How to Prevent Spam Signups and Splogs on Your WordPress Network
If you choose to have open signups in which any member of the public can register and create a new site on your WordPress network, at some point, automated bots run by malicious users and spammers will visit your network signup page and attempt to create one, or multiple, sites in your network.
They do so by automated means, hoping to create links to their sites or fill their site on your network with spam posts. This kind of spam blog or site is a splog.
Spam bloggers don’t hack your system to take advantage of this; they call aspects of the signup page directly. You can do a few simple things to slow them down considerably or stop them altogether.
Diverting sploggers with settings and code
The Add New Users check box stops many spammers when it is deselected. When spammers access the system to set up a spam site, they often use the Add New Users feature to programmatically (through the use of programs built into the bots) create many other sites.
Spammers often find your site via Google Search, and that’s where they find the link to the signup page. You can stop Google and other search engines from crawling your signup page by adding rel=nofollow,noindex on the signup page link. To do so, wherever you add a link to your signup page, inviting new users to sign up, the HTML code you use to add the nofollow,noindex looks like this:
<a href=“http://yoursite.com/wp-signup.php” rel=“nofollow,noindex “>Get your own site here</a>
You can add this code to any page or widget area as a normal link to instruct legitimate visitors to sign up for a site in your network.
Plugins that help prevent spam
Plugins can help stop spam blogs, too. The Moderate New Blogs plugin interrupts the user signup process and sends you (the Network Admin) an email notification that a user has signed up for a site. You can then determine whether the site is legitimate.
The WangGuard plugin was written mainly to stop sploggers and prevent spam signups on a WordPress site — with or without the network feature activated. This plugin is free for personal use, or for sites with fewer than 500 daily user registrations.
The Cookies for Comments plugin leaves a cookie in a visitor’s browser. If the signup page is visited, the plugin checks for the cookie. If there isn’t a cookie, the signup fails. Be sure to check the installation directions on this because it requires an .htaccess file edit.