3 Best Options to Prevent Fake Joomla Registrations

3 Options to Prevent Fake Joomla Registrations

One of our customers has been getting a ton of fake automated registrations on their Joomla site. Those spam bots clutter your genuine web traffic. Deleting fake accounts they create is also a very time-consuming task.

Here are the 3 best options to prevent fake Joomla registrations:

  • The core reCAPTCHA plugins.
  • Double opt-in registration.
  • OSpam-a-not extension.

In this post, I will give you a brief tour of these options to put the fake registrations to stop.

Option #1. Joomla's reCAPTCHA plugin

This first option deploys Google's free spam protection service "Google reCAPTCHA".

Once you installed Joomla, you have installed the two core reCAPTCHA plugins:

  • "Captcha - reCAPTCHA"
  • "Catcha - Invisible reCAPTCHA".

two captcha plugins

When you configure and publish either one of them, your Joomla registration forms will be integrated with Google's reCAPTCHA free service.

With the "Captcha - reCAPTCHA" plugin, your site visitors will be enforced to verify they are humans. They will need to check the "I'm not a robot" box at the bottom of the registration page:

i am not a robot box

If you decide to use the "Captcha - Invisible reCAPTCHA" plugin, by default, your registration form will display the "protected by reCAPTCHA" box:

protected by recaptcha

To protect your Joomla registration form from spam bots to the maximum:

  • Go to your Google reCAPTCHA account.
  • Set the "Security Preference" to "Most secure" and save the change:

set the most secure setting

Now, additionally to the "protected my reCAPTCHA" box, your registration form will also display a challenge image:

additional challenge

Good job! Now you know how to use Google's reCAPTCHA to protect your Joomla registration page from fake automated registrations.

Option #2. Setting email confirmation

You can also stop fake Joomla registrations if you enforce registrations to be confirmed via email.

  • In your Joomla control panel, go to "Users" > "Manage".
  • In the top right corner of the screen, click "Options".
  • Set the "New User Account Activation" to "Self":

04 set to self

Now, once a visitor submits their registration, they will receive an email with a confirmation link. Your Joomla will enable their registration only if they click on that link.

Fake registration bots usually submit fake email addresses. They won't be able to confirm their registration on your site.

This double opt-in option is a very useful protection agains them.

Option #3. Installing OSpam-a-not plugin

Our own OSpam-a-not is another excellent tool against spam registrations.

ospamanot plugin

It works on a background. It's an ideal extension if you'd rather not use captchas on your registration page.

We created it based on the premise, that if form fields get filled in too quickly, it is very likely that the form is being hit by a malicious robot.

Our OSpam-a-not allows you to set a minimum number of seconds that must elapse before the form could be sent:

minimun form time

On the image above, you can see that I set this time to 300 seconds. That might be too long but will do for my demonstration.

Now, when I fill in my default Joomla registration form and send it earlier than in 5 minutes, the form displays to me "Error Form submission has been blocked (TimeGate)":

error message


Joomla's two reCAPTCHA plugins are a great way to protect your site from fake registration bots. They integrate your Joomla with Google's state of the art and free "Google reCAPTCHA" service.

If you'd rather prefer not to display Google's captchas, use our own OSpam-a-not plugin. It works silently on the background.