Due to recent spam, I wanted to stop registration on my website for a while.
But doing so meant the registration page would redirect to the homepage, which was bad for SEO.
So I left the registration page there, removed the ‘register’ submit button and put in a little message telling people to contact me if they wanted to be registered manually.
1 day later, I have another 5 users who somehow managed to register! All of these are spam users.
How did they do this?
I removed the ‘register’ submit button on the register page so did they manage to make their own submit button? (editing the webpage on their end)
Also if you go to mysite.com/wp-register.php or /wp-admin/ it asks for a password (.htpasswd protected).
The actual register page is located at: /wp-login.php?action=register
(This is a custom page that matches my theme btw)
What do you think it is? I can private message you the website if you like.
Thank you!
One could easily submit the form on the page by adding a submit button to the DOM through javascript. I would suggest a redirect from the registration page to some other page without a form submission.