How to block bot registrations
There is no way to block 100% of spam, but you can block most of the bots if you follow the next recommendations:
- Disable caching for important pages
- Disable default WordPress registration form
- Disallow third-party plugins to create an account
- Approve new members after email verification
- Use captcha in the registration form
- Use unique links
- Use security plugins
1. Disable caching for important pages #
Disable caching for pages "Login", "Password Reset", "Register". Caching the authentication functionality is a security vulnerability.
Caching plugins usually have settings to disable caching on certain pages, use them.
Pay attention that some hosting providers have a built-in caching tool on the server-side. Please look at the server settings or ask hosting support for assistance.
2. Disable default WordPress registration form #
Go to wp-admin > Settings > General and disable the setting "Membership - Anyone can register".
Image - General Settings.
3. Disallow third-party plugins to create an account #
Ultimate Member can’t forbid another plugin to create an account, so you have to do it manually. If you have checked in Woocommerce settings the “Allow customer to create an account during checkout” you might encounter a bot spam issue when using WooCommerce and Woo Subscription add-on. Unchecked the boxes of the Allow customers to create an account during checkout and Allow subscription customers to create an account during checkout under Accounts & Privacy in Account creation to avoid the bot registration. See the example for the WooCommerce plugin below:
Image - Settings on wp-admin > WooCommerce > Settings > Account & Privacy.
4. Approve new members after email verification #
Set the user role option "Registration Status" to "Require Email Activation". In this case, a new user has to confirm the email to approve the account.
Image - Settings on wp-admin > Ultimate Member > User Roles > Edit Role.
5. Use captcha in the registration form #
Add Google reCAPTCHA to the registration form. Add Google reCAPTCHA to the social registration form if you use the extension Ultimate Member - Social Login.
Install a free Ultimate Member - reCAPTCHA extension to use reCAPTCHA. Follow instructions in the article Google reCAPTCHA to configure the reCAPTCHA protection in the form.
Image - Settings on wp-admin > Ultimate Member > Forms > Edit Form (Registration).
You can use the Math Captcha in addition to Google reCAPTCHA or separately.
You can use the Friendly Captcha as an alternative for the Google reCAPTCHA.
6. Use unique links #
Change the registration page URL from default "register" to something unique for your website.
7. Use security plugins #
Install and configure one of the security plugins, such as Wordfence Security, Sucuri Security, Cerber Security, or similar. Please be careful with the security settings, because too strong rules may block useful functionality.