WP-SpamShield

This is the best defense against WordPress registration and e-mail spam that I’ve seen to date.  Most defaults work for everyone.  It automatically alters registration and e-mail forms, including forms created in Contact Form 7 – which you’re rather likely to have as well since it gets included with a lot of themes.  Now, with other security plugins already in place, feedback is usually not provided by SpamShield, it just does what it’s meant to do, completely silently.  When you log into the admin section, it gives you a running count of how many things it has blocked and how many happen per day on average.  It is otherwise completely seamless with the rest of your WordPress installation.

By “no feedback”, I do mean “dead silence”.  An attempted registration would make it seam as though registration was simply not working… the form just reloads as if you need to enter your details again.  The same is true for e-mail… the form just reloads and the e-mail doesn’t get sent.  If a robot is attempting either form, they could resubmit until they end their run, but you would get no notification as their form submits never get past SpamShield.  No users should have been created, no e-mail should have been sent.

I’ve had varying levels of success with reCaptcha systems, but this has been – by far – the most effective method of blocking the bulk of attempts.  This virtually eliminates user registration spam which is – in my experience – the most difficult form of spam to control.

Yoast SEO