Registered Users On Wordpress Self-hosted Blog?

[Kenra Daniels]

Over the past several weeks, I've noticed an unusually high number of newly registered users (as subscribers) on my self hosted wordpress blog.

The vast majority of them use what look like random chains of letters and numbers as usernames and their email addresses are often Russian or Chinese sounding. The same email address often registers multiple user names.

To me, that all points to spamming/scamming. I just can't figure out what advantage they could possibly gain that way. I use Akisment plug-in to block spam and it's exceptionally effective, so they can't spam comments on my site.

Does anyone know of any other reason spammers/scammers could be registering on my site?

TIA
Kenra

 

[Deleted member 42]

they're would-be spammers. They're using a bulk registration script.

Delete them.

 

[BAY]

Unfortunately, if they get past you the spamming works (pays off), and the little bots send the link up the ranking chain. That's why spam never stops.

 

[SuzieRox]

I just learned about this the other day. There is an option to untick the box so that people can't register on your site. They do it to spam your site and to get links back to their own site by including their URL in their profile.

Delete them quick and remove the option to allow people to register! I had to use a plugin to get rid of all the bots that signed up on my blog after I had thousands of them. I had no idea it was a security risk until I checked on another forum

 

[SuzieRox]

Sorry, when I say untick the box, it's in your settings

General Settings

Untick the box...
Membership >> Anyone can register

 

[Deleted member 42]

I just learned about this the other day. There is an option to untick the box so that people can't register on your site. They do it to spam your site and to get links back to their own site by including their URL in their profile.

Delete them quick and remove the option to allow people to register! I had to use a plugin to get rid of all the bots that signed up on my blog after I had thousands of them. I had no idea it was a security risk until I checked on another forum

And how do you propose to accomodate comments?

There are a couple of ways, but you need to think about all the ramifications.

 

[meowzbark]

User Spam Remover Plugin.

Automatically removes users that don't comment or do anything within xxx amount of days of signing up. Plus it removes the email notification.

 

[EMaree]

And how do you propose to accomodate comments?

There are a couple of ways, but you need to think about all the ramifications.

It's been a while since I've used the built-in comment system (I use Livefyre these days), but I think when you turn off registration it just switches to accepting comments by the old Name, URL (optional) and e-mail fields.

Akismet protection still runs and comment moderation, reCaptcha's etc are still an option. Personally I found no benefit from allowing registered users.

 

[Deleted member 42]

It's been a while since I've used the built-in comment system (I use Livefyre these days), but I think when you turn off registration it just switches to accepting comments by the old Name, URL (optional) and e-mail fields.

It depends entirely on the settings used.

It can also depend on whether plug-ins like Jetpack are operational.

 

[HistorySleuth]

OK, so what is the best setting to do this? I'm new to this and I am just setting up a blog, my own URL, through go daddy using a wordpress theme. I want comments but not spam. So did the above mean to untick the option to register so people can't, than use the captcha thing so real people can still post comments? And what is jetpack? I saw that in the apps I can add.

 

[meowzbark]

OK, so what is the best setting to do this? I'm new to this and I am just setting up a blog, my own URL, through go daddy using a wordpress theme. I want comments but not spam. So did the above mean to untick the option to register so people can't, than use the captcha thing so real people can still post comments? And what is jetpack? I saw that in the apps I can add.

I wouldn't use captchas. More often than not, I don't comment on a blog when they use them.

Akismet catches 99% of spammers for me and I moderate first time commenters also.

 

[EMaree]

Seconding meowzbark's recommendations. Akismet and moderating first time commentors worked for me for years. If you do watch to use a Captcha, I'm going to namedrop ReCaptcha again because it's the only one I can ever read easily. It has a Wordpress plug-in.

Jetpack has some nice features (I'm particularly fond of Wordpress.com Stats) but it also has a lot of potential to break things. The commenting system in particular didn't play nicely with my site.

Definitely worth trying out, but disable it if you run into any odd issues.

 

[HistorySleuth]

Thanks meowzbark and EMaree for the advice on that. I don't really like the Captcha thing when I comment, now that I think of it, I can't read it half the time.

So in looking at the setting for my wordpress, do you hold comments for moderation until you know their real people? Then they can post anytime once approved? Do you have them fill out their name and email address? I'm not sure how to set the comment settings to make it easy for people, yet not easy for spammers. I'll check out Akismet too. Thank you.

 

[HistorySleuth]

Ah, ok, I see how Akismet works. Signing up for that for sure. Thanks. So then you leave the comment section open? In other words do they need to sign in with ex:a google user name? I notice some blogs do that, or your email or just your name with no verification of email or social acct.

 

[meowzbark]

Here's what you need to check.

Dashboard --> Settings --> Discussion

Before a comment appears
[ ]An administrator must always approve the comment
[X] Comment author must have a previously approved comment

That allows anyone who you have previously approved a comment to comment unrestricted. Every one else must be approved by you. Since you won't ever approve a spammer's comment (and most won't visit twice), you don't have to worry about what will be posted when you're offline.

EDIT: I don't currently require name/email for my blog, but I do notice that it is common to do so.

 

[HistorySleuth]

Thank you Meowzbark.

 

[Samball49]

Askimet is great but some things do slip past. The best way to fix the problem is just by deleting them.