How to Configure the Protection Options of Stop Spammer Registrations

Posted OnJun 5, 2015     CategoryPlugins, Users & Security     CommentsNo comment

The third step of the guide to the Stop Spammer Registrations WordPress plugin will look at the protection options available to users of the plugin.

Step 1) Login to the WordPress Dashboard.

Step 2) From the Admin Panel, click on Stop Spammers >> Protection Options.


Step 3) The first section focuses on preventing lockouts. In order to protect Admins against the plugins aggressive spam policies (and risk end up being locked out of your own site), tick the box marked Automatically Add Admins to the Allow List.

If you tick the box marked Check credentials on all login attempts, the plugin will protect you against spammers by checking the ID for an existing user when they are trying to log in, and lock out those using a false ID.


Step 4) The Validate Requests section consists of blocking spam missing the HTTP-Accept header, and invalid HTTP-Referers. Spammers will not have either, and can therefore be found easier and blocked using the plugin.


Step 5) Disposable Email Addresses are used to gain access to websites, and can be protected against by ticking the box provided. You can also allow the plugin to check for long emails and author names by ticking the box below.


Step 6) BBCODES are codes similar to URLs that spammers add to comments, and they try to add these to many blogs and websites. By ticking the box provided, bbcodes will be checked for and disposed of as spam.


Step 7) The plugin will check for Quick Responses if you tick the box provided, and this will ensure that you are protected against users who respond too fast, indicating that they are are a spammer.

You can change the response timeout value to set the time that is used to determine whether it’s spam or not. Most humans will not be able to respond within 4 seconds, which is why its a great indicator.


Step 8) You can choose to Deny 404 Exploit Probing from robots, and IP addresses detected by Akismet (the spam detecting plugin).

You can also check for login attempts using the Admin user ID, and PHP eval function and typical SQL injection strings in comments and login attempts. It also checks for JavaScript that might be used for cross-domain exploits.


Step 9) A number of hosting companies are known to tolerate spammers, and by ticking the box, you chose to check against the plugin creators list and to block out the majority of them.

You can also choose to check for major hosting companies and Cloud services to see if requests are likely to be spam. Tick both boxes to protect yourself.


Step 10) Many spammers won’t care about how many login attempts and comments they make, but by using these settings, you can deny access to users who make a certain amount of logins and comments over a certain amount of time.

You can also choose to block comments and logins from Amazon Cloud Servers, who are sometimes known to attract spammers.


Step 11) Anyone can be a spammer, but there are certain areas that have more spammers than others. Site owners can use these settings to block countries, and some businesses who are based in certain parts of the world will choose to do so as they know that logins and comments from those areas that are not required.

If a country is blocked, a Captcha screen will allow legitimate users to still login.


Step 12) Click the Save Changes button to save any changes.

The next step of the guide will focus on How to Create and Manage Allow and Block Lists using Stop Spammer Registrations.


Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to friend