New WordPress plugin: RegisTrap

<em>Regis</em> Trap? Not quite.

Regis Trap? Not quite.

As I have trumpeted from the hilltops on many an occasion, I have happily been using WordPress to power this site going on two years now.

Mostly happily, anyway. There are a few things that don’t sit right with me, most prominently the persistence of spambot registrations, with little (good) help so far from the plugin development community.

What are spambot registrations, you ask? Well, blogs tend to have two doors that are open to spambots: comment forms and registration forms. Comment forms are certainly more common (since just about every blog accepts comments but most probably do not accept new user registrations), and much has been done to deal with the problem of comment spam. Most notably there is WordPress founder Matt Mullenweg’s own excellent comment spam blocking plugin, Akismet. But no comparable plugin exists for the WordPress registration form, and despite many requests from the community, Akismet has not yet been adapted for this purpose. Probably since registration spam is so far only a nuisance (albeit a potentially large one for the site administrator), it has not gotten the same kind of attention.

I did manage to find a few plugins to block registration spam, but most were half-baked, and the one I did end up using for a while, which clearly has been given a lot of attention by its developer, just seemed to be overkill to me. And while it did work to prevent spam registrations for the month or so that I used it, it also prevented my legitimate, registered users from logging in!

So a few days ago I turned it off, and within hours I was receiving spam registrations again. That’s when I decided to build my own spambot registration blocking plugin for WordPress: RegisTrap. The focus is on absolute simplicity: there are no visible changes to the registration form for users, and there’s no configuration for the site admin… just upload it, activate it, and you’re done.

I’ll admit mine is probably half-baked as well, but it’s only at version 0.3 so far. I may eventually need to add an administrative tool to allow the site owner to make changes if bots start to adapt to the default settings — I don’t really know how smart bots are. But I do know that I’ve had RegisTrap running on my own site for a couple of days now, definitely long enough to be able to determine whether or not it’s working, and since I installed it there has not been a single spambot registration on my site.

If you run a WordPress site, give RegisTrap a try!