WordPress has come a long way from being just a blogging site. With plenty of website owners choosing to use the platform to create their business websites, there have been countless instances of spammers trying to spread malicious code into people’s websites. Here are some tips to actively identify spam users from your WordPress website and put an end to it, once and for all.
Spam can hurt a website both internally and externally as they can bloat up databases and it makes managing your WordPress website quite annoying. However, this does not mean WordPress is a bad option for blogging or creating a business website. It is, in fact, one of the best picks when you have to choose blogging platform options. All you need to do is select website builders that allow you to have complete access to your website and with a few simple tweaks, you can get rid of spammers for good.
Here are some tips to avoid spammers:
Enable ‘Subscriber’ as the Default User Role
It is one of the easiest ways to safeguard your website from spammers. All you have to do is head to your General settings from the Settings page of your WordPress website. Here, you need to uncheck the Membership option and set it to Subscriber and check the ‘Anyone can register’ option. This will allow anyone to make an account for your WordPress website, but they will not get any form of Dashboard access unless you manually assign permissions to them.
CAPTCHAs are highly effective, but they can also be slightly inconvenient for users who are not spammers. It requires your users to solve simple math that would otherwise fool spambots. You can download from a host of CAPTCHA plugins for your website like reCAPTCHA or CAPTCHA by BestWebSoft to deter spammers.
CAPTCHAS work in WordPress login pages, password recovery pages, comments as well as any contact form you may have on your website. They are also very easy to solve, with the plugins allowing your users to change the question if they find it too difficult to fill in. You can also configure the difficulty of the CAPTCHA questions, but, it will also make the user experience worse as people would need to sit and spend time on difficult questions. The easiest version of CAPTCHAS involves entering letters or numbers displayed on an image in a text field, which also happens to be the most commonly used CAPTCHA type.
Honeypots come in the form of plugins that allow you to block spammers just like CAPTCHAs do minus the hassle of your users having to input any additional codes to access your website. Honeypot plugins are user-friendly and are hidden in pages of a website that have registration forms. They are invisible to normal users, but when spambots access them, they spot invisible fields in the form and fill them up with spam data. Any spam input will trigger the honeypot plugin and the requests from the spambots are immediately rejected.
Some of the popular honeypot plugins include Contact Form 7 Honeypot, WP-Honeypot, and WP-SpamShield Anti-Spam. These plugins are very easy to setup and work with a variety of other form plugins to help you set up registration forms for your website without a hassle.
Email Verification is one of the ways to block spammers without the use of additional plugins on your website. You need to install the WPForms plugin and enable the User Email Activation option from your Add-ons tab. The plugin prompts all users who sign up on your website to check their email inboxes and click the verification link to complete their registration.
Websites that require admin approval are less prone to hackers as every sign up is manually checked by admins of a website. This way all genuine users are approved while spammers are rejected.
To enable Admin Approval, you need to do the following:
- Head to the Settings page of your WordPress website
- Select User Activation Method on the preview panel on the right
- Select Manual Approval
If you are too slow at approving users, it will adversely affect the user-experience of your website. Make sure that you have enough website admins to quickly approve or reject all new requests. Each time a new user signs up, you will receive an email from WordPress notifying you of the same.
Secure User Registration Forms
By default, WordPress sign up forms are very simplistic and only require an email address and a password to be set to sign up. If you want to allow users to your website you should create a custom user registration form for added security against spammers. You can use the WPForms User Registration Addon to create custom security forms. The User Registration Addon is a paid plugin that you can install to WPForms. To set up a secure user form, do the following:
- Download the WPForms plugin
- Head to WPForms > Add-ons
- Select the User Registration Addon
- Create a User Registration Form using the provided tools
- Setup CAPTCHAs or Honeypots for added security
- Save the form
Once done, all new users will be required to fill up the form before getting a subscription to your website. Ensure that your form is simple to understand and can easily be filled up by anyone interested in accessing your website.
Block IP addresses of spammers
All computers on the internet have unique IP addresses. If you have been facing lots of spam on your website you need to do the following:
- Head to the Notifications panel from your WordPress Settings menu
- Click on ‘Show Smart Tags’ under Message
- Click on ‘User IP Address’ and note down the IP addresses of all spammers
You can send these IP addresses to your web hosting company to block them from accessing your website. Alternatively, you can use plugins like ‘IP Ban’ that allows you to block IP addresses yourself from your WordPress settings.
Implementing the right measures can allow you to prevent and remove spam from your website for good. You want to have enough protection to prevent spammers, but not too many security measures in place that might hinder upon your audience’s user-experience. The above tips should help you ward off spammers and keep your WordPress free from spam and offer your users a clean experience.
Latest posts by Pawan Sahu (see all)
- Non-Developer’s Guide for Customizing a WordPress Theme - September 19, 2018
- Checklist for Migrating Your Site’s WordPress Theme - July 2, 2018
- How to Avoid Spam User Registration in WordPress - April 10, 2018