I have just recently switched this website from the Drupal CMS to WordPress. Within the last 24 hours I have had the first symptoms of an irritation I have noticed on other blogs I mangage. Almost as soon as the conversion was complete, I had two suspicious user sign-ups. Suspicious in that they occurred in very short order for a relatively low traffic website, and guess what, they both end in “.ru”, the Russian domain ending.

Now I am not in favour of tarring everyone with the same brush, I am sure most Russians couldn’t give an Abkhazia about my blog, but there is something fishy going on. Another blog I managed has over 1,500 registered users, yet over 800 of those users have emails ending in “.ru”.

So what is going on here? Initial suspicion was that this was a way of attempting to place spam comments on the blog, but does not seem to pan out. Firstly, the Akismet plugin does not seem to have a problem catching comment spam whether the user is registered or not. Not that I could find any relationship between these “dodgy users” and the comments that had been placed into the Spam bin by Akismet.

So I haven’t worried too much about them since they don’t seem to be doing any damage.

As I mentioned earlier, this is a new blog. Comments have been open on it, but I have only just activated the Akismet plugin. So there were about 24 hours during which comment spam could have been placed on the blog yet it wasn’t, even by the suspicious new users. Strange huh?

It seems then that there must be another reason for these signups other than comment spam. They may be trying to exploit known vulnerabilities in older versions of WordPress.

In any event, to see if I can cut this out, I have installed a new plugin, Register Plus, this has quite a number of nifty features around user registration which have been a bit lacking in WordPress to date. The features I have so far activated are:

• Email address confirmation for new users
• Users can set their own passwords
• Custom logo on the registration page

There are a number of additional features worth checking out, but so far those are the ones I will be using.

I will see how I get on over the next few weeks and if successful, I will roll out the plugin to other WordPress sites I manage.

My suspicion is that these “dodgy signups” are driven by an automated bot and this may well not be able to use the new registration form. If that fails, then I am pretty sure the email addresses are invalid and therefore the user accounts are not activated and will be removed after 7 days.

In the last resort, there is also a captcha feature, but I would prefer not to have to use that. Hate the bloody things!

Another blogger who doesn’t think much of the fake user signups is using the Sabre plugin, but I am going to see how I get on with Register Plus before employing yet another plugin that only does one specific task. They become a nigthmare to manage them all.