How to avoid unwanted user registrations?

  • Resolved Abid

    (@hussain76)


    1 week, 6 days ago

    In order to implement a subscription model, we have to enable user registration in general settings.

    Now we encounter unwanted registrations from doubtful sources which are using wp-login.php?action=register. Adding reCAPTCHA (v2) to wp-login.php didn’t help.

    As we’ve implemented a custom registration form for the subscription, we disabled registration via wp-login.php?action=register via hook:

    add_action('login_form_register', 'my_subscription_plugin_forbid_login');
    function my_subscription_plugin_forbid_login() {
      echo "User registration forbidden.";
      http_response_code(403);
      die();
    }

    Is this sufficient to avoid unwanted registrations or is there a better way to achieve this goal?

Viewing 1 replies (of 1 total)
  • Moderator bcworkz

    (@bcworkz)

    It’s effective for wp-login.php registrations of course, but you can still get spam registrations through your custom form. A lot less likely since its URL is not well known, but it’s probably easily discoverable all the same. You might consider using reCAPTCHA v3 to protect all forms on your site, registration and and others. v3 is also less bothersome for legitimate registrants to use. Many will not notice that it’s even active. This coming from someone who is normally loathe to promote anything Google.

    Some spam registrations are still possible, but the volume should be minimal. If the volume becomes troublesome, there are some additional measures you might consider taking.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.

Tags