Plugin Suggestion - Stop Spam Users


i realize anti-splog is solely for stopping spam blog creation. i don't see a plugin which would prevent spam user creation.

from what i see on the forums, it's a very widespread issue. in anti-splog, i see the option to rename the signup file, but i can't find any documentation of which file(s) to edit to "Replace any hardcoded links to wp-signup.php." i'm using the daily theme. i searched within files and wasn't able to find any links. i'm still in the rookie class though.

i've gotten several of the higher rated captcha plugins available from wordpress, each has its benefits, but nothing seems work completely for what i want. i simply want a bot-catcher on my signup page, i don't care if it's cats or text. seems simple enough. "wpmu super captcha" was the closest to actually meeting the challenge, but it still displays the random-character captcha that comes preloaded, even though i've completely re-worked it to include only my words (my words show up properly, as well as the randomness occasionally). also, it fails to load on about every 5th page load, first 4 times (approx) are fine. i know it's "wpmu" not "wpmu dev" so i don't expect you guys to troubleshoot it.

i really think that a plugin specifically created to stop spam user registration would be very widely appreciated.

any one have other thoughts? as i said, i'm still new to this, so i could be missing something. :slight_smile:


  • Philip John


    Spam is always a problem and one that rarely goes away. We can only try our best!

    i see the option to rename the signup file, but i can't find any documentation of which file(s) to edit

    You don't need to edit any files - anti-splog takes care of that thanks to the way WP works.

    I think you'd do well to check out this thread which gives an excellent round up of a bunch of ways to protect your site from spam:


  • Jason

    thanks for the very quick response, Phil!

    to accommodate anti-splog signup file renaming, i deactivated buddypress and enabled the renaming feature. when i hit the button to sign up on the live site, i get "The signup page location has been changed." url shows: -- even in browsers i haven't used in weeks.

    "To use this you may need to make some slight edits to your main theme's template files. Replace any hardcoded links to wp-signup.php with this function: <?php ust_wpsignup_url(); ?> Within post or page content you can insert the [ust_wpsignup_url] shortcode, usually in the href of a link. See the install.txt file for more detailed documentation on this function."

    i realize it says "may need to make some slight edits" but if my page link is broken, with the url still pointing to the original location, wouldn't that say that there's a hardcoded link in there? also, these are the only instructions for that portion of anti-splog, there's no install.txt in the zip file as it says there is and within the installation instructions on the plugin's page, it's not very detailed (step 10).

    i'm kinda confused.

  • Jason

    well, thanks Aaron, i'd have to assume you were replying to my first comment. my last post was specifically about anti-splog moving the file but the link to the file's broken.

    main problem: spam user registration, 10 per day and the site isn't up yet.

    solution: anti-splog - rename signup file

    new problem: link in theme is not pointing to the new location of signup file.

    just need to know where to make the change for the link.

    thanks again!

  • Jason

    daily theme.

    and yes, i would search within the files too, as i did, which led me to create this thread.

    i found a few references to wp-signup.php within wp-includes folder, which i didn't think would be the correct place, since if it truly was correct, then the instructions would surely say which specific files to change, since ms-*.php files within wp-includes have gotta be standard install files and should be edited with caution, at least it seems to me. i made some test changes, the link/button to sign up within the theme remains pointing to the default location.

    for instance ... in ms-functions.php:

    function signup_nonce_check( $result ) {
    	if ( !strpos( $_SERVER[ 'PHP_SELF' ], 'wp-signup.php' ) )

    in ms-settings.php:
    $destination = 'http://' . $current_site->domain . $current_site->path . 'wp-signup.php?new=' . str_replace( '.' . $current_site->domain, '', $domain );

    i realize it says "may need to make some slight edits" but if my page link is broken, with the url still pointing to the original location, wouldn't that say that there's a hardcoded link in there? also, these are the only instructions for that portion of anti-splog, there's no install.txt in the zip file as it says there is and within the installation instructions on the plugin's page, it's not very detailed (step 10).

    better instructions would be very helpful, i just need some guidance. this seems kinda far from simply activating the plugin with "little to no code to edit."

  • S H Mohanjith

    This is not tested but it should do the trick to change the singup link. Please let us know how it goes. Please add the following to your theme functions.php or create a new plugin and add this to that.

    add_filter('register', 'my_register', 100);
    function my_register($link) {
    $link = str_replace('wp-signup.php', 'new-signup.php', $link);
    return $link;

    If you have any issues please do let us know.

  • Jason

    thanks for taking another look at it. still can't get it to change from the default link location, button still links to the old wp-signup.php location.

    anti-splog is definitely working, it's changing the location properly, as well as properly generating the error when the file is requested from the original location. i think changing the file location is an awesome work around against spam signups.

    seems to me, if we can find which variables the daily theme is using for the link/button, then we can modify those to the correct variable. maybe? :slight_smile:

    thanks again, whoever's reading this.

