Hosting Tutorial & Guide

How to Fight Against Spam Users in WordPress

updated on Jan 20, 2017
How to Fight Against Spam Users in WordPress If you are running a WordPress site that accepts public registrations, you may have already been bothered a lot by those spam users who stop you from offering a more pleasant using experience.

As a common problem for many WordPress site owners, spam users can bring both internal and external harms. Below are some of the examples.
  • Spam users consume your database storage so as to badly affect your working efficiency and potentially increase your cost.
  • They may post spam comments and leave outbound links which hurt your Google rankings.
  • Malicious scripts might also be injected, which is a serious security threat.
  • They can send spammy private messages to other users on your membership site, which could annoy the legitimate users and hurt your site's reputation.
After discussing the harm of spam users, now we'd like to show you some methods of identifying the spam users on your WordPress site, deleting them, and preventing the future spam registrations.

Identify and Delete the Existing Spam Users on Your WordPress Site

If you haven't implemented any method for prevention and have got some spam users already, you need to identify the bad users now and delete them from your website.

There are two ways to do so. In the case that there are only a few spam users, we would suggest going through your user list and deleting them manually without relying on any plugin. But if there are too many spam behaviors, you'd better use a plugin to automate the identification and deletion. Both ways are detailed in below.

Identify and delete spam users manually

To find out the few spam users on your site, you need to spot them from things like spam comments. Then, go to Users > All Users in WordPress dashboard, locate those users in the list, and delete them one by one or in bulk. This method is highly recommended if the spam users on your site are mixed with the legitimate ones.

Delete Spam User

If you'd like to bulk delete the users with a certain role, you can open the dropdown for "Change role to" and select the user role you want to apply.

Also, you may rely on other criteria like the registration date and the last login date. The former helps find the bulk spam registrations on the similar dates, and the latter is useful for spotting those users who haven't logged in for a certain period of time.

For these criteria, you'd better use the Bulk Delete plugin because WordPress doesn't come with such filters itself. Bulk Delete, however, enables you to do so.

Bulk Delete Spam Users

Identify and delete spam users with the WangGuard plugin

Don't want to be bothered by the manual works? Then you can install the plugin named WangGuard to save you from the troubles. This free plugin automates the spam user identification, and it is compatible with WordPress, WordPress multisite, BuddyPress and bbPress.

Upon installation, you have to get an API key in order to make the plugin work. Fortunately, this is simple. You only need to click on the get key link, register with WangGuard, and then you will acquire an API key.

Get API Key

When it is activated, WangGuard checks all the existing users on your WordPress site against its database. And if a user is found to be spammy, the plugin marks it under a column of "Sploggers" in WangGuard > Users. Then you can recheck the user carefully and delete it after verifying that it is a spam user.

If you have found some spam users that are not spotted by the plugin automatically, you can report them as sploggers by clicking on the "Splogger" button under the "WangGuard Status" column. The plugin will them move them to "Sploggers" and add them to its database to help other users.

Report Splogger

In fact, the power of WangGuard doesn't end here. Since its database includes some spam domains, if a spammer registers your WordPress site in the future with email addresses on those domains, he/she will be rejected. Besides, the plugin provides many stats for you to check the spam users on your site. Therefore, we suggest you explore its features for a while before taking it into real use.

Prevent Future Spam Registrations

As prevention is always more important than problem resolving, you'd better take some measures in advance to stop the potential spam users from registering. There are many effective methods for doing this, and below are the commonly adopted ones.
  • Using a plugin like WangGuard which checks your new signups against a reliable database of spammers. This method is sincerely recommended because it offers protection while not affecting the using experience.
  • Coding some advanced rules to filter email accounts with certain domains.
  • Forcing CAPTCHAs in your registration form to filter the robots. Note that this solution would cause some inconvenience to the legitimate users.
Also, you should keep a close eye on the moderation of new registrations, especially those suspicious ones. If you want some detailed suggestions on this, read this tutorial.