If you have been getting a bunch of unwanted new user registrations on your WordPress website and are wondering what they are and where they are coming from, with such bogus email addresses mostly from the gmail.com domain like firstname.lastname@example.org do not fear, here’s what to do!
It’s the spambots trawling through seeing where they can get access and leave spam. In WordPress you can see if you have registration enabled by checking http://www.yourdomain.com/wp-login.php and if you have “Registration” below the login then anyone can subscribe and as long as you have the default level set on the lowest “Subscriber” nothing bad is going to happen.
WordPress ships with the default level in this setting set to Subscriber and the user has very limited access to the site. But I would rather be giving no access.
To turn this off go to WordPress Dashboard > Settings > Settings > Membership and uncheck “Anyone Can Register”.
This will stop spam users setting up fake accounts saving you a lot of admin deleting time.
If you do have a load of bogus users to delete you can speed up the process by increasing the amount of users you can see on screen and then to a mass delete. By changing the screen options and upping the number – 999 is the maximum, if your server can handle it – otherwise try 300 at a time.
If you do want to keep legitimate subscribers consider a plug-in like Subscribe2