suspicious behavior on membership site

I am experiencing some suspicious behavior with my membership site. Right now the link to the registration page is not on my sales page and is posted nowhere else as far as I know. Suddenly I've had 25 people and counting create an account. Not one of those has followed through with payment. I have emailed a few of them (just in the last few minutes) and am waiting to see if these are real email addresses. Any ideas?

ps. I have not logged in to this site in a while and no longer see the option to give you access to my site. Please let me know if I need to/how to do this
pss. I just changed the visibility of the register page to private

  • Nastia
    • Support Rock Star

    Hello Karlie , I hope you are doing well!

    I can confirm that the registration page is not available. I've also scanned your site with Securi and no malicious code were found.

    If the registration is closed right now, you can disable it from Settings > General and uncheck "Anyone can register"

    To hardener your site, please try the Defender plugin, it will scan for any vulnerability files of your themes and plugins and will locate files that do not belong to WordPress structure.

    Let me know how it goes!

    Kind regards,
    Nastia

  • Karlie
    • Design Lord, Child of Thor

    Hi Nastia, I already have Defender installed and I ran a scan and it found no issues.

    It is still happening even after I made the registration pages private pages. Any other ideas? I don't necessarily want to disable the ability to register under settings as you suggested because I want to open up registration for my program again soon and if that isn't a permanent fix then this could just start happening again when I go back and enable.

    Do you have any thoughts about why someone would want to create a bunch of fake registrations on my site? What benefit would that be? I'm just trying to anticipate what additional problems this may create for me.

  • Nastia
    • Support Rock Star

    Hello there Karlie

    It looks like those are bots trying to register on your site. Some plugins might allow bot registration. I guess that the registration code for the main site is not secure so it letting them in.

    Try blocking it by adding the following rules to your .htaccess file. Make sure that your server is running Apache and mod_rewrite rule is enabled:

    #BLOCK SPAM REGISTRATION REQUESTS (wp-login.php?action=register)
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{THE_REQUEST} ^.*(wp-login.php\?action=register).* [NC]
    RewriteRule ^(.*)$ - [F,L]
    </IfModule>

    You can see if your server is running Apache or NGINX from WPMU DEV > Support > System Info > Server tab.

    If this will not solve this issue, please check for a conflict with another plugin, by deactivating them all and activating one by one to check of the bots can still register. This will take some time, so you can run this test on a development copy of your current site.

    Let me know how it went!

    Kind regards,
    Nastia

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.