Last updated on May 25, 2022 by Business Directory Team

How to Prevent Spam User Registration in WordPress – 5 Tips

Are spam bots posting unwanted content on your directory site? We’ll show you how to prevent spam registration on WordPress with five simple methods!

prevent spam user registration

Once you publish a WordPress website, you’re bound to receive spam through your forms. For instance, you could receive fake user accounts or promotional content. This can be potentially dangerous if the goal of the user is to exploit your site.

Business Directory is the best WordPress directory plugin. Get it for free!

Fortunately, when it comes to spam registration prevention, there are many ways to do it. From disabling public registration entirely to simply adding a reCAPTCHA field, you can limit responses to real users. 

In this post, we’ll show you how to prevent spam user registration in WordPress. Let’s get started!

1. Disable public registration

If anyone can register on your site, you’ll inevitably receive some spam entries. Therefore, the easiest way to stop spam user registration in WordPress is to disable public registration completely. This can be an effective solution for personal blogs.

To disable registration, open your WordPress dashboard and navigate to Settings → General:

WordPress settings

On this page, find the Membership section. Here, make sure to deselect the box next to Anyone can register:

WordPress membership settings

Once you do this, users will not be able to visit your registration page anymore. If you want your website completely closed to new registrations, this can be a great option.

However, if you have a membership site or a business site that requires registrations, you’ll need to enable users to sign up for your services. Let’s look at some alternative methods for preventing spam.

2. Add a reCAPTCHA field

If you add a reCAPTCHA field to your registration forms, it can prevent spam bots from submitting entries. Essentially, this creates an extra field to check a box, fill in letters, or choose the correct images. Bots will struggle to complete a reCAPTCHA, but it won’t impact registration from real human users:

reCAPTCHA field

To get started, you’ll need to get a reCAPTCHA key. Go to the Google reCAPTCHA website and sign into your Google account. Then, you’ll need to register your site by entering your URL:

Google reCAPTCHA

Next, choose a reCAPTCHA type. Version two contains the I’m not a robot checkbox, which is a popular choice. Finally, you’ll need to add your site domain:

reCAPTCHA type

After selecting Submit, your site will be registered. This will give you a reCAPTCHA key. You’ll need to copy both the site key and secret key:

reCAPTCHA keys

Then, you can use our Business Directory plugin to easily add reCAPTCHA to your website. After downloading and activating the plugin, go to Directory → Settings → reCAPTCHA:

Business Directory reCAPTCHA

Next, select where you want to place a reCAPTCHA field by selecting the checkboxes on the page. You can use it on contact forms, listing submissions, or comments.

Then, enter the reCAPTCHA keys you copied earlier. You’ll also need to select the correct reCAPTCHA version that matches your key:

Enter reCAPTCHA keys

When you’re finished, click on Save Changes. Then, visitors should be able to see a reCAPTCHA field on your listings or contact forms:

Listing reCAPTCHA

Now you won’t have to worry about spambots submitting listings or comments!

3. Set up a confirmation email

Another spam registration prevention method is to require users to confirm their email addresses. By setting up email confirmation, fake users and spambots won’t be able to log in.

With Formidable Forms, you can customize your user registration and login page forms with a confirmation email. To do this, you’ll need to install the premium plugin. Then, in your WordPress dashboard, go to Formidable → Add-Ons and activate the User Registration option:

User registration add-on

Now it’s time to create a registration form. Navigate to Formidable → Forms → Add New. You can choose from pre-made templates to make this process easier:

Formidable registration templates

Once you create a registration form, go to Settings → Actions & Notifications. At the top of the page, click on the Register User form action:

Register user form action

In the settings below, find Password. From the dropdown menu, select Set with link in email notification:

Email verification

Finally, click on Update to save these changes.

4. Require admin approval

If you manage a public directory, you might want to moderate the listings that users submit. Even though a free, public listing page will attract many entries, you’ll probably encounter many fake users. To prevent spam registration in WordPress, consider manually approving any public submissions you receive.

With the Business Directory plugin, you can change a new listing’s status to ‘pending’. This enables you to review any submissions from your online visitors.

First, make sure you’ve installed and activated the plugin. Then, go to Directory → Settings → Listings to open your listing settings:

Business Directory listings

Scroll down to Default listing status and Edit post status. Set both of these to Pending (Require approval):

Listing admin approval

Even if you make your Add Listing page publicly accessible, you can still approve any new submissions. This can be the key to removing spam before it goes live on your website.

5. Use an anti-spam plugin

You can also install a general spam prevention plugin to add some extra security to your WordPress website. Stop Spammers Security is a powerful tool that can help you block emails, ip addresses, comments, and registration from spambots:

Stop Spammers Security plugin

It is available as a free WordPress plugin, but the premium version includes more advanced features such as firewalls and brute force protection. Subscriptions start at $24.50.

After activating the plugin, go to Stop Spammers → Protection Options:

Spammers protection options

Typically, the default settings should be enough to protect your site from spam registration. It will automatically block any spam with a missing HTTP_ACCEPT header or disposable email address. This prevents bots from registering on your site:

Default spam registration prevention

You can also customize these options to meet your needs. For example, you can turn on the Members-only Mode so that only logged-in users can access your site:

Members-only mode

When you’re finished, click on Save Changes.

Conclusion

When you open your WordPress site to user responses, spam is virtually inevitable. However, there are many ways you can reduce spammy content. Whether you need to create a public directory or registration form, you can easily weed out any unrelated or dangerous entries.

To review, here are the five best ways you can prevent spam registration in WordPress:

  1. Disable public registration.
  2. Add a reCAPTCHA field.
  3. Set up a confirmation email.
  4. Require admin approval.
  5. Use an anti-spam plugin such as Stop Spammers Security.

With our Business Directory Plugin, you can approve listing submissions to check for spam entries. By adding a reCAPTCHA key and registration restrictions, you can fully protect your site!

Find more great WordPress best practices we recommend

This article may contain affiliate links. Once in a while, we earn commissions from those links. But we only recommend products we like, with or without commissions.

Complete your purchase
Special offer unlocked.
Get 55% OFF!
Complete Purchase
Join 20,000+ using Business Directory Plugin to build website directories fast. Get Started