If your website is getting hit with lots of new random registrations on your WordPress site, majority of the new registrations may be spam accounts looking to exploit your website from an unprotected URL (yourwebsite/wp-login.php?action=register). We will show you a few steps on how to protect yourself against such exploitations.
Step 1: Block user registrations on your website
Jump to step 2 if your website requires user registration
Go to your admin dashboard >> General >> Settings >> Membership (untick anyone can register)
Step 2: Download WPS Hide Login plugin or similar plugins
Jump to step 3 if you currently use user registration forms and shortcodes for your login and registration pages
WordPress allows registration and login via yourwebsite/wp-login.php?action=register and yourwebsite/wp-login.php?action=login which are the primary targets of most Spambots. WPS Hide Login lets you hide or customise the URLs to prevent spam.
Step 3: Use custom redirect
Most user registration and login forms offer fancy customisations but do not necessarily block access to yourwebsite/wp-login.php?action=register and yourwebsite/wp-login.php?action=login, you can permanently redirect the pages to your custom registration and login pages. We recommend Safe Redirect Manager, Redirection or Yoast SEO to manage your redirects
Step 4: Select subscriber for your website’s new default user role
To prevent successfully registered bogus accounts from gaining access to your backend, ensure your website’s new default user role is set to subscriber.
From your admin area >> General >> Settings >> New Default User Role (select subscriber)
Secure your website from brute force attacks and other forms of exploitations with security plugins such as Wordfence Security, Sucuri Security – Auditing, Malware Scanner and Security Hardening, All In One WP Security & Firewall, Anti-Malware Security and Brute-Force Firewall
Disclaimer: Design Droids have no marketing affiliations with any recommended links on this article, please read the terms and conditions of each plugin before using them as we will not be liable for any liabilities incurred from the use of the products