Stop spam users from registering without disabling user registration?

This is similar to Shawn H’s answer but is more effective for me.

I already had registrations disabled, but bots still show up constantly to try anyway. My goal was to completely kill all requests to the registration form to avoid the load on my server (and mess in my logs) caused by bots trying to register, so this solution sends a 403 denied error to anyone that tries to register. It may be overkill for you if you still want people to be able to register.

It goes in your .htaccess, near the top (obviously it will only work if you are using Apache as your server and have mod_rewrite enabled, which most people do) :

#BLOCK SPAM REGISTRATION REQUESTS (wp-login.php?action=register) 
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{THE_REQUEST} ^.*(wp-login.php\?action=register).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>

wp-login.php?action=register is the URL you end up at when you try to register, so this should stop all requests regardless of whether they go straight to wp-login.php (like the bots I’m fighting) or through wp-includes/wp-register.php or just /wp-register.php.

Related Posts:

  1. Is it possible to remove username field from the registration page? If so, how?
  2. users table – user_name vs. nicename
  3. Google Apps login in wordpress
  4. How do I create a password reset link?
  5. Can I hook into user registration *before* a user is created?
  6. How to limit user registration to a specific set of domains?
  7. How to prevent spam users registering even with registration disabled
  8. Mail isn’t sent after local site registration
  9. How to prevent certain usernames from being registered?
  10. Changing username after registration to get around the issue of having duplicate emails?
  11. Registration key
  12. Creating a Closed WordPress Community Using Referral Codes
  13. Function like is_registration_page to check if current page is registration page
  14. Payment on Registration?
  15. How to allow more than one registered user to have the same email?
  16. Is there a maximum length to user passwords?
  17. Registering without e-mail adress!
  18. Batch users creation
  19. Checked checkbox?
  20. Set user password after creating user
  21. On user registration, if welcome mail sent, add post with new user as author
  22. How to allow wordpress to create username with symbols like +
  23. Does the user_register change in multisite?
  24. Registration options and approvals
  25. user activation email doesn’t work
  26. Mobile User Registration
  27. Conditionally registering users
  28. WordPress Register Form
  29. On multisite, plugins are disabled prematurely when viewing the /wp-activate.php page file
  30. Adding register & login in WordPress website
  31. Backend user creation form with additional language field
  32. registration form not working
  33. How can I disable all client side new accounts without disabling new user accounts?
  34. Override default new user registration email with custom message (non sub-domain multi-site installation)
  35. Unique registration for new writers to sign up
  36. How to receive notifications when a new user registers
  37. Getting thousands of registration spam
  38. Regsitration form on External page
  39. Custom registration form with different registration process based on what’s selected
  40. Is that possible show user’s post after user login
  41. allow only lowercase user registrations
  42. How do I set user account inactive?
  43. Restrict partially matching usernames
  44. How to register a user to a group by an invitation code?
  45. Register form how to get Total Control of it
  46. Custom user registration
  47. Modifying the Default Registeration Page?
  48. Cannot login due to incorrect password right after registration?
  49. WordPress + bbPress registration user-unfriendly?
  50. Force display name to nickname wp
  51. wp_insert_user not returning anything
  52. register_settings callback function erases data
  53. Custom registration fields not validating
  54. wp_insert_user function not adding password field to database
  55. wp_register() displays logged in user as site admin
  56. Create a post with user_register doesn’t create title
  57. User activation in wordpress
  58. I need a custom Login Registeration in WordPress can somebody guide me?
  59. How to enable user registration for specific country and disable registration from all other countries?
  60. how to change the register process
  61. Is there a way to check the email of the user trying to register before he registers?
  62. Custom Registration Form Based on user location Woocommerce
  63. WordPress – Use user meta in ‘user_register’ after new registration
  64. Modify new user welcome email
  65. Not receiving any sign up mail, when user registers… Both admin & user
  66. Adding email list as registered users
  67. WordPress is sending an empty email after using wp_insert_user
  68. Placeholder text for ajax loaded conditional fields in the registration form
  69. Creating custom registration and login page in wordpress
  70. Create a unique username with validation on wordpress registration
  71. How can I fetch user registration age
  72. wp_insert_user if user exists
  73. Custom registration function not working as it should because is_mail and email_exist keep giving errors when it shouldn’t
  74. Redirect to “Thank you” page after register new user on custom register form
  75. Updating User Meta using Theme My Login with Custom Fields
  76. WordPress doesn’t send a password (but only a username) after new user registration
  77. How to hide username on wordpress registration?
  78. What’s the Point of Spam Registrations?
  79. Add custom Date column to “All Users” admin panel in WP
  80. Can’t figure out how people are registering on my site
  81. Update a user field with a generated text
  82. WordPress not sending registration mail? (works on ‘lost password’)
  83. Custom user creation and auto login problem
  84. How to generate Registration no
  85. Prevent registration except through form
  86. wordpress custom registration
  87. Upon registration, redirect new user to Dashboard
  88. Problem with registration page
  89. Disallow google/other email plus and dot tricks when registering?
  90. How we get the success messages
  91. disabling emails received by admins every time a new user signs up (function not working)
  92. how to allow unregistred users to view normal posts [closed]
  93. wp-signup.php example template
  94. registration process with contact from 7? [closed]
  95. A conditional button
  96. enqueue style google fonts in functions.php in array?
  97. Verify user is Eventbrite attendee when creating new WordPress account
  98. Group users by meta_value
  99. Run custom validation only if all other wordpress registration form validation was successful
  100. I want to set the shipping_first_name metadata value to match the first_name metadata value for a User on registration using a function

Leave a Comment