Block Spam User Registration on WordPress – Users registering from Russia with email having mail.ru

Scenario: Spam User Registration on WordPress

• When you enable New User Registrations on your WordPress website, you end-up having a lot of spam (unexpected/unwanted) new user registration taking place.
• If you manually delete them,  they again gets recreated automatically the next day.
• Most of these spam new user  registration are reported from different locations within Russia.  Below are some of the spam users details from the logs.
• Also, most of them use the email address with mail.ru domain as show from the logs below.

Logs:  Logs showing spam user registering from Russia with email having mail.ru

Used an invalid username ‘Daviddab’ to try to sign in.
User IP: 109.194.87.169
User hostname: 109x194x87x169.dynamic.nsk.ertelecom.ru
User location: Novosibirsk, Russia

Used an invalid username ‘Andryved’ to try to sign in.
User IP: 37.147.108.24
User hostname: 37-147-108-24.broadband.corbina.ru
User location: Moscow, Russia

Username: spoolinof
Email: weraannenskaya1993@mail.ru

Username: RosarioHax
Email: resIntuivyenlalia@progonrumarket.ru

Username: EdwardQuilT
Email: wertrtf.xcvsfw.86@mail.ru

Solution:

• There are various WordPress security plugins that effectively block these kind of Spam user registrations on WordPress sites.  However, most of them are paid plug-ins.
• A quick, easy and free option is to use Wordfence Security plugin and have the “Immediately lock out invalid usernames” option enabled. 
• You can read more about this option here:  Immediately lock out invalid usernames .  A quick excerpt of the current documentation text is as below:

  Immediately lock out invalid usernames

  This is an excellent security option and was requested by many members of our community. It will immediately lock out someone who enters an invalid username. However please note that your real users may mis-type their username and be locked out for however long you’ve specified. Being locked out of a website is a major inconvenience. So while this feature does an excellent job of instantly locking out someone trying to guess passwords, it also runs the risk of locking our real users. This is only recommended for sites with one or two users who don’t often make typing mistakes. If you have a staff of publishers, they may show up at your door with torches and pitchforks if they often mistype their usernames.

• Once you enable this option and configure alerts for your site, then you’ll immediately get to know if there was any spam new user account registration activity on your site along with the details as shown below

[Wordfence Alert] <websitename> User locked out from signing in

This email was sent from your website “websitename” by the Wordfence plugin at Sunday 14th of January 2018 at 06:19:08 PM
The Wordfence administrative URL for this site is: http://<websitename>/wp-admin/admin.php?page=Wordfence

A user with IP address 62.122.88.226 has been locked out from signing in or using the password recovery form for the following reason: Used an invalid username ‘DanielNit’ to try to sign in.
User IP: 62.122.88.226
User hostname: pool3.ahtuba.com
User location: Volzhskiy, Russia
NOTE: You are using the free version of Wordfence. Upgrade today:
– Advanced features like IP reputation monitoring, country blocking, an advanced comment spam filter and cell phone sign-in give you the best protection available
– Remote, frequent and scheduled scans
– Access to Premium Support
– Discounts of up to 90% for multiyear and multi-license purchases
Click here to upgrade to Wordfence Premium:
https://www.wordfence.com/zz1/wordfence-signup/
—

• It lets you configure three levels of security for new user registrations

• “Manually Approve New Registrations” –  If your site allows people to create their own accounts via the WordPress registration form, then you can minimize SPAM or bogus registrations by manually approving each registration. This feature will automatically set a newly registered account to “pending” until the administrator activates it. Therefore undesirable registrants will be unable to log in without your express approval. You can view all accounts which have been newly registered via the handy table below and you can also perform bulk activation/deactivation/deletion tasks on each account.
• “Registration Captcha” –  This feature allows you to add a captcha form on the WordPress registration page. Users who attempt to register will also need to enter the answer to a simple mathematical question – if they enter the wrong answer, the plugin will not allow them to register. Therefore, adding a captcha form on the registration page is another effective yet simple SPAM registration prevention technique.
• “Registration Honeypot” –  This feature allows you to add a special hidden “honeypot” field on the WordPress registration page. This will only be visible to robots and not humans. Since robots usually fill in every input field from a registration form, they will also submit a value for the special hidden honeypot field. The way honeypots work is that a hidden field is placed somewhere inside a form which only robots will submit. If that field contains a value when the form is submitted then a robot has most likely submitted the form and it is consequently dealt with. Therefore, if the plugin detects that this field has a value when the registration form is submitted, then the robot which is attempting to register on your site will be redirected to its localhost address – http://127.0.0.1.

A Quick screenshot of the the settings page with the above described options.