JP User Registration Blacklist

Prevent User Registration Spam, and Track New User IP address

Author:Justin Parr (profile at wordpress.org)
WordPress version required:3.0.1
WordPress version tested:4.2.2
Plugin version:1.7.2
Added to WordPress repository:15-05-2014
Last updated:04-06-2015
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
Rating, %:100
Rated by:6
Plugin URI:https://wordpress.org/plugins/jp-user-registr...
Total downloads:6 711
Active installs:100+
plugin download
Click to start download

Update: 6/2015

Changed e-mail token and math problem confirmation logic. Previously, everything happened all at once, and the user would get prompted mutliple times for the math problem. Now, the user must answer the math problem first, before the e-mail token is sent. Once the math problem is correctly answered within the session, it isn't asked again. The user must now enter the correct token, which results in successful registration. SPECIAL THANKS TO OLEG M. FOR HELPING ME IDENTIFY, FIX, AND TEST THE ERROR!!

Update: 5/2015

Added E-mail confirmation token. Prevents registration until user enters a token sent via e-mail.

Features:

  • Prevent users from registering, if their IP or e-mail address is listed in the "Comments" blacklist (Settings..Discussion)
  • E-mails user a 4-digit token, and requires the user to enter the token in order to register.
  • Users must solve a simple math problem (Add two one-digit numbers).
  • Places user IP address in "Website" field.

This is a super-simple user registration spam countermeasure. I searched for a plugin that was SIMPLE and EFFECTIVE. I looked at quite a few plugins that promised the desired effect, but were either cumbersome, or included too many unneeded or unwanted features. Likewise, there are some very simple plugins that are less-than-effective.

This plugin is VERY simple:

If the user's IP or e-mail address is listed in the "Discussion" comments blacklist, it prevents the user from registering. This functionality should really be built in to WordPress, so, you're welcome.

When the user registers, they are presented with a simple math problem - adding a 3-digit number to a 1-digit number. 99% of the "user reg spam" is based on bots being able to attack the basic WordPress registration form. By adding even a simple math problem, most bots will fail, removing your site as a target of opportunity. Criminals go after what's easy - if you make it slightly more difficult for them, they will go after someone else.

Once the user solves the math problem, they are sent a 4 digit token via e-mail, and must enter that token to continue registration.

Finally, knowing the location from where your users register allows you to more effectively evaluate and block the source. This plugin adds the user's IP address (at the time of registration) to the "Website" field.

Go to http://whois.arin.net to find out who they are. If you decide to block the IP, add the IP address, part of the IP address, or e-mail domain to the "Discussion" comments blacklist, and ANY user registrations from an IP address matching that pattern will be blocked.