  • Jason

    i should have also mentioned that the daily theme has an entry to modify the location of the signup page, to a custom page. "Enter a custom page if you've created one for your login"

    i tried adding the proper code in there, it appends the contents to the url, so it shows "[ust_wpsignup_url]" or however i add it, when specifically entering "[ust_wpsignup_url]".

    could this field be used to get around the issue of the sign up link/button not updating to reflect the new file location?


  • Jason

    wow, guys, seriously, if this is a weird request, just say so.

    "you may need to make some slight edits" -- if you can say "slight edits" you should be able to tell me which files need to be slightly edited. that's the whole reason your users stay with you, because everything's pretty much already done, except for "slight edits," which usually are just that.

    why is this being ignored?

    not cool to just leave me hanging for days on end, with no updates.

  • argh2xxx

    Not to be solicited, but you folks can check out CloudFlare. This hybrid CDN can help block some spams I think! In their system, they allow you to block spams and so on. By the way, I've no relation with CloudFlare! Oh, it's free to use CloudFlare, but you can also upgrade to their Pro account where several more cool features will be activated on upgrade! It's pretty easy to use it too. Just change domain name servers to point to CloudFlare's ones, and that's it! Takes around couple minutes to do so!

  • Jason

    i really appreciate your help, Mohanjith. -- this domain isn't being used yet, so i've got it as a test.

    i just did a basic install of wpmu, with the basic daily theme options, with anti-splog configured to move wp-signup.php to a new location every 24hrs. no other themes or plugins installed.

    new file location as specified automatically in anti-splog:

    button (to sign up from homepage) links to default location:

    results when you click the button:
    The signup page location has been changed.

    the error about the location being changed is from anti-splog, so it's working.

    is this really as easily corrected as i would guess it to be?

    thanks again,

  • Jason

    well, that's the first time i see any reference to wp-login.php.

    i added simply wp-login.php?action=register to the daily theme's option of specifying a custom login page.

    it works!

    not only does it fix the anti-splog file-relocating issue, it also works when anti-splog isn't enabled to even move the file. seems that this is a great fix which should be included in some instructions somewhere.

    with that single line of code, it makes the sign up work with anti-splog file-relocating and also works whether anti-splog is installed or not. maybe a good idea to change the code of the theme to include the workaround?

    i'd say more people need to be aware of this, it solves exactly what i've been trying to fix.

    Thank you for your patience in making this work, Mohanjith!

  • Jason

    hey argh2,

    so, i haven't tested it with other themes, but, it works with or without anti-splog in the Daily theme.

    it's easier to make it work than i expected, since the Daily theme has an option to specify a "custom login page" (i'd kinda expect every theme to have it, but i haven't checked others). in that field, i added the following:

    that takes the site's url and appends the above line at the end, making it -- to me, this works since it's saying it needs a login AND a register, it defaults to register (i could be wrong on exactly why it works).

    through my research, i found wp-signup.php is something spam bots target, usually only in the default file location. anti-splog has an option to move the file every 24hrs to keep the bots guessing, but the link/button in the Daily theme is hardcoded somewhere to point to wp-signup.php. i liked the option of moving wp-signup.php (i never found any reference to wp-login.php until the post by Mohanjith), since i was getting about 10 spam users per day on a not-live-yet site. the "wp-login.php?action=register" fix solves the problem by routing the browser to the correct file location when using anti-splog file-moving, and lets the normal wp-signup.php get called when not using anti-splog.

    before i got the code for wp-login.php, i reinstalled wp on my site, to start fresh, and had 2 spam users sign up within 12hrs. after making the change to point to the correct file location, i've had 0 spam users in over 24hrs.

    again, this is proven strictly within the Daily theme. the typical disclaimers apply: your mileage may vary. also, i haven't seen any response from wpmudev, so i'm not 100% sure that it's a viable fix for everyone.

    good luck, i'm happy i could help. hit me up if i can do anything else. :slight_smile:


  • HamRadioDude

    I know this is an old thread But It still apply today as I'm trying to find answers for the blogs-MU theme.
    1. Correct me if I'm wrong Bots use wp-signup.php and anti splog stops them by changing the url to something different. So using wp-login.php?action=register would defeat the purpose as the bots also use the register link.
    So if someone links to login.php?action=register should give the same result not found error but doesn't.

    2. How do I link from my theme Options page setup (wants a url to attach to a button) to the antisplog changed signup. I tried<?php ust_wpsignup_url(); ?> didn't work also tried [ust_wpsignup_url] didn't work I know when putting in the php theme files replaing the signup php with <?php ust_wpsignup_url(); ?> does work But need a fix for putting it into settings of the theme I hope I'm explaining myself correctly

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.