Spam user registrations can become a real problem when you use open registration. Leland Fiegel, a founder of Themetry, has developed a new plugin called Stop Signup Spam that prevents users from registering an account if their email or IP address is already included in the SFS database.
Stop Forum Spam is a free service that records reports of spam registrations from blogs, forums, wikis, and more. Stop Signup Spam integrates with the WordPress registration form and Restrict Content Pro. Fiegel launched a new site over the weekend and despite not announcing it, it received a handful of spam registrations.
After Googling the registrants’ email addresses, he discovered a number of them were reported on Stop Forum Spam’s site. “I had never heard of Stop Forum Spam before, but it is basically an Akismet equivalent for forum sign up spam,” Fiegel said. “I noticed they had a dead link to a WordPress plugin. I looked up the Stop Forum Spam API documentation and built a basic one myself a couple of days ago. I submitted it to WordPress.org and it was approved within a day.”
When a user is blocked from registering, the following error is displayed: Cannot register. Please contact site administrator for assistance.
Although users can check the Stop Forum Spam database to see if their email or IP address is blocked, the error message doesn’t inform them that Stop Forum Spam is what blocked their registration.
“I wanted to keep the error message vague so users wouldn’t lash out at site administrators for accusing them of being ‘spammers’ but clear enough that the site administrator would know it was a false positive when it was reported to them,” Fiegel said.
In the plugin’s description, Fiegel is clear about what data is sent to the service. Each time a user attempts to register an account, an API call that contains the user’s email and IP address is sent to Stop Forum Spam and checked against its database. Although the plugin uses the service’s API, it does not require users to register for an API key. This allows the plugin to function upon activation without having to configure anything. Registrants that are incorrectly blocked as spammers can submit a request to have their IP or email address removed from the database.
