Tag Archives: spam bots

Finally, a WP plugin that stops user registration spam (WangGuard)

Stop the bots!

Have you ever searched for that perfect WordPress plugin, only to install it, activate it, then promptly deactivate it because it wasn’t living up to your expectations? Worse still; you’ve tried a myriad of keyword combinations in the plugin search field, only to be presented with suggestions that are irrelevant or unhelpful.

This happened to me recently when I started up on yet another mission to eliminate user registration spam. I’m not talking about the spam that Akismet detects (i.e. in blog comments), but the relentless registration of inactive users through the use of spam bots. While they may appear no harm at first, it would only take an accidental change in settings, or an exploitation in a future update for these dormant ‘users’ to spring into action. And, as most of you would agree, it’s annoying having your blog fill with empty bot registrations anyway.

Tip: Use Google to search for plugins because WordPress tends to place high relevancy on exact word matches for the plugin name. This prevents you from knowing whether the plugin’s context deals with the features you are seeking (the devil is in the detail).


Unlike previous attempts of mine (e.g. New User Approve), this free plugin actually went further than what I was expecting. At its core is a collaborative engine where bloggers press a button to report user spam. First, it’s deleted locally along with the user and, second, the spammer’s details are disseminated to other WangGuard users, thereby automatically blocking the bot from registering or posting on their blogs.

But for me there was another beaut feature which completely stopped all spam registrations in the first place; security questions. By adding a few simple question and answer settings (e.g. some basic math questions or ‘write the number 5 in words’), my spam registrations stopped overnight. It seems the bots don’t know their math, no matter how simple the question! With this feature, uou can type in any number of security questions and the plugin adds these randomly to the WordPress registration form.

Finally, you can now turn on the ‘anyone can register’ feature of your blog and actually allow welcome visitors to register and interact with you, knowing that the bots are eliminated. And, if you operate multiple blogs, WangGuard allows you to generate multiple API keys from the single account. It really is a painless process, and it should be the first ting you do after you finish reading this post!