Hi there,
We've had Toolset active on this site for a few years now, and all of a sudden we're receiving TONS of spammy user registrations. We have a User Form set up for user registration, and an active and (seemingly) functioning CAPTCHA, but we can't seem to stop these submissions.
I've tried looking for other users' experiences on this, but all of the suggestions seem to be the same: use a CAPTCHA, require manual admin approval for registrations (not feasible), and turn off "anyone can register" (already done).
Our registration page is: hidden link.
Thank you for your assistance!!
Hello,
There might be other registrations entrance in your website.
Please try these:
1) Edit the Toolset user registration form you mentioned above, add an email notification and send it to your own email.
So when any user use this form and register in your website, you will get an email.
2) If you don't get the email, and new user created, then there should be other registrations entrance in your website, you need to check your website access logs to locate the problem.
Thanks, Luo -- great idea with the email notification. I'll set this up and let you know how it goes!
Cheers,
Nick
OK, please update here if you need more assistance for it.
Hey Luo,
We got a batch of spam registrations again last night, but I didn't get the email notice I set up, per your suggestion. I'm looking through logs and I'm not seeing anything related to user registration. I will of course keep digging, and I know this is now not a Toolset issue, but if you have any pointers as to how I might discover this open registration endpoint, I'd be very grateful!
Thanks again for your help!
Cheers,
Nick
As I know, in order to register in WordPress website, it needs to access your website first, you should be able to find them in your website access logs, and locate the registrations entrance
For example, for nginx webserver, you can follow their document to get the access logs:
hidden link
section "Setting Up the Access Log"
