wp space.

  7. Biggani says:

    Configuration of Stop Spammer Registrations plugin is very hard to understand.

  8. Theo says:

    Great blog post. This is just what I desperately needed. I’ve been receiving a barrage of sign ups from spammers for some months now. Hopefully this will bring that to a minimal.

  9. Duane Reeve says:

    I’ve installed the WangGuard Plugin to help with Spam User Registrations. It’s the only such plugin I know that also helps clean out your database of ‘Sploggers’ (Spam Users), as well as blocking new Spam User Registrations.

    WangGuard is FREE for personal use, but does require an API key. It is available on the WP Repository, or from Wanguard Website, where you need to sign-up for your API key anyway. There are too many features to mention here, but it may be a consideration for others looking to resolve Spam User issues.

  10. Steve Lamb says:

    Just installed this plugin on our membership site. Hopefully, it helps cut back some of the SPAM registrations we’ve been receiving. We’re receiving on average around 100 SPAM registrations per day using fake Gmail addresses.

  11. RethaGroenewald says:

    What about spammers that have already registered. Will this plugin pick them up as well?

    • Editorial Staff says:

      No it will not pick those.

      • RethaGroenewald says:

        I have installed this plugin. Any ideas how do I get rid of spam user before this plugin was installed?

      • Steve says:

        Any advice on how to get rid of existing spam sign ups would be helpful? I don’t really want to delete all users and ask them to signup again. Thanks for the post though.

        • Editorial Staff says:

          No real easy way.

          One option would be to send an email blast to every user. If user does not open the email, then send it to them again. Then after the second try (everyone who never opened this email) gets deleted. You can write a SQL query to delete only the accounts that have specific email addresses tied to it.

        • Rakesh Luthra says:

          The only “realistic” way of removing the existing SPAM user accounts is by using User Spam Remover plugin whereby you can remove all user accounts that have not been used within last X days

  12. Albert Albs says:

    This is good plugin. But Expecting feature from “Growmap Anti Spambot Plugin”. Like: “Confirm you are not a spammer”. Is it possible in this plugin?

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.