This article is intended for WordPress site owners who want to secure or disable user registrations to prevent fake or spam account submissions.

Some WordPress sites allow public user registrations, which can be abused by spam bots to create fake accounts. This may lead to cluttered user lists, unwanted email notifications, and in some cases, security concerns. Below we explain how to disable registrations entirely or secure them to prevent fake signups.

Disable User Registrations

If you do not need users to register accounts on your website, you can simply disable the registration feature.

Step 1: Log in to your WordPress admin dashboard.

Step 2: Go to Settings > General.

Step 3: Locate the option Membership and uncheck Anyone can register.

Step 4: Scroll down and click Save Changes.

This completely disables public user registration. Only administrators will be able to add new users manually via Users > Add New.

Alternative: Secure User Registrations

If your website requires public user registration (for example, for memberships, forums, or shops), you can secure the registration process to minimise spam and fake signups.

1. Use a CAPTCHA or reCAPTCHA plugin

Adding a CAPTCHA to your registration form can block most automated bot registrations.

  • Plugins such as WPForms, Advanced noCaptcha & invisible Captcha, or reCaptcha by BestWebSoft allow you to integrate Google reCAPTCHA into WordPress registration, login, and comment forms.

2. Use a registration moderation plugin

Some plugins allow you to manually approve new registrations before they become active:

  • New User Approve

  • WP Approve User

With these plugins, every new user account must be reviewed and approved by an administrator before activation.

3. Block known spam bots and IP addresses

You can also use security plugins that include bot protection features:

  • Wordfence Security (includes bot protection, IP blocking, and login security)

  • CleanTalk Anti-Spam (protects forms and user registrations from spam bots)

    • Maxer clients are eligible for a free license - please contact our support team to request one.

4. Limit registration to certain email domains (optional)

Some plugins allow you to restrict registrations to specific email domains (for example, only company emails).

Additional Security Recommendations

  • Keep WordPress, themes, and plugins up to date.

  • Use strong administrator passwords.

  • Enable two-factor authentication (2FA) for admin accounts.

  • Regularly review user lists to remove suspicious accounts.

If you need our assistance or have questions, please feel free to contact our support team.

Updated by SP on 13/06/2025

Was this answer helpful? 1 Users Found This Useful (1 Votes)

Most Popular Articles

Wordpress - Wordpress White Page (Screen of Death)

If your website is displaying a blank white page on the landing or homepage, this normally means...
Wordpress - Conflict between WordPress and Password Protected Directories

There is a common conflict between WordPress and password protected directories. If you have...
How to improve WordPress site performance with LSCache

LiteSpeed Cache (LSCache) has plenty of advanced features that can enhance the speed of your site...
How to protect your WordPress site from SPAM using the CleanTalk plugin

CleanTalk is a powerful anti-spam plugin for WordPress that helps to keep your website free of...
Memory-Based Caching vs. Disk-Based Caching

Caching is a fundamental technique for optimizing the performance of websites. It helps reduce...