When it comes to spam, comments are one of the first things that comes to mind. However, spam user registrations can be just as prolific on sites with open registration. Leland Fiegel, founder of Themetry, has developed a new plugin called Stop Signup Spam that prevents users from registering an account if their email or IP address is on the Stop Forum Spam database.
Stop Forum Spam is a free service that records reports of spam registrations from blogs, forums, wikis, and more. Stop Signup Spam integrates with the WordPress registration form and Restrict Content Pro. Fiegel launched a new site over the weekend and despite not announcing it, it received a handful of spam registrations.
After Googling the registrants’ email addresses, he discovered a number of them were reported on Stop Forum Spam’s site. “I had never heard of Stop Forum Spam before, but it is basically an Akismet equivalent for forum sign up spam,” Fiegel said. “I noticed they had a dead link to a WordPress plugin. I looked up the Stop Forum Spam API documentation and built a basic one myself a couple of days ago. I submitted it to WordPress.org and it was approved within a day.”
When a user is blocked from registering, the following error is displayed: Cannot register. Please contact site administrator for assistance.
Although users can check the Stop Forum Spam database to see if their email or IP address is blocked, the error message doesn’t inform them that Stop Forum Spam is what blocked their registration.
“I wanted to keep the error message vague so users wouldn’t lash out at site administrators for accusing them of being ‘spammers’ but clear enough that the site administrator would know it was a false positive when it was reported to them,” Fiegel said.
In the plugin’s description, Fiegel is clear about what data is sent to the service. Each time a user attempts to register an account, an API call that contains the user’s email and IP address is sent to Stop Forum Spam and checked against its database. Although the plugin uses the service’s API, it does not require users to register for an API key. This allows the plugin to function upon activation without having to configure anything. Registrants that are incorrectly blocked as spammers can submit a request to have their IP or email address removed from the database.
Fiegel has no plans to integrate support for other forms but is open to pull requests from those who would like to contribute integration support of their own. I did not test this plugin on an active site, but Fiegel says it has dramatically cut down on the number of spam registrations on his new site. If user spam registration is an issue you’re dealing with, consider giving Stop Signup Spam a try.