There is no way to block 100% of spam, but you can block most of bots if you follow next recommendations:
- Disable caching for important pages
- Disable default WordPress registration form
- Disallow third-party plugins to create an account
- Approve new members after email verification
- Use Google reCAPTCHA
- Use unique links
- Use security plugins
1. Disable caching for important pages #
Disable caching for pages “Login”, “Password Reset”, “Register”. Caching the authentication functionality is a security vulnerability.
Caching plugins usually have settings to disable caching on certain pages, use them.
Pay attention that some hosting providers have a built-in caching tool on the server-side. Please look at the server settings or ask hosting support for assistance.
2. Disable default WordPressWordPress does more than 38.8% of all websites on the internet. Yes - more than one in four websites you visit is likely powered by WordPress. • WordPress.org , often as self-hosted WordPress is the free open source WordPress software that you can install on your own web host to create a 100% custom website.• WordPress.com is a for-profit, paid... registration form #
Go to the page [wp-admin > Settings > General] and disable setting “Membership – Anyone can register”.
3. Disallow third-party plugins to create an account #
Ultimate Member can’t forbid another plugin to create an account, so you have to do it manually. See the example for the WooCommerce plugin below:
[wp-admin > WooCommerce > Settings > Account & Privacy]
4. Approve new members after email verification #
Set the user role option “Registration Status” to “Require Email Activation”. In this case, a new user has to confirm the email to approve the account.
[wp-admin > Ultimate Member > User Roles > Edit Role]
5. Use Google reCAPTCHA #
Add Google reCAPTCHA to the login form and to the registration form. Add Google reCAPTCHA to the social login registration overlay form if you use the extension ” Ultimate Member – Social Login“.
You should install the free extension ” Ultimate Member – reCAPTCHA” to use reCAPTCHA. The article “Google reCAPTCHA” describes how to use the extension.
[wp-admin > Ultimate Member > Forms > Edit Form (Registration)]
6. Use unique links #
Change the register page link from default “register” to some other.
[wp-admin > Pages > Edit]
7. Use security plugins #
Install and configure one of the security plugins, such as Wordfence Security, Sucuri Security, Cerber Security, or similar. Please be careful with the security settings, because too strong rules may block useful functionality.
