Registration is the first point of spam and preventing spam registration from new users will save your WordPress site further link and signature spamming.

It can happen that you get lots of new user registration. Most of them will be from fake users that simply submit the registration form on your site by using an invalid email address.

Shield's User Management module offers the email validation method for testing new user registration email address. It also allows you to choose how you want Shield to respond when someone tries to register on your site with an invalid email address.


To apply this method, you'll just need to go to the User Management module and set the following options

  • Validate Email Addresses
  • Email Validation Checks

Validate Email Addresses option 

Is designed to help you validate email addresses when user attempts to register. You can decide how you want Shield to respond when an invalid email address is detected. You can choose to

  • Log Only
    Lets you see the activity of the user registration with an invalid email address on the audit trail before applying any offense or blocks to this user.

  • Increment Offense Counter
    Puts another black mark against an IP. As always with the offense system, once the limit is reached for an IP address, it is blocked from registering and accessing the site.

  • Immediate Block and Kill
    Connection is killed and Shield immediately marks that IP as blocked.


You can also choose disable registration email verification method based on your need. 

Email Validation Checks option

Is used for selecting the properties that should be tested during email address validation. The properties available are as follows

  • Email Address Syntax
    This test will determine whether an email is structured correctly. The chances of this being a problem is slim, and WordPress already checks this.

  • Domain Name Resolves
    This test will examine the domain name section of the email address. I.e. everything after the @ sign. This will check that the domain name exists and resolves to a valid IP address. There is no good reason that a normal user will register with your website using a domain name that doesn't exist.

  • Domain MX
    This takes the domain name test a step further. Assuming the domain name exists from the previous test, we then check MX records. MX records are found in the DNS records for a domain and they indicate which email servers should be contacted when attempting to deliver to addresses/mailboxes on that domain. If a domain does not have MX records, then it never intends to actually receive any email. This might be valid in some circumstances, but it's not typical for a user registering normally on a WordPress site (unless they've broken their DNS configuration).

  • Disposable Email Service
    Temporarily email addresses which would indicate fake/spam user.

Now, we're going to show you how to use the email validation method in order to control user registration and prevent SPAM.


Example 1: Log Only


You have the following settings

  • Validate Email Address: Log Only
  • Email Validation Check: Disposable Email Service

User attempts to register with a disposable email address 'newuser01xxx@a-bc.net':

User will get the message that their registration is completed:

This user will manage to register. However, you'll be aware of this activity. Your audit trail will log this:

Example 2: Increment Offense Counter


You have the following settings

  • Validate Email Address: Increment Offense Counter
  • Email Validation Check: Disposable Email Service

User attempts to login with a disposable email address 'newuser02yyy@a-bc.net':


This user will manage to register. However, the offense counter will increment by 1. Once the limit is reached for their IP address, it is blocked from accessing the site. The audit trail will show this:

And, the IP Lists section will show this:

Example 3: Immediate Block and Kill


You have the following settings

  • Validate Email Address: Immediate Block and Kill
  • Email Validation Check: Disposable Email Service

User attempts to login with a disposable email address 'newuser03zzz@a-bc.net':


This user will not manage to register. Their connection will be killed...

... and their IP will be blocked immediately:

The audit trail will show this:

And, the IP Lists section will show this:

Example 4: Disabled


You have the following settings

  • Validate Email Address: Disabled
  • Email Validation Check: Disposable Email Service

The all users will be able to register with a disposable email addresses freely. There will be no restrictions whatsoever. You'll only see this activity in your audit trail, and there is way for you to know whether this is a legit user or a fake one. The audit trail will show this only:

Important: You can disable registration email verification method. But, we highly recommend to keep it activated. This will considerably reduce the registration spam compared to providing immediate access.