Can anyone point to how I can prevent spam users registering constantly?
The website is: https://clintonhillmusicschool.com
I get thousands of spam user accounts set up each year and it's driving me crazy. My web guy who set it up did something strange so that reCAPTCHA or hCAPTCHA plugins don't affect the log in pages.
The styled login page is this: https://clintonhillmusicschool.com/login/
The more WordPress-like login page is this: https://clintonhillmusicschool.com/wp-login.php
Right now I have the "hCaptcha for WP" plugin installed, but I can only see the hCaptcha challenge on the login page (https://clintonhillmusicschool.com/wp-login.php) not the theme login (https://clintonhillmusicschool.com/wp-login.php)
The "Anti-Spam by CleanTalk" plugin is telling me it "checked 2438 users and found 1746 spam users"
How can I figure out how the spammers are registering.
I'm guessing it's on these pages:
https://clintonhillmusicschool.com/login/
And
https://clintonhillmusicschool.com/registration-form/
But I can't get the hCaptcha challenge to show up on those pages.
Any advice?
Thanks!
You have several options here. You could go with a custom login page, or what I like to do in order to keep the things similar on all my sites is to add some WAF rules on the wp-login page using Cloudflare.
Cloudflare > WAF rules – block the usual countries that generate spam eg china, nth korea, russia, etc. Wordfence helps as well. TBH I’m surprised that Cleantalk isn’t working – but I can see you’re using a relatively unknown membership system, so maybe it’s not supported.