Spam User Registrations

Hi all,

Hoping someone might have an answer or be able to provide assistance on how to troubleshoot this further.

On my website I am running WordPress 4.7.4 and have the following plugins installed which have registration/login options:

Ultimate-Member 1.3.84
Easy Digital Downloads 2.7.7

At present we are getting 2-5 spam registrations per day. Ultimate-Member has reCAPTCHA on the registration page as has EDD, I have moved the WP default registration page to another URL using SF Move Login so that it is obscured – this is the blocked registration page here https://www.netballscoop.com/wp-login.php?action=register

I am also running WPBruiser 3.1.6 and Spam-Master 5.3.2 but still I’m getting spam registrations. The registrations can’t be coming from EDD or Ultimate Member as they are configured not to email me if a user registers via them. The spam user registrations do email me so appear to be coming via WordPress but neither WPBruiser or Spam-Master are picking them up.

Seemed to start happening at around the 4.7.1 release for me and I am wondering if this is a bug in WordPress or just coincidence.

Am running NGINX so a couple of the anti spam solutions don’t work (no .htaccess).

Anyone got any ideas on where these user registrations could be happening or how I can track them down?