Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
WordPress Plugins
View all Guides

How to Stop Spam Registrations on your WordPress Membership Site

Last updated on by
Special WordPress Hosting offer for WPBeginner Readers
How to Stop Spam Registrations on your WordPress Membership Site

Do you want to stop spam registrations on your WordPress membership site? Spam registrations are a common nuisance for site owners who run membership sites or allow users to register on their website. In this article, we will show you how to stop spam registrations on your WordPress membership site.

Stop spam registrations in WordPress

Method 1: Stop Spam Registrations Using WPForms

This is the easiest and most efficient way to deal with spam registrations in WordPress.

WPForms is the most beginner friendly WordPress form builder. It comes with a User Registration addon that allows you to easily add user registration form to your site while effectively stopping spam registrations.

WPForms is a premium WordPress plugin. You will need Pro License to access user registration addon.

WPBeginner users can use this WPForms Coupon to get 10% Off on their purchase.

First thing you need to do is install and activate the WPForms plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit WPForms » Settings page to verify your license key. You can get this key from your account on WPForms website.

Verify WPForms License

After verification, you need to visit WPForms » Addons page. Scroll down to locate ‘User Registration Addon’.

You need to click on Install Addon button and then click on activate.

Install user registration addon

Next, you need to create a user registration form. Go to WPForms » Add New page. Provide a title for this form and then select user registration form template.

User registration form template

This will launch the Form Builder with user registration form template. You can edit the fields by clicking on them.

You can also drag and drop fields to rearrange them.

User registration form fields

Next, you need to click on the settings panel. This is where you can configure form notifications, confirmation, and user registration settings.

Click on user registration tab to continue.

User activation settings

On this page, you can map the form fields to your WordPress user registration fields.

Scroll down and check the box next to ‘Enable User Activation’ option. This will reveal a drop down menu, where you can select the User activation method.

WPForms uses two creative ways to prevent spam registrations on a WordPress site. You can choose to send a verification email to each user, so that they can confirm their registration.

Alternately, you can require a site administrator to manually approve each registration on your WordPress site.

Choose the option that best suits your needs and click on the save button to store your form settings.

You can now add this form to any page on your WordPress site and then use that page as your user registration page.

Simply edit a page that you want to use as your user registration page. On the page edit screen, click on ‘Add Form’ button.

Add user registration form to a page in WordPress

This will bring up a popup menu. Select user registration form you created from the drop down menu, and then click on add form button.

A shortcode for the user registration form will appear in the page editor. You can now save your page or publish it.

Visit your website to see your spam proof user registration form. Depending on your user activation settings, the plugin will either require users to verify their email address or an admin will have to manually approve each user registration on your site.

Method 2: Stop Spam Registrations with Stop Spammers Plugin

First thing you need to do is install and activate the Stop Spammers Spam Prevention plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Once activated, Go to Stop Spammers » Protection Options. Stop Spammer Registrations is a powerful WordPress plugin which aggressively monitors your website for suspicious spam activity.

The default settings on this page will work for most websites. However, you can uncheck a few of them, if you feel lots of legitimate users are unable to login.

Protection options

Don’t forget to click on the save changes button to store your settings.

The plugin uses a number of spam prevention techniques. It uses HTTP Referrer and Header requests to verify that a user is genuinely accessing your website.

It also checks against Akismet API for known spamming activity. The plugin also maintains a list of bad hosts known for tolerating spam activity and blocks them.

There is a small chance that sometimes this plugin would lock you out of admin area. If this happens, then simplest solution is to connect to your site through FTP and rename the plugin file from stop-spammer-registrations.php to stop-spammer-registrations.locked.

You can now access admin area of your site and WordPress will automatically deactivate the plugin for you.

Method 3: Stop Spam Registrations Using Sucuri


At WPBeginner, we use Sucuri to protect our website against spammers and other security threats.

Sucuri is a website security monitoring service. It blocks hackers, malicious requests, and spammers from accessing your site or injecting any malicious code.

See how Sucuri helped us block 450,000 WordPress attacks in 3 months.

We hope this article helped you stop spam registrations on your WordPress membership site. You may also want to see our guide on

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »


  1. matin gholami says:

    hi there, are U sure SUCURI protects my website???
    I always had 2 spam registration per day, but after installing sucuri I have 5 spam registration every day :|
    is there any better way to stop spam registration?? TNX

  2. Dan Awontis says:

    Great post, as always. Theory and practice together, easy to read, to understand and to implement. But without promoting any company, I’d suggest.

  3. moumita says:

    I hope this process will help me to get away with spam registrations.

  4. Ishtiak says:

    Can this plugin prevent visitors from registering with sensitive usernames like ‘Admin’, ‘admin’, ‘administrator’ etc?

