New WordPress Plugin Blocks Spam User Registrations Using Stop Forum Spam Database

When it comes to spam, comments are one of the first things that comes to mind. However, spam user registrations can be just as prolific on sites with open registration. Leland Fiegel, founder of Themetry, has developed a new plugin called Stop Signup Spam that prevents users from registering an account if their email or IP address is on the Stop Forum Spam database.

Stop Forum Spam is a free service that records reports of spam registrations from blogs, forums, wikis, and more. Stop Signup Spam integrates with the WordPress registration form and Restrict Content Pro. Fiegel launched a new site over the weekend and despite not announcing it, it received a handful of spam registrations.

After Googling the registrants’ email addresses, he discovered a number of them were reported on Stop Forum Spam’s site. “I had never heard of Stop Forum Spam before, but it is basically an Akismet equivalent for forum sign up spam,” Fiegel said. “I noticed they had a dead link to a WordPress plugin. I looked up the Stop Forum Spam API documentation and built a basic one myself a couple of days ago. I submitted it to WordPress.org and it was approved within a day.”

When a user is blocked from registering, the following error is displayed: Cannot register. Please contact site administrator for assistance.

Although users can check the Stop Forum Spam database to see if their email or IP address is blocked, the error message doesn’t inform them that Stop Forum Spam is what blocked their registration.

“I wanted to keep the error message vague so users wouldn’t lash out at site administrators for accusing them of being ‘spammers’ but clear enough that the site administrator would know it was a false positive when it was reported to them,” Fiegel said.

In the plugin’s description, Fiegel is clear about what data is sent to the service. Each time a user attempts to register an account, an API call that contains the user’s email and IP address is sent to Stop Forum Spam and checked against its database. Although the plugin uses the service’s API, it does not require users to register for an API key. This allows the plugin to function upon activation without having to configure anything. Registrants that are incorrectly blocked as spammers can submit a request to have their IP or email address removed from the database.

Fiegel has no plans to integrate support for other forms but is open to pull requests from those who would like to contribute integration support of their own. I did not test this plugin on an active site, but Fiegel says it has dramatically cut down on the number of spam registrations on his new site. If user spam registration is an issue you’re dealing with, consider giving Stop Signup Spam a try.

8 Comments


  1. For the record, I’ve had a plugin that does this for awhile. Unfortunately, life events have kept me from getting it updated, but it still does the job nicely.

    https://wordpress.org/plugins/seriously-simple-spam-blocker/#description (I adopted this one from Hugh Lashbrooke.)

    The thing I like about this new plugin is that it does the reporting back to Stop Forum Spam. That’s a feature I’ve wanted to get written but haven’t had the time. Props to Leland!

    Report


  2. I just had this happen on a client site last week – this was the first time I had ever experienced spam user registration. I turned off the “Anyone Can Register” option, but it’s great to know now there is a plugin to help with this issue.

    Report


  3. It would be interesting to know what this plugin does better than WP Spamshield – which is already a life saver and works like magic.

    WP Spamshield has been around since many years and uses a different DB but the result is quite close to 100% blocked spam registrations, comments or contact mails before they reach your server’s DB. So, what for another plugin?

    Report


    1. If an anti-spam plugin does not integrate with Stop Forum Spam, then Stop Signup Spam might be considered as a supplemental solution.

      But it is not intended to be an all-in-one spam protection solution (blog comments, contact forms, and user registrations) like WP-SpamShield.

      Report


  4. The plugin looks simple enough and there is a huge opportunity to further develop it, by adding various other spam databases and just switch them in a settings page or in the code.

    That being said, I have made a pull request and changed the API URL to HTTPS.

    Report


    1. Thank you Ciprian. I’ve accepted the pull request and updated it on WordPress.org.

      Should’ve probably had that initially, but looking over each other’s code is what open source is all about. :)

      Report


    1. Interesting, this is the exact plugin with a “dead link” that I referenced in the article. I probably wouldn’t have even made Stop Signup Spam at all if I had started just a day or so later.

      Oh well, glad to see the plugin is revived anyway. Can never have too many anti-spam plugins. :)

      Report

Comments are closed.