But it festers. And then, it starts to pop up in weird, frustrating places – putting us over the email cap on our overpriced CRM, making it much more difficult to glean anything from all of our analytics, having some people leak through the countermeasures and bother people over DM.

I poked around a bit, but it feels like every time I learn more about how to do something in WordPress, I am led down a path that leads to either a clunky and free solution, or one that is ridiculously overpriced.

Things I tried or used to ameliorate the situation:

• Captcha
• Captcha v2
• Captcha Xtreme
• Changing the registration flow on the site to require more stringent e-mail verification – this one was very funny, because now the spammers were all stuck in Pending registration instead.
• Adding a challenge question to the registration form
• Contacting the multiple software vendors we pay for services for plugin or code adjustments, and, of course, being told – “Good luck with that! Not our problem!”
• Manually approving new accounts – trust me, absolutely do not do this if you are having a similar problem

I blocked a few particularly egregious IP addresses once I dug into the logs on my site, but that was like throwing a few grains of sand on a rushing river and expecting it change course. I finally caved and decided to close off my site to a few specific countries with the Caucasus Mountains in them.

That clearly made them upset, because a few days ago, someone seemed to step on the gas pedal. What was once a trickle of fake registrations over the course of a day suddenly became one new spam registration or registration attempt almost every minute – no longer originating from any particular Oblast, but being routed through compromised machines all over the world.

My analytics were now totally unusable, my email log was a complete mess, and my website’s resources were being unnecessarily strained.

In the 48 hours since activating and correctly configuring the plugin for our environment, we have had zero spam registrations. Zero. 0. That’s none. I’m honestly still stunned.

The website and dashboard the developers have built to use the plugin is perhaps a bit spartan, but is extremely usable and works very well. The packages for subscription are fairly priced for any level of business, unlike the overwhelming majority of other SaaS plugins.

Trust the absolute flood of positive reviews.

I was getting flooded with spam comments, spending at least 30 minutes a day sorting through bot messages and sometimes not even knowing if certain comments were legitimate. As a small blog that had recently moved to my own domain, I didn’t want to accidentally delete even one real comment!

Since installing WP Armour, I haven’t had a single bot comment get through. I and my readers can rest in peace knowing WP Armour is protecting my site.

It even alerted me to comments I had previously approved that had been from bot accounts!

Would recommend to any blogger!

Wish I could go back in time and tell myself to install this plugin as soon as I started!

Easy install, clear UI, is working perfectly with my other plugins and my theme & WordPress version (Twenty Twenty-Three; v6.1).

As others have said, this plugin should be a feature by default. I’m not blogging without it ever again!

Actually managed to set up the cookie banner within minutes of having the plugin installed on my WordPress.

It’s super simple to manage the various options and lets me customize based on my site’s requirements.