There is no way to block 100% of spam, but you can block most bots by following the recommendations below:
- Disable caching for important pages
- Disable the default WordPress registration form
- Forbid third party plugins to create an account
- Approve new members after email confirmation
- Use Google reCAPTCHA
- Use clear links
- Use security plugins
1. Disable caching for important pages #
Disable caching for the Login, Reset Password, Sign Up pages. Caching authentication functionality is a security vulnerability.
Caching plugins usually have settings to disable caching on specific pages, use them.
Note that some hosting providers have a built-in caching tool on the server side. Please see server settings or ask hosting support for help.
2. Disable the default WordPress WordPress does more than 38.8% of all websites on the internet. Yes - more than one in four websites you visit is likely powered by WordPress. • WordPress.org , often as self-hosted WordPress is the free open source WordPress software that you can install on your own web host to create a 100% custom website.• WordPress.com is a for-profit, paid... registration form #
Go to the [wp-admin > Settings > General] page and disable the “Membership – Anyone can register” setting.
3. Forbid third party plugins to create an account#
Ultimate Member cannot ban another plugin from creating an account, so you have to do it manually. See the WooCommerce plugin example below:
[wp-admin > WooCommerce > Settings > Account & Privacy]
4. Approve new members after email confirmation #
Set the Enrollment Status user role option to Requires Email Activation. In this case, a new user must confirm the email to approve the account.
[wp-admin > ultimate member > user roles > edit role]
5. Use Google reCAPTCHA #
Add Google reCAPTCHA to login form and registration form. Add Google reCAPTCHA to the social login registration overlay form when using the extension „Ultimate Member – Social Login“ use.
You should get the free extension „Ultimate Member – reCAPTCHA“ Install to use reCAPTCHA. The item „Google reCAPTCHA“describes how to use the extension.
[wp-admin > ultimate member > forms > edit form (registration)]
6. Use clear links #
Change the registration page link from the default “register” to something else.
[wp-admin > Pages > Edit]
7. Use security plugins #
Install and configure one of the security plugins like Wordfence Security, Sucuri Security, Cerber Security or similar. Please be careful with security settings as too strict rules can block useful features.
Dieser Beitrag ist auch verfügbar auf: Deutsch (German)