How can we stop bogus registrations

Yesterday someone registered as a free member on our site and proceeded to send spam email (Hi, I’m Tina, I saw your profile and really want to meet you… etc.) to many of our 1400+ members, who are understandably upset.

Can we re-direct S2member registrations to our admin for approval? Can we also selectively block email and IP addresses to effectively ban the perpetrator(s)?

Thanks in advance for your help!

Hi there. Thanks for your inquiry.

What version of s2Member (and s2Member Pro) are you running please?
How did this person register, through a Pro Form, or via /wp-login.php?action=register
Is Open Registration enabled in your s2Member -> General Options?

Hi Jason –

Thanks for replying.

What version of s2Member (and s2Member Pro) are you running please?
>> Version 111206

How did this person register, through a Pro Form, or via /wp-login.php?action=register
>> because Open Registration (free) is enabled they must have logged in through wp-login.php (S2Member control panel says “If you set this toYes, you’re unlocking /wp-login.php?action=register)

Is Open Registration enabled in your s2Member -> General Options?
>> yes (see above)

Best,
Kathy

Thanks for your reply.

OK. So Open Registration is enabled, therefore people in the public can register on your site, per your configuration of s2Member. By default, s2Member implements a CAPTCHA code that must be entered on all Free Registration Forms. Are you still using that in your s2Member Pro Forms for Free Registration?

Also, if you’re running Pro Forms for free registration, you can actually turn Open Registration off, so that /wp-login.php?action=register remains locked down, and this way the only entry point for new registrants comes from any Pro Forms you that you integrate on your own. Limiting the number of entry points is a good way to reduce spam.

(click screenshot to enlarge please)

Can we re-direct S2member registrations to our admin for approval?

s2Member does not support a specific feature called “Admin Approvals”.
– However, what many site owners do is this…
1. Allow free registration to Membership Level #0.
2. Require Membership Level #1 or higher for all protected areas of your site.
3. Manually review each new registrant, and upgrade them to Level #1 through the Dashboard if they meet your qualifications. This can be accomplished easily from your WP Dashboard, in the Users menu. You can change a User’s Role from Subscriber to “s2Member Level #1” perhaps.

---

Can we also selectively block email and IP addresses to effectively ban the perpetrator(s)?

I’m sorry, no. s2Member comes with many Restriction Options, but a global ban of an IP address should really be handled at the server level (in our opinion). Of course, there are other plugins available that may allow you to accomplish something similar in WordPress. Here are a couple that you might try.
http://wordpress.org/extend/plugins/wp-ban/
http://wordpress.org/extend/plugins/ban-hammer/