There are a few different reasons spam registrations might occur. There are also various steps that can be taken to reduce and prevent spam registrations.
WordPress “Anyone” Can Register Setting:
Spam User accounts can sometimes be added to a site through a WordPress registration option. This may be evident by User accounts that appear in the Members section of WishList Member, but do not have a Level assigned to them.
A WordPress registration option can be disabled to prevent these types of sign ups.
This is explained in more detail in the Spam Users – WordPress “Anyone Can Register” Option Knowledge Base article.
Spam Users may appear in the Members section and have a Level assigned to them. There are additional options for reducing and preventing these spam registrations.
Adding a reCAPTCHA to a registration form can help prevent spam registrations.
If you have the Require reCAPTCHA option selected for a Level, the reCAPTCHA will appear on the registration page for that Level.
The Require reCAPTCHA option can be enabled in the Setup > Levels > *Click on Level Name* > Requirements section of WishList Member.
Note: You will also need to get a reCAPTCHA Site Key and a reCAPTCHA Secret Key and place those in the correct fields. This can be setup by clicking the blue Configure button for the Require reCAPTCHA option.
This information can also be viewed in the reCAPTCHA Knowledge Base article.
If it is automated Bots that are doing the spam registrations, then we recommend checking out security plugin options that include features that can block out Bots. Options like Wordfence or iThemes Security are popular.
If it is a human doing the spam registrations, then the options are a bit more limited to filter and block Spam registrations since a human can fill out fields and use the reCAPTCHA.
There are also anti-spam plugins available. We don’t have a specific plugin we recommend but we have heard Spam protection, AntiSpam, FireWall by Clean Talk can be helpful.
We have not developed this plugin but it looks like it could be useful.
A search for “spam” in the WordPress Plugins directory brings up other options as well.