How to block bot registrations

There is no way to block 100% of spam, but you can block most of the bots if you follow the next recommendations:

1. Disable caching for important pages
2. Disable default WordPress registration form
3. Disallow third-party plugins to create an account
4. Approve new members after email verification
5. Use Google reCAPTCHA
6. Use unique links
7. Use security plugins

1. Disable caching for important pages #

Disable caching for pages "Login", "Password Reset", "Register". Caching the authentication functionality is a security vulnerability. 

Caching plugins usually have settings to disable caching on certain pages, use them.

Pay attention that some hosting providers have a built-in caching tool on the server-side. Please look at the server settings or ask hosting support for assistance.

2. Disable default WordPress registration form #

Go to the page [wp-admin > Settings > General] and disable setting "Membership - Anyone can register".

3. Disallow third-party plugins to create an account #

Ultimate Member can’t forbid another plugin to create an account, so you have to do it manually. If you have checked in Woocommerce settings the  “Allow customer to create an account during checkout”  you might encounter a bot spam issue when using WooCommerce and Woo Subscription add-on. Unchecked the boxes of the " Allow customers to create an account during checkout" and "Allow subscription customers to create an account during checkout" under Accounts & Privacy in Account creation to avoid the bot registration.  See the example for the WooCommerce plugin below:

[wp-admin > WooCommerce > Settings > Account & Privacy]

4. Approve new members after email verification #

Set the user role option "Registration Status" to "Require Email Activation". In this case, a new user has to confirm the email to approve the account.

[wp-admin > Ultimate Member > User Roles > Edit Role]

5. Use Google reCAPTCHA #

Add Google reCAPTCHA to the login form and to the registration form. Add Google reCAPTCHA to the social login registration overlay form if you use the extension " Ultimate Member - Social Login". 

You should install the free extension " Ultimate Member - reCAPTCHA" to use reCAPTCHA. The article "Google reCAPTCHA" describes how to use the extension.

[wp-admin > Ultimate Member > Forms > Edit Form (Registration)]

6. Use unique links #

Change the register page link from default "register" to some other.

[wp-admin > Pages > Edit]

7. Use security plugins #

Install and configure one of the security plugins, such as Wordfence Security, Sucuri Security, Cerber Security, or similar. Please be careful with the security settings, because too strong rules may block useful functionality.