WordPress and WooCommerce both allow users to register so that they can interact with your site. This is especially important for WooCommerce where you want users to be able to view previous orders or where you have subscriptions they need to be able to track and renew.

However, this can also be exploited by malicious scripts to send what’s called nuisance spam. Similar to contact form spam, WordPress can be remotely called to register a fake user with the email address of someone they wish to annoy with spam emails.


Disable Registration

The easiest fix is if registration on your site isn’t required, ensure it’s disabled. This is the default within WordPress, however some may have inadvertently left it on when testing WooCommerce or other plugin which required it. To check and ensure it’s disabled, you can do the following:

  1. Login to your WordPress Dashboard as an administrator.
  2. Go to Settings -> General:
  3. Ensure that the Membership checkbox is unchecked:
    preventing wordpress / woocommerce registration spam


We recommend ensuring you also have comments disabled and contact forms correctly configured.

Ensure CAPTCHA is enabled

If you do require user registration, one of the easiest fixes is to ensure your site has a CAPTCHA enabled to detect if the form is being filled out by a human or via a script. We have two ways to achieve this via two different systems and plugins:


We recommend ensuring that only one CAPTCHA plugin is installed on your site to avoid conflicts.

Was this article helpful?

Related Articles