Hey I'm just curious...
I opened up registrations on my live beta site, and immediately started receiving a (few) spam registrations.
Now I know that there are plugins that can guard against it, but I wonder if it would not be more effective to just mess with the code myself in a way that no plugin would do.
The way I see it there are only two ways a spammer can find the registration url
- it just assumes wp-login.php?action=register will do the trick
- it is going to parse the html for anything that resembles a hyperlink labeled "Register" or anything of the kind, and then follow that.
I changed the "register" action to "register-strange" to see if that would do the trick, but I had one more spam registration tonight. I have to rule out one more thing, ... alright the whole site should have only one link to the registration page left.
Anyone who can find the registration form will be able to parse it, recognise it, and use it.
But they have to follow the link called "Criminals enter here" :P.
Well, I'll have to see for the coming days. I guess the spambots are using a million different techniques. Even the name of the PHP file is a hint to follow that link...
I wonder, I wo-wo-wo-wo-wonder....