New User accounts constantly

Hey @jglazer63,

If you don’t mind, please allow me to help.

Wordfence will solve your issues. There is no other security plugin like it. I use it for several websites (simple and complex). Couldn’t be happier. Upon installation and activation, the plugin may feel a bit intimidating but as you explore it and read the documentation, you’ll be very happy with all of the security features it offers.

So, my recommendation would be:

1. Perform a clean uninstall of your Captcha plugin (and any other Security plugins you may be using).
2. Install Wordfence.
3. Ensure the Wordfence settings you select do not overlap with the same settings offered by any other plugins or your .htaccess file.
4. Set up your Login 2FA (optional), reCaptcha (V3), etc. using Wordfence.
5. Delete all unwanted users.
6. Clear all cache layers.
7. If any issues, refer to this support forum for answers or solutions.

If satisfied with the above, please consider closing this topic as “Resolved.”

Best wishes!

PS: I’m not affiliated with Wordfence. Simply offering goodwill support.

Hi @jglazer63, thanks for reaching out.

As Generosus said above, you can by all means revert to Wordfence’s reCAPTCHA if you’re using the default registration/login screens for WordPress and/or WooCommerce. There should certainly be some benefit to disabling XML-RPC as you’ve already done but if you’re finding that registrations still come through, Wordfence’s ?Brute Force?or?Rate Limiting?features may help too. Traffic may be targeting the site itself rather than XML-RPC so it’s good to time the IPs out for a period. The settings are explained in more detailed by using the links provided.

Many thanks,
Peter.