How I tackled WordPress registration spam

on in WordPress
Last modified on

For a while now, I have been using Mika’s Ban Hammer plugin with a custom list of blacklisted domain names and fragments. However, when maintaining several hundreds of websites, copying and pasting the same list takes a lot of time. The only solution I could see here, was maintaining a list off-site, and then importing it every time. However, this also took a bit of time.

Instead, I decided to have an off-site list, and then hardcode the actual blacklist check. This is optional, so, if I don’t want to use the off-site list, I don’t.

Here’s how it works:

Packaged as a WordPress plugin functionality inside my Lighthouse plugin, this registration check fetches a list – currently holding ~4,000 domain names and fragments – and then checks the username and the email against it. That is all. The list is hosted on a fast CDN, so there is no slowdown. Also, if the list is not available for any reason, then the registration process continues and the spam account is allowed.

Lighthouse registration spam blacklist
In the screenshot above, the name of my custom list is 4P.

On one of my servers, I have ~100 websites, and they all receive spam registrations from the same domain names. Being reactive, I am adding new domain names to the list on a weekly basis, and the registration attempts have slowed down considerably.

If you get my Lighthouse plugin, you get to block your own domains and also take advantage of my off-site blacklist.

Related posts