User Registration

  • Resolved tripa5

    (@tripa5)


    5 years ago

    Hi there, I am getting several “new user registration” email notifications. This is strange because as far as we know there is no facility on our website where people can register as users. I have just been deleting the new users.

    Are you able to help identify how the new users are coming onto our system and how to stop that?

    Thank you!

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support WFAdam

    (@wfadam)

    5 years ago

    Hello @tripa5 and thanks for reaching out to us!

    Are you using any sort of membership plugins or anything?

    You might be able to check your Wordfence > Tools > Live Traffic page to see if you can find these IPs that might be hitting the site and creating these user accounts.

    Oftentimes, these are bots that are spam targeting your registration. You might want to tighten up your rate-limiting settings as well.

    I generally set my Rate Limiting Rules to these values to start with:

    • If anyone’s requests exceed – 240 per minute
    • If a crawler’s page views exceed – 120 per minute
    • If a crawler’s pages not found (404s) exceed – 60 per minute
    • If a human’s page views exceed – 120 per minute
    • If a human’s pages not found (404s) exceed – 60 per minute
    • How long is an IP address blocked when it breaks a rule – 30 minutes

    I also always set the rule to Throttle instead of Block. Throttling is generally better than blocking because any good search engine understands what happened if it is mistakenly blocked and your site isn’t penalized because of it. Make sure and set your Rate Limiting Rules realistically and set the value for how long an IP is blocked to 30 minutes or so.

    Let me know what you find!

    Thanks again!

    Thread Starter tripa5

    (@tripa5)

    5 years ago

    Hi WFAdam, thanks for this info.

    We use a Donations plugin that might have something to do with it.

    I wasn’t able to make sense of anything on the LiveTraffic page that shed any light on it.

    But I’m very happy to know your rate-limiting settings ideas, and I have implemented those. I inherited the site with unlimited amounts for all those settings, so it’s good to put some numbers up there.

    I wonder if you could help me with one more thing that is also under the Firewall Options… For the “Allowlisted 404 URLs” these items are in there:
    /favicon.ico
    /apple-touch-icon*.png
    /*@2x.png
    /browserconfig.xml

    Do you happen to know if this serves a necessary or useful function, or would you say it should be deleted?

    Thanks very much, I so appreciate your help.

    Have a great day!

    Plugin Support WFAdam

    (@wfadam)

    5 years ago

    Those are just known pages that good bot crawlers will sometimes target. These ones you have listed are actually defaulted URLs from when you install Wordfence, I recommend leaving them here.

    As for your user creation issue, you could try setting up Recaptcha in your Wordfence > Login Security > Settings. I recommend running it in test mode for a week to see if this helps. This will cancel all the bots that try to register on your site.

    https://www.wordfence.com/help/login-security/#captcha-options

    I hope this helps!

    Thanks again!

    Thread Starter tripa5

    (@tripa5)

    5 years ago

    Hi Adam

    Thanks so much for your help. The issue seems to have cleared with no further user registrations, but I will keep your notes on file so I can refer to them if it crops up again.

    All the very best, and thanks again.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘User Registration’ is closed to new replies.

  • 4 replies
  • 2 participants
  • Last reply from: tripa5
  • Last activity: 5 years ago
  • Status: resolved