My research: “By default, WordPress websites allow for user registrations from a specific link: http://www.example.com/wp-login.php?action=register. These spambots are programmed to go looking for that link to register fake users.”
So, your first step is to change the login page from wp-login.php to something else. Unfortunately, this is not the easiest thing to do by yourself. But fortunately, there are many plugins that will help you do this; one is the Better WP Security plugin, described here https://managewp.com/change-your-wordpress-login-url . (Find others by looking in the plugin directory for ‘registration spam’.)
Haven’t dug into the wp-login.php code for hooks to change things, that’s is a bit beyond this answer. A plugin that has already done the work might be a better choice, unless you like ‘reinventing the wheel’.
It is also possible that an htaccess that checks for that specific URL and looks for a referring page on your site might work. But that is not entirely foolproof, as a spammer can spoof the referring page. One of the many existing ‘stop registration spam’ plugins might be easiest for you.