[ad_1]
We have been bombarded with fake registration along with ‘password successfully changed’ notification emails. Usually tens a day but hundreds occasionally. We are non-profit organization with no developer and no money so I have been trying to stop this madness by myself.
- We need public registration
- I put hCaptcha and is working at the GUI
- I made a custom registration form with Custom Registration plugin
- I made the registration form password protected so the legit visitor needs to request the password to access the registration form
- I noticed Akismet has not been showing any activities since October (may or may not be related since this SPAM issue started long time before October)
- WordFence-free doesn’t indicate any security threats
- Really Simple SSL doesn’t indicate any security threats
It seems this attack is nothing to do with our registration form. I have been Googling for weeks but to no avail. Any pointer would be greatly appreciated.
The page I need help with: [log in to see the link]