  5. Blake says:

    So, I think I have a bunch of spam subscribers–like 400 out of 400 subscribers to my blog–but what I can’t figure out is WHY I have them.

    What does a spam subscriber get? They’re not leaving comments. So what would be the purpose of subscribing to a random WordPress blog?

    • WPBeginner Support says:

      See our tutorial on how to reset passwords for all users in WordPress. This will send out an email to all users that their password has been reset. Since most spam registrations are generated by spam bots, those users may not verify and recreate new passwords.

      • Blake says:

        Thank you. I have done this.

        I still don’t understand WHY they do it, though. What do they get out of creating user logins for my site? They’re not leaving comments, after all.

      • Blake says:

        And now, having done this, I don’t know what I got out of it.

        So what if they all have new passwords? Is there a way I can tell whether they’re real? Should I just deleted everyone?

        • Chiara says:

          Hey Blake,
          I’m in the same situation and I was looking for answers. I’m glad that at least I’m not the only one with this problem. The option I found was to disable registration for users. But since I’m looking to sell an online course I’ll need to find alternative ways to let user register. And by the way, I was wondering exactly the same thing: WHY do they register? If anyone has an answer he will make 2 people happy :)

    • Caren Pretorius says:

      I’ve learned the hard way. They gather information, especially emails. A light went on for me and I have more control over the register spam problem now. I’ve added a field under users on dashboard and made it a requirement. The bots can’t get past the register page without filling out this field.

      • ReidGuy says:

        I had this thought as well, I was planning on giving it a go, but first thought I would give Google a try to see if there were any plugins that could help. This is probably the best way to stop the spam bots.

  6. Md Abul Bashar says:

    Can you help me please? how can i block specific word when visitor want to register in my site, then go to my site register page, then normally register, but i want to some word block, example: if i block “Admin” word. when visitor want to register in my site and he/she try registration username “Admin” then show error “Admin username is not allow for register in this site”.
    so please help me.

  7. Rashed khan says:

    Hello Admin and everyone,

    I have already your article and comment.Wow, I got the lot of thinks from there. This article and every comment is very helpful.However, I want to add something, and recently I just released the membership plugin in the wordpress repository who is called “rs-members”. Before developing I just studied existence all membership wordpress plugin.I got many problems from the those.As a result; I just tried to include many useful features.Without programming skill any guys can easily maintain this plugin. I hoped this plugin will be helpful fill up your all demand. Guys you can visit my “rs-members” from wordpress repository.

    Thank you gentleman for patiently reading.

  8. Shanna says:

    This was a great find as I’m putting together a membership site. Thank you! However, as I was about to install it and was reviewing the FAQs I read at the bottom that he no longer has time to maintain the plugin in. See the thread here on…

    I’m going to install it anyway, hopefully his hard work and dedication can be carried on by equally dedicated plugin programmers in the wp space.

  9. Biggani says:

    Configuration of Stop Spammer Registrations plugin is very hard to understand.

  10. Theo says:

    Great blog post. This is just what I desperately needed. I’ve been receiving a barrage of sign ups from spammers for some months now. Hopefully this will bring that to a minimal.

  11. Duane Reeve says:

    I’ve installed the WangGuard Plugin to help with Spam User Registrations. It’s the only such plugin I know that also helps clean out your database of ‘Sploggers’ (Spam Users), as well as blocking new Spam User Registrations.

    WangGuard is FREE for personal use, but does require an API key. It is available on the WP Repository, or from Wanguard Website, where you need to sign-up for your API key anyway. There are too many features to mention here, but it may be a consideration for others looking to resolve Spam User issues.

  12. Steve Lamb says:

    Just installed this plugin on our membership site. Hopefully, it helps cut back some of the SPAM registrations we’ve been receiving. We’re receiving on average around 100 SPAM registrations per day using fake Gmail addresses.

  13. RethaGroenewald says:

    What about spammers that have already registered. Will this plugin pick them up as well?

    • Editorial Staff says:

      No it will not pick those.

      • RethaGroenewald says:

        I have installed this plugin. Any ideas how do I get rid of spam user before this plugin was installed?

      • Steve says:

        Any advice on how to get rid of existing spam sign ups would be helpful? I don’t really want to delete all users and ask them to signup again. Thanks for the post though.

        • Editorial Staff says:

          No real easy way.

          One option would be to send an email blast to every user. If user does not open the email, then send it to them again. Then after the second try (everyone who never opened this email) gets deleted. You can write a SQL query to delete only the accounts that have specific email addresses tied to it.

        • Rakesh Luthra says:

          The only “realistic” way of removing the existing SPAM user accounts is by using User Spam Remover plugin whereby you can remove all user accounts that have not been used within last X days

  14. Albert Albs says:

    This is good plugin. But Expecting feature from “Growmap Anti Spambot Plugin”. Like: “Confirm you are not a spammer”. Is it possible in this plugin?

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.