Title: Security Concerns Last modified: August 19, 2016 --- # Security Concerns * Resolved [trumpy81](https://wordpress.org/support/users/trumpy81/) * (@trumpy81) * [15 years, 9 months ago](https://wordpress.org/support/topic/security-concerns/) * GDay All, * I have an inordinate number of what appear to be fake registrations on my blog site. The question is, should i be concerned about this or not? * I’ve not seen any questionable activity in my logs but they may not mean anything. Is it possible that these registrations are being used for spamming purposes or other such activity? If so, how can I find out/stop it? * Any help would be appreciated. Viewing 11 replies - 1 through 11 (of 11 total) * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [15 years, 9 months ago](https://wordpress.org/support/topic/security-concerns/#post-1659272) * Eh. It’s spammers, mostly. I would consider closing registration if you don’t have to have it (allow anonymous coments instead), or, if you do need it, consider some plugins like Bad Behavior, or other tools that prevent spammers from being able to sign up at all. * Thread Starter [trumpy81](https://wordpress.org/support/users/trumpy81/) * (@trumpy81) * [15 years, 9 months ago](https://wordpress.org/support/topic/security-concerns/#post-1659290) * GDay All, * ipstenu, thanks for the reply. I haven’t had any real problems with spam being left on my site, I was thinking that maybe these registrations are spambots trying to crack the security or otherwise exploit the site. * I’ve taken your advise re: Bad Behaviour and I have it installed right now. I guess time will tell if its beneficial or not. * Again, thanks for the reply and the advice 🙂 * Moderator [James Huff](https://wordpress.org/support/users/macmanx/) * (@macmanx) * [15 years, 9 months ago](https://wordpress.org/support/topic/security-concerns/#post-1659492) * > I was thinking that maybe these registrations are spambots trying to crack > the security or otherwise exploit the site. * They’re just basic spam bots hoping that registering for your blog will allow them to either post spam comments or publish spam posts. * If Bad Behavior isn’t enough, try adding a CAPTCHA: * [http://wordpress.org/extend/plugins/si-captcha-for-wordpress/](http://wordpress.org/extend/plugins/si-captcha-for-wordpress/) * Thread Starter [trumpy81](https://wordpress.org/support/users/trumpy81/) * (@trumpy81) * [15 years, 9 months ago](https://wordpress.org/support/topic/security-concerns/#post-1659513) * GDay All, * James, thanks for the reply. I will take your advice and add SI-Captcha in any case. As they say, two heads are better than one …. lol * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [15 years, 9 months ago](https://wordpress.org/support/topic/security-concerns/#post-1659516) * As a minor clarification. Spambots just want to spam. They generally do not have anything to do with checking into your site for security holes. There are bots that check for security loopholes, but they aren’t spam bots 🙂 it’s a technicality on the name, but it matters. * Thread Starter [trumpy81](https://wordpress.org/support/users/trumpy81/) * (@trumpy81) * [15 years, 9 months ago](https://wordpress.org/support/topic/security-concerns/#post-1659517) * GDay All, * ipstenu, you are quite correct. I have a tendency to group the two together as most spammers are looking to exploit security loopholes. * Also, Bad Behaviour seems to be working well, thanks for the heads-up on that one 😀 * [Roy](https://wordpress.org/support/users/gangleri/) * (@gangleri) * [15 years, 9 months ago](https://wordpress.org/support/topic/security-concerns/#post-1659518) * Ask Apache Password Protect not only puts some files and folders (wp-admin, wp- content, wp-login, etc.) behind an htaccess password, but also has some anti- bot features. I have Bad Behavior AND Ask Apache installed and I still get Akismet catching spam, spam referrers, etc. so as yet another feature I ban IPs and referrers using htaccess. No matter what precautions you take, there’s always a way around them. * Moderator [James Huff](https://wordpress.org/support/users/macmanx/) * (@macmanx) * [15 years, 9 months ago](https://wordpress.org/support/topic/security-concerns/#post-1659540) * You’re welcome! * [bazonline](https://wordpress.org/support/users/bazonline/) * (@bazonline) * [15 years, 2 months ago](https://wordpress.org/support/topic/security-concerns/#post-1659650) * I have closed registration options as this was not necessary, and this has solved the problem, and deleted over 290 spam registrations, however in network admin it is still showing 296 “users” (6 users are my legit sites) – any advice on where to remove these? * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [15 years, 2 months ago](https://wordpress.org/support/topic/security-concerns/#post-1659652) * You can just delete them like you would any user. The Users list has check boxes. Just check ’em and delete ’em * [bazonline](https://wordpress.org/support/users/bazonline/) * (@bazonline) * [15 years, 2 months ago](https://wordpress.org/support/topic/security-concerns/#post-1659653) * Argh! looking everywhere except under my nose, thanks! Viewing 11 replies - 1 through 11 (of 11 total) The topic ‘Security Concerns’ is closed to new replies. ## Tags * [multisite](https://wordpress.org/support/topic-tag/multisite/) * In: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/) * 11 replies * 5 participants * Last reply from: [bazonline](https://wordpress.org/support/users/bazonline/) * Last activity: [15 years, 2 months ago](https://wordpress.org/support/topic/security-concerns/#post-1659653) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics